Total
14188 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-8222 | 1 Oretnom23 | 1 Music Gallery Site | 2024-08-29 | N/A | 9.8 CRITICAL |
| A vulnerability classified as critical has been found in SourceCodester Music Gallery Site 1.0. This affects an unknown part of the file /admin/?page=musics/manage_music. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-8223 | 1 Oretnom23 | 1 Music Gallery Site | 2024-08-29 | N/A | 9.8 CRITICAL |
| A vulnerability classified as critical was found in SourceCodester Music Gallery Site 1.0. This vulnerability affects unknown code of the file /classes/Master.php?f=delete_category. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-8220 | 1 Angeljudesuarez | 1 Tailoring Management System | 2024-08-29 | N/A | 9.8 CRITICAL |
| A vulnerability was found in itsourcecode Tailoring Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file staffedit.php. The manipulation of the argument id/stafftype/address/fullname/phonenumber/salary leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-7455 | 1 Angeljudesuarez | 1 Tailoring Management System Project In Php | 2024-08-29 | N/A | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, was found in itsourcecode Tailoring Management System 1.0. This affects an unknown part of the file partedit.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273549 was assigned to this vulnerability. | |||||
| CVE-2024-25212 | 1 Sherlock | 1 Employee Management System | 2024-08-28 | N/A | 7.2 HIGH |
| Employee Managment System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /delete.php. | |||||
| CVE-2023-1498 | 1 Fabianros | 1 Responsive Hotel Site | 2024-08-28 | N/A | 9.8 CRITICAL |
| A vulnerability classified as critical has been found in code-projects Responsive Hotel Site 1.0. Affected is an unknown function of the file messages.php of the component Newsletter Log Handler. The manipulation of the argument title leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-223398 is the identifier assigned to this vulnerability. | |||||
| CVE-2024-42361 | 1 Apache | 1 Hertzbeat | 2024-08-28 | N/A | 9.8 CRITICAL |
| Hertzbeat is an open source, real-time monitoring system. Hertzbeat 1.6.0 and earlier declares a /api/monitor/{monitorId}/metric/{metricFull} endpoint to download job metrics. In the process, it executes a SQL query with user-controlled data, allowing for SQL injection. | |||||
| CVE-2023-51051 | 1 S-cms | 1 S-cms | 2024-08-27 | N/A | 9.8 CRITICAL |
| S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_textauth parameter at /admin/ajax.php. | |||||
| CVE-2018-5778 | 1 Progress | 1 Whatsup Gold | 2024-08-27 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Ipswitch WhatsUp Gold before 2017 Plus SP1 (17.1.1). Multiple SQL injection vulnerabilities are present in the legacy .ASP pages, which could allow attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2016-1000000 | 1 Progress | 1 Whatsup Gold | 2024-08-27 | 6.5 MEDIUM | 8.8 HIGH |
| Ipswitch WhatsUp Gold 16.4.1 WrFreeFormText.asp sUniqueID Parameter Blind SQL Injection | |||||
| CVE-2015-6004 | 1 Progress | 1 Whatsup Gold | 2024-08-27 | 6.5 MEDIUM | 6.5 MEDIUM |
| Multiple SQL injection vulnerabilities in IPSwitch WhatsUp Gold before 16.4 allow remote attackers to execute arbitrary SQL commands via (1) the UniqueID (aka sUniqueID) parameter to WrFreeFormText.asp in the Reports component or (2) the Find Device parameter. | |||||
| CVE-2015-8261 | 1 Progress | 1 Whatsup Gold | 2024-08-27 | 7.5 HIGH | 9.8 CRITICAL |
| The DroneDeleteOldMeasurements implementation in Ipswitch WhatsUp Gold before 16.4 does not properly validate serialized XML objects, which allows remote attackers to conduct SQL injection attacks via a crafted SOAP request. | |||||
| CVE-2012-2601 | 1 Progress | 1 Whatsup Gold | 2024-08-27 | 7.5 HIGH | N/A |
| SQL injection vulnerability in WrVMwareHostList.asp in Ipswitch WhatsUp Gold 15.02 allows remote attackers to execute arbitrary SQL commands via the sGroupList parameter. | |||||
| CVE-2024-8081 | 1 Kevinwong | 1 Payroll Management System | 2024-08-27 | N/A | 9.8 CRITICAL |
| A vulnerability classified as critical was found in itsourcecode Payroll Management System 1.0. Affected by this vulnerability is an unknown functionality of the file login.php. The manipulation of the argument username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-8083 | 1 Oretnom23 | 1 Online Computer And Laptop Store | 2024-08-27 | N/A | 8.8 HIGH |
| A vulnerability, which was classified as critical, has been found in SourceCodester Online Computer and Laptop Store 1.0. Affected by this issue is some unknown functionality of the file /php-ocls/classes/Master.php?f=pay_order. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-8171 | 1 Angeljudesuarez | 1 Tailoring Management System | 2024-08-27 | N/A | 9.8 CRITICAL |
| A vulnerability classified as critical was found in itsourcecode Tailoring Management System 1.0. This vulnerability affects unknown code of the file staffcatedit.php. The manipulation of the argument title leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-8138 | 1 Pharmacy Management System Project | 1 Pharmacy Management System | 2024-08-27 | N/A | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, was found in code-projects Pharmacy Management System 1.0. Affected is the function editManager of the file /index.php?action=editManager of the component Parameter Handler. The manipulation of the argument id as part of String leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. | |||||
| CVE-2024-6814 | 1 Netgear | 1 Prosafe Network Management System | 2024-08-27 | N/A | 8.8 HIGH |
| NETGEAR ProSAFE Network Management System getFilterString SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Authentication is required to exploit this vulnerability. The specific flaw exists within the getFilterString method. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-23399. | |||||
| CVE-2024-6813 | 1 Netgear | 1 Prosafe Network Management System | 2024-08-27 | N/A | 8.8 HIGH |
| NETGEAR ProSAFE Network Management System getSortString SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Authentication is required to exploit this vulnerability. The specific flaw exists within the getSortString method. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-23207. | |||||
| CVE-2024-5586 | 1 Zohocorp | 1 Manageengine Adaudit Plus | 2024-08-27 | N/A | 8.8 HIGH |
| Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to the authenticated SQL injection in extranet lockouts report option. | |||||