Total
14188 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-23912 | 2025-01-16 | N/A | N/A | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Typomedia Foundation WordPress Custom Sidebar allows Blind SQL Injection.This issue affects WordPress Custom Sidebar: from n/a through 2.3. | |||||
| CVE-2025-23780 | 2025-01-16 | N/A | N/A | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AlphaBPO Easy Code Snippets allows SQL Injection.This issue affects Easy Code Snippets: from n/a through 1.0.2. | |||||
| CVE-2025-23911 | 2025-01-16 | N/A | N/A | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Solidres Team Solidres – Hotel booking plugin allows SQL Injection.This issue affects Solidres – Hotel booking plugin: from n/a through 0.9.4. | |||||
| CVE-2005-4349 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-01-16 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in server_privileges.php in phpMyAdmin 2.7.0 allows remote authenticated users to execute arbitrary SQL commands via the (1) dbname and (2) checkprivs parameters. NOTE: the vendor and a third party have disputed this issue, saying that the main task of the program is to support query execution by authenticated users, and no external attack scenario exists without an auto-login configuration. Thus it is likely that this issue will be REJECTED. However, a closely related CSRF issue has been assigned CVE-2005-4450 | |||||
| CVE-2024-1981 | 1 Wpvivid | 1 Migration\, Backup\, Staging | 2025-01-16 | N/A | 9.1 CRITICAL |
| The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to SQL Injection via the 'table_prefix' parameter in version 0.9.68 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | |||||
| CVE-2024-1982 | 1 Wpvivid | 1 Migration\, Backup\, Staging | 2025-01-16 | N/A | 9.1 CRITICAL |
| The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the get_restore_progress() and restore() functions in all versions up to, and including, 0.9.68. This makes it possible for unauthenticated attackers to exploit a SQL injection vulnerability or trigger a DoS. | |||||
| CVE-2024-25833 | 1 F-logic | 1 Datacube3 | 2025-01-16 | N/A | 9.8 CRITICAL |
| F-logic DataCube3 v1.0 is vulnerable to unauthenticated SQL injection, which could allow an unauthenticated malicious actor to execute arbitrary SQL queries in database. | |||||
| CVE-2023-33278 | 1 Storecommander | 1 Customers Export | 2025-01-16 | N/A | 9.8 CRITICAL |
| In the Store Commander scexportcustomers module for PrestaShop through 3.6.1, sensitive SQL calls can be executed with a trivial HTTP request and exploited to forge a blind SQL injection. | |||||
| CVE-2023-33279 | 1 Scfixmyprestashop Project | 1 Scfixmyprestashop | 2025-01-16 | N/A | 9.8 CRITICAL |
| In the Store Commander scfixmyprestashop module through 2023-05-09 for PrestaShop, sensitive SQL calls can be executed with a trivial HTTP request and exploited to forge a blind SQL injection. | |||||
| CVE-2023-33280 | 1 Storecommander | 1 Quickaccounting | 2025-01-16 | N/A | 9.8 CRITICAL |
| In the Store Commander scquickaccounting module for PrestaShop through 3.7.3, multiple sensitive SQL calls can be executed with a trivial HTTP request and exploited to forge a blind SQL injection. | |||||
| CVE-2024-1776 | 1 Zestard | 1 Admin Side Data Storage For Contact Form 7 | 2025-01-16 | N/A | 7.2 HIGH |
| The Admin side data storage for Contact Form 7 plugin for WordPress is vulnerable to SQL Injection via the 'form-id' parameter in all versions up to, and including, 1.1.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | |||||
| CVE-2025-0455 | 2025-01-16 | N/A | 9.8 CRITICAL | ||
| The airPASS from NetVision Information has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents. | |||||
| CVE-2024-4434 | 1 Thimpress | 1 Learnpress | 2025-01-15 | N/A | N/A |
| The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the ‘term_id’ parameter in versions up to, and including, 4.2.6.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | |||||
| CVE-2015-9452 | 1 Basixonline | 1 Nex-forms | 2025-01-15 | 7.5 HIGH | 9.8 CRITICAL |
| The nex-forms-express-wp-form-builder plugin before 4.6.1 for WordPress has SQL injection via the wp-admin/admin.php?page=nex-forms-main nex_forms_Id parameter. | |||||
| CVE-2024-1751 | 1 Themeum | 1 Tutor Lms | 2025-01-15 | N/A | N/A |
| The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to time-based SQL Injection via the question_id parameter in all versions up to, and including, 2.6.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber/student access or higher, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | |||||
| CVE-2021-44092 | 1 Code-projects | 1 Pharmacy Management | 2025-01-15 | 7.5 HIGH | 9.8 CRITICAL |
| An SQL Injection vulnerability exists in code-projects Pharmacy Management 1.0 via the username parameter in the administer login form. | |||||
| CVE-2023-33677 | 1 Oretnom23 | 1 Lost And Found Information System | 2025-01-15 | N/A | 7.5 HIGH |
| Sourcecodester Lost and Found Information System's Version 1.0 is vulnerable to unauthenticated SQL Injection at "?page=items/view&id=*". | |||||
| CVE-2025-22799 | 2025-01-15 | N/A | N/A | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Vertim Coders Neon Product Designer allows SQL Injection.This issue affects Neon Product Designer: from n/a through 2.1.1. | |||||
| CVE-2025-22785 | 2025-01-15 | N/A | N/A | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ComMotion Course Booking System allows SQL Injection.This issue affects Course Booking System: from n/a through 6.0.5. | |||||
| CVE-2023-33439 | 1 Faculty Evaluation System Project | 1 Faculty Evaluation System | 2025-01-14 | N/A | 7.2 HIGH |
| Sourcecodester Faculty Evaluation System v1.0 is vulnerable to SQL Injection via /eval/admin/manage_task.php?id=. | |||||