Total
14188 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-16125 | 1 Jobberbase | 1 Jobberbase | 2024-02-14 | 7.5 HIGH | 9.8 CRITICAL |
| In Jobberbase 2.0, the parameter category is not sanitized in public/page_subscribe.php, leading to /subscribe SQL injection. | |||||
| CVE-2009-4577 | 1 Maxdev | 2 Mdforum, Mdpro | 2024-02-14 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the MDForum module 2.x through 2.07 for MAXdev MDPro allows remote attackers to execute arbitrary SQL commands via the c parameter to index.php. | |||||
| CVE-2009-0327 | 1 Seraphimtech | 1 Free Bible Search Php Script | 2024-02-14 | 7.5 HIGH | N/A |
| SQL injection vulnerability in readbible.php in Free Bible Search PHP Script 1.0 allows remote attackers to execute arbitrary SQL commands via the version parameter. | |||||
| CVE-2016-2555 | 1 Atutor | 1 Atutor | 2024-02-14 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in include/lib/mysql_connect.inc.php in ATutor 2.2.1 allows remote attackers to execute arbitrary SQL commands via the searchFriends function to friends.inc.php. | |||||
| CVE-2021-38694 | 1 Softvibe | 1 Saraban | 2024-02-14 | 5.0 MEDIUM | 7.5 HIGH |
| SoftVibe SARABAN for INFOMA 1.1 allows SQL Injection. | |||||
| CVE-2011-5175 | 1 Bananadance | 1 Banana Dance | 2024-02-14 | 7.5 HIGH | N/A |
| SQL injection vulnerability in search.php in Banana Dance, possibly B.1.5 and earlier, allows remote attackers to execute arbitrary SQL commands via the category parameter. | |||||
| CVE-2008-1408 | 1 Phpbp | 1 Phpbp | 2024-02-14 | 7.5 HIGH | N/A |
| SQL injection vulnerability in includes/functions/banners-external.php in phpBP 2 RC3 (2.204) FIX 4 allows remote attackers to execute arbitrary SQL commands via the id parameter in a banner_out action. | |||||
| CVE-2023-35188 | 1 Solarwinds | 1 Solarwinds Platform | 2024-02-13 | N/A | 8.8 HIGH |
| SQL Injection Remote Code Execution Vulnerability was found using a create statement in the SolarWinds Platform. This vulnerability requires user authentication to be exploited. | |||||
| CVE-2023-50395 | 1 Solarwinds | 1 Solarwinds Platform | 2024-02-13 | N/A | 8.8 HIGH |
| SQL Injection Remote Code Execution Vulnerability was found using an update statement in the SolarWinds Platform. This vulnerability requires user authentication to be exploited | |||||
| CVE-2003-0377 | 1 Iisprotect | 1 Iisprotect | 2024-02-13 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the web-based administration interface for iisPROTECT 2.2-r4, and possibly earlier versions, allows remote attackers to insert arbitrary SQL and execute code via certain variables, as demonstrated using the GroupName variable in SiteAdmin.ASP. | |||||
| CVE-2024-0685 | 1 Ninjaforms | 1 Ninja Forms | 2024-02-12 | N/A | 9.8 CRITICAL |
| The Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Second Order SQL Injection via the email address value submitted through forms in all versions up to, and including, 3.7.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to inject SQL in their email address that will append additional into the already existing query when an administrator triggers a personal data export. | |||||
| CVE-2024-1118 | 1 Podlove | 1 Podlove Subscribe Button | 2024-02-10 | N/A | 8.8 HIGH |
| The Podlove Subscribe button plugin for WordPress is vulnerable to UNION-based SQL Injection via the 'button' attribute of the podlove-subscribe-button shortcode in all versions up to, and including, 1.3.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | |||||
| CVE-2008-4078 | 2 Ledgersmb, Sql-ledger | 2 Ledgersmb, Sql-ledger | 2024-02-09 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the AR/AP transaction report in (1) LedgerSMB (LSMB) before 1.2.15 and (2) SQL-Ledger 2.8.17 and earlier allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2004-0366 | 1 Pam-pgsql | 1 Pam-pgsql | 2024-02-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the libpam-pgsql library before 0.5.2 allows attackers to execute arbitrary SQL statements. | |||||
| CVE-2023-47568 | 1 Qnap | 3 Qts, Quts Hero, Qutscloud | 2024-02-08 | N/A | 8.8 HIGH |
| A SQL injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.5.2645 build 20240116 and later QTS 4.5.4.2627 build 20231225 and later QuTS hero h5.1.5.2647 build 20240118 and later QuTS hero h4.5.4.2626 build 20231225 and later QuTScloud c5.1.5.2651 and later | |||||
| CVE-2024-24572 | 1 Facilemanager | 1 Facilemanager | 2024-02-07 | N/A | 6.5 MEDIUM |
| facileManager is a modular suite of web apps built with the sysadmin in mind. In versions 4.5.0 and earlier, the $_REQUEST global array was unsafely called inside an extract() function in admin-logs.php. The PHP file fm-init.php prevents arbitrary manipulation of $_SESSION via the GET/POST parameters. However, it does not prevent manipulation of any other sensitive variables such as $search_sql. Knowing this, an authenticated user with privileges to view site logs can manipulate the search_sql variable by appending a GET parameter search_sql in the URL. The information above means that the checks and SQL injection prevention attempts were rendered unusable. | |||||
| CVE-2024-23507 | 1 Instawp | 1 Instawp Connect | 2024-02-05 | N/A | 8.8 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in InstaWP Team InstaWP Connect – 1-click WP Staging & Migration.This issue affects InstaWP Connect – 1-click WP Staging & Migration: from n/a through 0.1.0.9. | |||||
| CVE-2024-1061 | 1 Bplugins | 1 Html5 Video Player | 2024-02-05 | N/A | 9.8 CRITICAL |
| The 'HTML5 Video Player' WordPress Plugin, version < 2.5.25 is affected by an unauthenticated SQL injection vulnerability in the 'id' parameter in the 'get_view' function. | |||||
| CVE-2021-40247 | 1 Oretnom23 | 1 Budget And Expense Tracker System | 2024-02-03 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in Sourcecodester Budget and Expense Tracker System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username field. | |||||
| CVE-2005-0252 | 1 Guillaumegardey | 1 Biborb | 2024-02-02 | 7.5 HIGH | N/A |
| SQL injection vulnerability in BibORB 1.3.2, and possibly earlier versions, allows remote attackers to execute arbitrary SQL commands via the (1) Username or (2) Password. | |||||