Total
14188 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-4826 | 2024-05-16 | N/A | N/A | ||
| SQL injection vulnerability in Simple PHP Shopping Cart affecting version 0.9. This vulnerability could allow an attacker to retrieve all the information stored in the database by sending a specially crafted SQL query, due to the lack of proper sanitisation of the category_id parameter in the category.php file. | |||||
| CVE-2024-4991 | 2024-05-16 | N/A | N/A | ||
| Vulnerability in SiAdmin 1.1 that allows SQL injection via the /modul/mod_pass/aksi_pass.php parameter in nama_lengkap. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the system and retrieve all the information stored in it. | |||||
| CVE-2024-4992 | 2024-05-16 | N/A | N/A | ||
| Vulnerability in SiAdmin 1.1 that allows SQL injection via the /modul/mod_kuliah/aksi_kuliah.php parameter in nim. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the system and retrieve all the information stored in it. | |||||
| CVE-2024-4893 | 2024-05-15 | N/A | 9.8 CRITICAL | ||
| DigiWin EasyFlow .NET lacks validation for certain input parameters, allowing remote attackers to inject arbitrary SQL commands. This vulnerability enables unauthorized access to read, modify, and delete database records, as well as execute system commands. | |||||
| CVE-2024-33009 | 2024-05-14 | N/A | N/A | ||
| SAP Global Label Management is vulnerable to SQL injection. On exploitation the attacker can use specially crafted inputs to modify database commands resulting in the retrieval of additional information persisted by the system. This could lead to low impact on Confidentiality and Integrity of the application. | |||||
| CVE-2024-4824 | 2024-05-14 | N/A | N/A | ||
| Vulnerability in School ERP Pro+Responsive 1.0 that allows SQL injection through the '/SchoolERP/office_admin/' index in the parameters groups_id, examname, classes_id, es_voucherid, es_class, etc. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the database. | |||||
| CVE-2024-34386 | 2024-05-06 | N/A | N/A | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Lucian Apostol Auto Affiliate Links.This issue affects Auto Affiliate Links: from n/a through 6.4.3.1. | |||||
| CVE-2024-34412 | 2024-05-06 | N/A | N/A | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Parcel Panel ParcelPanel.This issue affects ParcelPanel: from n/a through 3.8.1. | |||||
| CVE-2024-4466 | 2024-05-03 | N/A | N/A | ||
| SQL injection vulnerability in Gescen on the centrosdigitales.net platform. This vulnerability allows an attacker to send a specially crafted SQL query to the pass parameter and retrieve all the data stored in the database. | |||||
| CVE-2024-33544 | 2024-04-29 | N/A | N/A | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AA-Team WZone allows SQL Injection.This issue affects WZone: from n/a through 14.0.10. | |||||
| CVE-2024-33546 | 2024-04-29 | N/A | N/A | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AA-Team WZone allows SQL Injection.This issue affects WZone: from n/a through 14.0.10. | |||||
| CVE-2024-33559 | 2024-04-29 | N/A | N/A | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in 8theme XStore allows SQL Injection.This issue affects XStore: from n/a through 9.3.5. | |||||
| CVE-2024-32709 | 2024-04-24 | N/A | N/A | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Plechev Andrey WP-Recall.This issue affects WP-Recall: from n/a through 16.26.5. | |||||
| CVE-2024-32706 | 2024-04-24 | N/A | N/A | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Repute info systems ARForms.This issue affects ARForms: from n/a through 6.4. | |||||
| CVE-2023-35132 | 1 Moodle | 1 Moodle | 2024-04-19 | N/A | 6.3 MEDIUM |
| A limited SQL injection risk was identified on the Mnet SSO access control page. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8, 3.11 to 3.11.14, 3.9 to 3.9.21 and earlier unsupported versions. | |||||
| CVE-2023-30944 | 2 Fedoraproject, Moodle | 3 Extra Packages For Enterprise Linux, Fedora, Moodle | 2024-04-19 | N/A | 7.3 HIGH |
| The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in external Wiki method for listing pages. A remote attacker can send a specially crafted request to the affected application and execute limited SQL commands within the application database. | |||||
| CVE-2024-32551 | 2024-04-18 | N/A | N/A | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Smartypants SP Project & Document Manager.This issue affects SP Project & Document Manager : from n/a through 4.71. | |||||
| CVE-2022-36754 | 1 Oretnom23 | 1 Expense Management System | 2024-04-17 | N/A | 7.2 HIGH |
| Expense Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /Home/debit_credit_p. | |||||
| CVE-2022-47151 | 2024-04-17 | N/A | N/A | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin.This issue affects JS Help Desk – Best Help Desk & Support Plugin: from n/a through 2.7.1. | |||||
| CVE-2024-32135 | 2024-04-15 | N/A | N/A | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPZest Disable Comments | WPZest.This issue affects Disable Comments | WPZest: from n/a through 1.51. | |||||