Total
14188 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-51805 | 1 Tduckcloud | 1 Tduck-platform | 2025-06-20 | N/A | 6.5 MEDIUM |
| SQL Injection vulnerability in TDuckCLoud tduck-platform v.4.0 allows a remote attacker to obtain sensitive information via the getFormKey parameter in the search function of FormDataMysqlService.java file. | |||||
| CVE-2023-30016 | 1 Oretnom23 | 1 Judging Management System | 2025-06-20 | N/A | 9.8 CRITICAL |
| SQL Injection vulnerability in oretnom23 Judging Management System v1.0, allows remote attackers to execute arbitrary code and obtain sensitive information via sub_event_id parameter in sub_event_details_edit.php. | |||||
| CVE-2021-24151 | 1 Benjaminrojas | 1 Wp Editor | 2025-06-20 | N/A | 7.2 HIGH |
| The WP Editor WordPress plugin before 1.2.7 did not sanitise or validate its setting fields leading to an authenticated (admin+) blind SQL injection issue via an arbitrary parameter when making a request to save the settings. | |||||
| CVE-2023-51978 | 1 Phpgurukul | 1 Art Gallery Management System | 2025-06-20 | N/A | 6.5 MEDIUM |
| In PHPGurukul Art Gallery Management System v1.1, "Update Artist Image" functionality of "imageid" parameter is vulnerable to SQL Injection. | |||||
| CVE-2022-3764 | 1 Wpvibes | 1 Form Vibes | 2025-06-20 | N/A | 7.2 HIGH |
| The plugin does not filter the "delete_entries" parameter from user requests, leading to an SQL Injection vulnerability. | |||||
| CVE-2023-6620 | 1 Wpexperts | 1 Post Smtp | 2025-06-20 | N/A | 7.2 HIGH |
| The POST SMTP Mailer WordPress plugin before 2.8.7 does not properly sanitise and escape several parameters before using them in SQL statements, leading to a SQL injection exploitable by high privilege users such as admin. | |||||
| CVE-2023-48864 | 1 Sem-cms | 1 Semcms | 2025-06-20 | N/A | 7.5 HIGH |
| SEMCMS v4.8 was discovered to contain a SQL injection vulnerability via the languageID parameter in /web_inc.php. | |||||
| CVE-2025-52822 | 2025-06-20 | N/A | N/A | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Iqonic Design WP Roadmap allows SQL Injection. This issue affects WP Roadmap: from n/a through 2.1.3. | |||||
| CVE-2025-52821 | 2025-06-20 | N/A | N/A | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in thanhtungtnt Video List Manager allows SQL Injection. This issue affects Video List Manager: from n/a through 1.7. | |||||
| CVE-2025-6005 | 1 Kicode111 | 1 Like-girl | 2025-06-20 | N/A | 7.2 HIGH |
| A vulnerability classified as critical was found in kiCode111 like-girl 5.2.0. This vulnerability affects unknown code of the file /admin/aboutPost.php. The manipulation of the argument title/aboutimg/info1/info2/info3/btn1/btn2/infox1/infox2/infox3/infox4/infox5/infox6/btnx2/infof1/infof2/infof3/infof4/btnf3/infod1/infod2/infod3/infod4/infod5 leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-6006 | 1 Kicode111 | 1 Like-girl | 2025-06-20 | N/A | 7.2 HIGH |
| A vulnerability, which was classified as critical, has been found in kiCode111 like-girl 5.2.0. This issue affects some unknown processing of the file /admin/ImgUpdaPost.php. The manipulation of the argument id/imgText/imgDatd/imgUrl leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-6339 | 2025-06-20 | N/A | 7.3 HIGH | ||
| A vulnerability was found in ponaravindb Hospital Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /func3.php. The manipulation of the argument username1 leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-6267 | 2025-06-19 | N/A | 6.3 MEDIUM | ||
| A vulnerability was found in zhilink ???(??)?????? ADP Application Developer Platform ??????? 1.0.0. It has been rated as critical. This issue affects some unknown processing of the file /adpweb/a/base/barcodeDetail/. The manipulation of the argument barcodeNo/barcode/itemNo leads to sql injection. The attack may be initiated remotely. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-4738 | 2025-06-19 | N/A | 9.8 CRITICAL | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Yirmibes Software MY ERP allows SQL Injection.This issue affects MY ERP: before 1.170. | |||||
| CVE-2025-6008 | 1 Kicode111 | 1 Like-girl | 2025-06-19 | N/A | 7.2 HIGH |
| A vulnerability has been found in kiCode111 like-girl 5.2.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/ImgAddPost.php. The manipulation of the argument imgDatd/imgText/imgUrl leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-6007 | 1 Kicode111 | 1 Like-girl | 2025-06-19 | N/A | 7.2 HIGH |
| A vulnerability, which was classified as critical, was found in kiCode111 like-girl 5.2.0. Affected is an unknown function of the file /admin/CopyadminPost.php. The manipulation of the argument icp/Copyright leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-6009 | 1 Kicode111 | 1 Like-girl | 2025-06-19 | N/A | 7.2 HIGH |
| A vulnerability was found in kiCode111 like-girl 5.2.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/ipAddPost.php. The manipulation of the argument bz/ipdz leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-30562 | 2025-06-17 | N/A | N/A | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpdistillery Navigation Tree Elementor allows Blind SQL Injection. This issue affects Navigation Tree Elementor: from n/a through 1.0.1. | |||||
| CVE-2025-39486 | 2025-06-17 | N/A | N/A | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ValvePress Rankie allows SQL Injection. This issue affects Rankie: from n/a through n/a. | |||||
| CVE-2025-39479 | 2025-06-17 | N/A | N/A | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in smartiolabs Smart Notification allows Blind SQL Injection. This issue affects Smart Notification: from n/a through 10.3. | |||||