Total
14581 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-38148 | 1 Silverstripe | 1 Framework | 2025-04-30 | 8.8 High |
| Silverstripe silverstripe/framework through 4.11 allows SQL Injection. | ||||
| CVE-2021-38819 | 1 Simple Image Gallery Web App Project | 1 Simple Image Gallery Web App | 2025-04-30 | 8.8 High |
| A SQL injection vulnerability exits on the Simple Image Gallery System 1.0 application through "id" parameter on the album page. | ||||
| CVE-2025-32968 | 1 Xwiki | 1 Xwiki | 2025-04-30 | 8.8 High |
| XWiki is a generic wiki platform. In versions starting from 1.6-milestone-1 to before 15.10.16, 16.4.6, and 16.10.1, it is possible for a user with SCRIPT right to escape from the HQL execution context and perform a blind SQL injection to execute arbitrary SQL statements on the database backend. Depending on the used database backend, the attacker may be able to not only obtain confidential information such as password hashes from the database, but also execute UPDATE/INSERT/DELETE queries. This issue has been patched in versions 16.10.1, 16.4.6 and 15.10.16. There is no known workaround, other than upgrading XWiki. The protection added to this REST API is the same as the one used to validate complete select queries, making it more consistent. However, while the script API always had this protection for complete queries, it's important to note that it's a very strict protection and some valid, but complex, queries might suddenly require the author to have programming right. | ||||
| CVE-2025-4110 | 2025-04-30 | 6.3 Medium | ||
| A vulnerability was found in PHPGurukul Pre-School Enrollment System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/edit-teacher.php. The manipulation of the argument mobilenumber leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | ||||
| CVE-2025-4111 | 2025-04-30 | 6.3 Medium | ||
| A vulnerability was found in PHPGurukul Pre-School Enrollment System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/visitor-details.php. The manipulation of the argument Status leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-32969 | 1 Xwiki | 1 Xwiki | 2025-04-30 | 9.8 Critical |
| XWiki is a generic wiki platform. In versions starting from 1.8 and prior to 15.10.16, 16.4.6, and 16.10.1, it is possible for a remote unauthenticated user to escape from the HQL execution context and perform a blind SQL injection to execute arbitrary SQL statements on the database backend, including when "Prevent unregistered users from viewing pages, regardless of the page rights" and "Prevent unregistered users from editing pages, regardless of the page rights" options are enabled. Depending on the used database backend, the attacker may be able to not only obtain confidential information such as password hashes from the database, but also execute UPDATE/INSERT/DELETE queries. This issue has been patched in versions 16.10.1, 16.4.6 and 15.10.16. There is no known workaround, other than upgrading XWiki. | ||||
| CVE-2025-4112 | 2025-04-30 | 7.3 High | ||
| A vulnerability was found in PHPGurukul Student Record System 3.20. It has been declared as critical. This vulnerability affects unknown code of the file /add-course.php. The manipulation of the argument course-short leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-4113 | 2025-04-30 | 6.3 Medium | ||
| A vulnerability was found in PHPGurukul Curfew e-Pass Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/edit-pass-detail.php. The manipulation of the argument editid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-45020 | 2025-04-30 | 7.2 High | ||
| A SQL Injection vulnerability was discovered in the normal-bwdates-reports-details.php file of PHPGurukul Park Ticketing Management System v2.0. This vulnerability allows remote attackers to execute arbitrary SQL code via the todate parameter in a POST request. | ||||
| CVE-2025-46252 | 1 Kofimokome | 1 Message Filter For Contact Form 7 | 2025-04-30 | 7.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in kofimokome Message Filter for Contact Form 7 allows SQL Injection. This issue affects Message Filter for Contact Form 7: from n/a through 1.6.3.2. | ||||
| CVE-2022-44378 | 1 Automotive Shop Management System Project | 1 Automotive Shop Management System | 2025-04-30 | 7.2 High |
| Automotive Shop Management System v1.0 is vulnerable to SQL via /asms/classes/Master.php?f=delete_mechanic. | ||||
| CVE-2022-44003 | 1 Backclick | 1 Backclick | 2025-04-30 | 9.8 Critical |
| An issue was discovered in BACKCLICK Professional 5.9.63. Due to insufficient escaping of user-supplied input, the application is vulnerable to SQL injection at various locations. | ||||
| CVE-2025-3341 | 1 Code-projects | 1 Online Restaurant Management System | 2025-04-30 | 7.3 High |
| A vulnerability, which was classified as critical, was found in codeprojects Online Restaurant Management System 1.0. This affects an unknown part of the file /admin/reservation_view.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-3342 | 1 Code-projects | 1 Online Restaurant Management System | 2025-04-30 | 7.3 High |
| A vulnerability has been found in codeprojects Online Restaurant Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/payment_save.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-3343 | 1 Code-projects | 1 Online Restaurant Management System | 2025-04-30 | 7.3 High |
| A vulnerability was found in codeprojects Online Restaurant Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/reservation_update.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-3344 | 1 Code-projects | 1 Online Restaurant Management System | 2025-04-30 | 7.3 High |
| A vulnerability was found in codeprojects Online Restaurant Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/assign_save.php. The manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-3345 | 1 Code-projects | 1 Online Restaurant Management System | 2025-04-30 | 7.3 High |
| A vulnerability was found in codeprojects Online Restaurant Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/combo.php. The manipulation of the argument del leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2022-42245 | 1 Dreamer Cms Project | 1 Dreamer Cms | 2025-04-29 | 9.8 Critical |
| Dreamer CMS 4.0.01 is vulnerable to SQL Injection. | ||||
| CVE-2025-4039 | 1 Phpgurukul | 1 Rail Pass Management System | 2025-04-29 | 7.3 High |
| A vulnerability was found in PHPGurukul Rail Pass Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/search-pass.php. The manipulation of the argument searchdata leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-1200 | 1 Mayurik | 1 Best Church Management Software | 2025-04-29 | 6.3 Medium |
| A vulnerability was found in SourceCodester Best Church Management Software 1.1. It has been declared as critical. This vulnerability affects unknown code of the file /admin/app/slider_crud.php. The manipulation of the argument del_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||