Total
14188 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-11269 | 1 Mitchelllevy | 1 Ahathat | 2025-06-12 | N/A | N/A |
| The AHAthat Plugin WordPress plugin through 1.6 does not sanitize and escape a parameter before using it in a SQL statement, allowing Admin to perform SQL injection attacks. | |||||
| CVE-2024-11267 | 1 Joomlaserviceprovider | 1 Jsp Store Locator | 2025-06-12 | N/A | N/A |
| The JSP Store Locator WordPress plugin through 1.0 does not sanitize and escape a parameter before using it in a SQL statement, allowing user with Contributor to perform SQL injection attacks. | |||||
| CVE-2025-2203 | 1 Funnelkit | 1 Funnel Builder | 2025-06-12 | N/A | N/A |
| The FunnelKit WordPress plugin before 3.10.2 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks | |||||
| CVE-2024-9831 | 1 Taskbuilder | 1 Taskbuilder | 2025-06-12 | N/A | N/A |
| The Taskbuilder WordPress plugin before 3.0.9 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks | |||||
| CVE-2024-9838 | 1 Flamescorpion | 1 Auto Affiliate Links | 2025-06-12 | N/A | N/A |
| The Auto Affiliate Links WordPress plugin before 6.4.7 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks | |||||
| CVE-2025-4863 | 1 Advayasoftech | 1 Gems Erp Portal | 2025-06-12 | N/A | 8.6 HIGH |
| A vulnerability, which was classified as critical, was found in Advaya Softech GEMS ERP Portal 2.1. This affects an unknown part of the file /studentLogin/studentLogin.action. The manipulation of the argument userId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-4940 | 1 1000projects | 1 Daily College Class Work Report Book | 2025-06-12 | N/A | 7.3 HIGH |
| A vulnerability, which was classified as critical, has been found in 1000 Projects Daily College Class Work Report Book 1.0. This issue affects some unknown processing of the file /admin_info.php. The manipulation of the argument batch leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-5857 | 1 Fabianros | 1 Patient Record Management System | 2025-06-12 | N/A | 8.8 HIGH |
| A vulnerability was found in code-projects Patient Record Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /urinalysis_record.php. The manipulation of the argument itr_no leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-1597 | 2 Fedoraproject, Postgresql | 2 Fedora, Postgresql Jdbc Driver | 2025-06-12 | N/A | 9.8 CRITICAL |
| pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mode there is no vulnerability. A placeholder for a numeric value must be immediately preceded by a minus. There must be a second placeholder for a string value after the first placeholder; both must be on the same line. By constructing a matching string payload, the attacker can inject SQL to alter the query,bypassing the protections that parameterized queries bring against SQL Injection attacks. Versions before 42.7.2, 42.6.1, 42.5.5, 42.4.4, 42.3.9, and 42.2.28 are affected. | |||||
| CVE-2025-49467 | 2025-06-12 | N/A | N/A | ||
| A SQL injection vulnerability in JEvents component before 3.6.88 and 3.6.82.1 for Joomla was discovered. The extension is vulnerable to SQL injection via publicly accessible actions to list events by date ranges. | |||||
| CVE-2024-56158 | 2025-06-12 | N/A | N/A | ||
| XWiki is a generic wiki platform. It's possible to execute any SQL query in Oracle by using the function like DBMS_XMLGEN or DBMS_XMLQUERY. The XWiki query validator does not sanitize functions that would be used in a simple select and Hibernate allows using any native function in an HQL query. This vulnerability is fixed in 16.10.2, 16.4.7, and 15.10.16. | |||||
| CVE-2024-25308 | 1 Code-projects | 1 Simple School Management System | 2025-06-12 | N/A | 8.8 HIGH |
| Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'name' parameter at School/teacher_login.php. | |||||
| CVE-2024-24013 | 1 Xxyopen | 1 Novel-plus | 2025-06-12 | N/A | 9.8 CRITICAL |
| A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass crafted offset, limit, and sort parameters to perform SQL injection via /novel/pay/list | |||||
| CVE-2024-24029 | 1 Jfinalcms Project | 1 Jfinalcms | 2025-06-12 | N/A | 9.8 CRITICAL |
| JFinalCMS 5.0.0 is vulnerable to SQL injection via /admin/content/data. | |||||
| CVE-2025-4541 | 1 Lmxcms | 1 Lmxcms | 2025-06-12 | N/A | 8.8 HIGH |
| A vulnerability classified as critical has been found in LmxCMS 1.41. Affected is the function manageZt of the file c\admin\ZtAction.class.php of the component POST Request Handler. The manipulation of the argument sortid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-25722 | 1 Qanything | 1 Qanything | 2025-06-11 | N/A | 9.8 CRITICAL |
| qanything_kernel/connector/database/mysql/mysql_client.py in qanything.ai QAnything before 1.2.0 allows SQL Injection. | |||||
| CVE-2025-32466 | 2025-06-11 | N/A | N/A | ||
| A SQL injection vulnerability in RSMediaGallery! component 1.7.4 - 2.1.7 for Joomla was discovered. The issue occurs within the dashboard component, where user-supplied input is not properly sanitized before being stored and rendered. An attacker can inject malicious JavaScript code into text fields or other input points, which is subsequently executed in the browser of any user who clicks on the crafted text in the dashboard. | |||||
| CVE-2024-10009 | 1 Melapress | 1 Melapress File Monitor | 2025-06-11 | N/A | N/A |
| The Melapress File Monitor WordPress plugin before 2.1.0 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks | |||||
| CVE-2023-6030 | 1 Deryckoe | 1 Logdash Activity Log | 2025-06-11 | N/A | N/A |
| The LogDash Activity Log WordPress plugin before 1.1.4 hooks the wp_login_failed function (from src/Hooks/Users.php) in order to log failed login attempts to the database but it doesn't escape the username when it perform some SQL request leading to a SQL injection vulnerability which can be exploited using time-based technique by unauthenticated attacker | |||||
| CVE-2023-48793 | 1 Zohocorp | 1 Manageengine Adaudit Plus | 2025-06-11 | N/A | 9.8 CRITICAL |
| Zoho ManageEngine ADAudit Plus through 7250 allows SQL Injection in the aggregate report feature. | |||||