Total
14188 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-4782 | 1 Oretnom23 | 1 Stock Management System | 2025-05-23 | N/A | 8.8 HIGH |
| A vulnerability has been found in SourceCodester/oretnom23 Stock Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /sms/admin/?page=receiving/view_receiving&id=1. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-48701 | 2025-05-23 | N/A | N/A | ||
| openDCIM through 23.04 allows SQL injection in people_depts.php because prepared statements are not used. | |||||
| CVE-2022-40093 | 1 Online Tours And Travels Management System Project | 1 Online Tours And Travels Management System | 2025-05-22 | N/A | 7.2 HIGH |
| Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /tour/admin/update_tax.php. | |||||
| CVE-2022-40092 | 1 Online Tours And Travels Management System Project | 1 Online Tours And Travels Management System | 2025-05-22 | N/A | 7.2 HIGH |
| Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /tour/admin/update_payment.php. | |||||
| CVE-2022-40091 | 1 Online Tours And Travels Management System Project | 1 Online Tours And Travels Management System | 2025-05-22 | N/A | 7.2 HIGH |
| Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /tour/admin/update_packages.php. | |||||
| CVE-2021-24786 | 1 Wpchill | 1 Download Monitor | 2025-05-22 | 6.5 MEDIUM | 7.2 HIGH |
| The Download Monitor WordPress plugin before 4.4.5 does not properly validate and escape the "orderby" GET parameter before using it in a SQL statement when viewing the logs, leading to an SQL Injection issue | |||||
| CVE-2024-13955 | 2025-05-22 | N/A | N/A | ||
| 2nd Order SQL injection vulnerabilities in ASPECT allow unintended access and manipulation of database repositories if administrator credentials become compromised.This issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. | |||||
| CVE-2024-12735 | 1 Niceit | 1 Advance Post Prefix | 2025-05-22 | N/A | N/A |
| The Advance Post Prefix WordPress plugin through 1.1.1 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins and above to perform SQL injection attacks | |||||
| CVE-2020-26630 | 1 Phpgurukul | 1 Hospital Management System | 2025-05-22 | N/A | 4.9 MEDIUM |
| A Time-Based SQL Injection vulnerability was discovered in Hospital Management System V4.0 which can allow an attacker to dump database information via a special payload in the 'Doctor Specialization' field under the 'Go to Doctors' tab after logging in as an admin. | |||||
| CVE-2022-40119 | 1 Online Banking System Project | 1 Online Banking System | 2025-05-22 | N/A | 9.8 CRITICAL |
| Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the search_term parameter at /net-banking/transactions.php. | |||||
| CVE-2022-40121 | 1 Online Banking System Project | 1 Online Banking System | 2025-05-22 | N/A | 9.8 CRITICAL |
| Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the search parameter at /net-banking/manage_customers.php. | |||||
| CVE-2022-40120 | 1 Online Banking System Project | 1 Online Banking System | 2025-05-22 | N/A | 9.8 CRITICAL |
| Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the search_term parameter at /net-banking/customer_transactions.php. | |||||
| CVE-2022-40122 | 1 Online Banking System Project | 1 Online Banking System | 2025-05-22 | N/A | 9.8 CRITICAL |
| Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the cust_id parameter at /net-banking/edit_customer_action.php. | |||||
| CVE-2022-40118 | 1 Online Banking System Project | 1 Online Banking System | 2025-05-22 | N/A | 9.8 CRITICAL |
| Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the cust_id parameter at /net-banking/send_funds_action.php. | |||||
| CVE-2022-40117 | 1 Online Banking System Project | 1 Online Banking System | 2025-05-22 | N/A | 9.8 CRITICAL |
| Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the cust_id parameter at /net-banking/delete_customer.php. | |||||
| CVE-2022-40113 | 1 Online Banking System Project | 1 Online Banking System | 2025-05-22 | N/A | 9.8 CRITICAL |
| Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the cust_id parameter at /net-banking/send_funds.php. | |||||
| CVE-2022-40352 | 1 Online Tours \& Travels Management System Project | 1 Online Tours \& Travels Management System | 2025-05-22 | N/A | 7.2 HIGH |
| Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/update_traveller.php. | |||||
| CVE-2022-40353 | 1 Online Tours \& Travels Management System Project | 1 Online Tours \& Travels Management System | 2025-05-22 | N/A | 7.2 HIGH |
| Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/up_booking.php. | |||||
| CVE-2022-37209 | 1 Jflyfox | 1 Jfinal Cms | 2025-05-22 | N/A | 8.8 HIGH |
| JFinal CMS 5.1.0 is affected by: SQL Injection. These interfaces do not use the same component, nor do they have filters, but each uses its own SQL concatenation method, resulting in SQL injection. | |||||
| CVE-2022-31367 | 1 Strapi | 1 Strapi | 2025-05-22 | N/A | 8.8 HIGH |
| Strapi before 3.6.10 and 4.x before 4.1.10 mishandles hidden attributes within admin API responses. | |||||