Total
16372 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-26627 | 1 Phpgurukul | 1 Hospital Management System | 2025-06-03 | 4.9 Medium |
| A Time-Based SQL Injection vulnerability was discovered in Hospital Management System V4.0 which can allow an attacker to dump database information via a crafted payload entered into the 'Admin Remark' parameter under the 'Contact Us Queries -> Unread Query' tab. | ||||
| CVE-2020-26623 | 1 Gilacms | 1 Gila Cms | 2025-06-03 | 3.8 Low |
| SQL Injection vulnerability discovered in Gila CMS 1.15.4 and earlier allows a remote attacker to execute arbitrary web scripts via the Area parameter under the Administration>Widget tab after the login portal. | ||||
| CVE-2024-29320 | 1 Wallosapp | 1 Wallos | 2025-06-03 | 8.1 High |
| Wallos before 1.15.3 is vulnerable to SQL Injection via the category and payment parameters to /subscriptions/get.php. | ||||
| CVE-2024-0182 | 1 Janobe | 1 Engineers Online Portal | 2025-06-03 | 7.3 High |
| A vulnerability was found in SourceCodester Engineers Online Portal 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/ of the component Admin Login. The manipulation of the argument username/password leads to sql injection. The attack may be launched remotely. The identifier of this vulnerability is VDB-249440. | ||||
| CVE-2023-50743 | 1 Kashipara | 1 Online Notice Board System | 2025-06-03 | 9.8 Critical |
| Online Notice Board System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'dd' parameter of the registration.php resource does not validate the characters received and they are sent unfiltered to the database. | ||||
| CVE-2023-50753 | 1 Kashipara | 1 Online Notice Board System | 2025-06-03 | 9.8 Critical |
| Online Notice Board System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'dd' parameter of the user/update_profile.php resource does not validate the characters received and they are sent unfiltered to the database. | ||||
| CVE-2023-50866 | 1 Kashipara | 1 Travel Website | 2025-06-03 | 9.8 Critical |
| Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the loginAction.php resource does not validate the characters received and they are sent unfiltered to the database. | ||||
| CVE-2024-0273 | 1 Kashipara | 1 Food Management System | 2025-06-03 | 6.3 Medium |
| A vulnerability was found in Kashipara Food Management System up to 1.0. It has been classified as critical. Affected is an unknown function of the file addwaste_entry.php. The manipulation of the argument item_name leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249828. | ||||
| CVE-2024-0274 | 1 Kashipara | 1 Food Management System | 2025-06-03 | 6.3 Medium |
| A vulnerability was found in Kashipara Food Management System up to 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file billAjax.php. The manipulation of the argument item_name leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249829 was assigned to this vulnerability. | ||||
| CVE-2024-0280 | 1 Kashipara | 1 Food Management System | 2025-06-03 | 6.3 Medium |
| A vulnerability has been found in Kashipara Food Management System up to 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file item_type_submit.php. The manipulation of the argument type_name leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249835. | ||||
| CVE-2020-16165 | 1 Bladex | 1 Springblade | 2025-06-03 | 9.8 Critical |
| The DAO/DTO implementation in SpringBlade through 2.7.1 allows SQL Injection in an ORDER BY clause. This is related to the /api/blade-log/api/list ascs and desc parameters. | ||||
| CVE-2024-33332 | 2 Bladex, Smallchill | 2 Springblade, Springblade | 2025-06-03 | 7.5 High |
| An issue discovered in SpringBlade 3.7.1 allows attackers to obtain sensitive information via crafted GET request to api/blade-system/tenant. | ||||
| CVE-2024-0364 | 1 Phpgurukul | 1 Hospital Management System | 2025-06-03 | 5.5 Medium |
| A vulnerability, which was classified as critical, was found in PHPGurukul Hospital Management System 1.0. This affects an unknown part of the file admin/query-details.php. The manipulation of the argument adminremark leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250131. | ||||
| CVE-2023-47460 | 1 Knovos | 1 Discovery | 2025-06-03 | 8.8 High |
| SQL injection vulnerability in Knovos Discovery v.22.67.0 allows a remote attacker to execute arbitrary code via the /DiscoveryProcess/Service/Admin.svc/getGridColumnStructure component. | ||||
| CVE-2023-30015 | 1 Oretnom23 | 1 Judging Management System | 2025-06-03 | 9.8 Critical |
| SQL Injection vulnerability in oretnom23 Judging Management System v1.0, allows remote attackers to execute arbitrary code and obtain sensitive information via txtsearch parameter in review_search.php. | ||||
| CVE-2023-30014 | 1 Oretnom23 | 1 Judging Management System | 2025-06-03 | 9.8 Critical |
| SQL Injection vulnerability in oretnom23 Judging Management System v1.0, allows remote attackers to execute arbitrary code and obtain sensitive information via sub_event_id parameter in sub_event_stat_update.php. | ||||
| CVE-2024-35056 | 1 Nasa | 1 Ait Core | 2025-06-03 | 9.8 Critical |
| NASA AIT-Core v2.5.2 was discovered to contain multiple SQL injection vulnerabilities via the query_packets and insert functions. | ||||
| CVE-2023-3377 | 1 Veribase | 1 Veribase | 2025-06-03 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Veribilim Software Computer Veribase allows SQL Injection.This issue affects Veribase: through 20231123. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-6276 | 1 Tongda2000 | 1 Tongda Office Anywhere | 2025-06-03 | 6.3 Medium |
| A vulnerability classified as critical has been found in Tongda OA 2017 up to 11.9. This affects an unknown part of the file general/wiki/cp/ct/delete.php. The manipulation of the argument PROJ_ID_STR leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-246105 was assigned to this vulnerability. | ||||
| CVE-2024-0460 | 1 Carmelogarcia | 1 Faculty Management System | 2025-06-03 | 6.3 Medium |
| A vulnerability was found in code-projects Faculty Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/pages/student-print.php. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250565 was assigned to this vulnerability. | ||||