Total
18861 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-52664 | 2 Revive, Revive-adserver | 2 Adserver, Revive Adserver | 2025-12-01 | 8.8 High |
| SQL injection in Revive Adserver 6.0.0 causes potential disruption or information access when specifically crafted payloads are sent by logged in users | ||||
| CVE-2025-13581 | 2 Facebook-julykringcadayona, Itsourcecode | 2 Student Information System, Student Information Management System | 2025-12-01 | 6.3 Medium |
| A vulnerability was identified in itsourcecode Student Information System 1.0. Affected by this vulnerability is an unknown functionality of the file /schedule_edit1.php. Such manipulation of the argument schedule_id leads to sql injection. The attack may be launched remotely. The exploit is publicly available and might be used. | ||||
| CVE-2025-13770 | 1 Uniong | 1 Webitr | 2025-12-01 | 6.5 Medium |
| WebITR developed by Uniong has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents. | ||||
| CVE-2025-13769 | 1 Uniong | 1 Webitr | 2025-12-01 | 6.5 Medium |
| WebITR developed by Uniong has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents. | ||||
| CVE-2025-61167 | 1 Sigb | 1 Pmb | 2025-12-01 | 6.5 Medium |
| SIGB PMB v8.0.1.14 was discovered to contain multiple SQL injection vulnerabilities in the /opac_css/ajax_selector.php component via the id and datas parameters. | ||||
| CVE-2024-13979 | 1 St. Joe Erp System Project | 1 St. Joe Erp System | 2025-11-28 | 9.8 Critical |
| A SQL injection vulnerability exists in the St. Joe ERP system ("圣乔ERP系统") that allows unauthenticated remote attackers to execute arbitrary SQL commands via crafted HTTP POST requests to the login endpoint. The application fails to properly sanitize user-supplied input before incorporating it into SQL queries, enabling direct manipulation of the backend database. Successful exploitation may result in unauthorized data access, modification of records, or limited disruption of service. An affected version range is undefined. Exploitation evidence was first observed by the Shadowserver Foundation on 2025-04-14 UTC. | ||||
| CVE-2022-50589 | 2 Salesagility, Suitecrm | 2 Suitecrm, Suitecrm | 2025-11-28 | 9.8 Critical |
| SuiteCRM versions prior to 7.12.6 contain a SQL injection vulnerability within the processing of the ‘uid’ parameter within the ‘export’ functionality. Successful exploitation allows remote unauthenticated attackers to ultimately execute arbitrary code. | ||||
| CVE-2025-34245 | 1 Advantech | 2 Webaccess/vpn, Webaccess\/vpn | 2025-11-28 | 6.5 Medium |
| Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxStandaloneVpnClientsController.ajaxAction() that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information. | ||||
| CVE-2025-34247 | 1 Advantech | 2 Webaccess/vpn, Webaccess\/vpn | 2025-11-28 | 6.5 Medium |
| Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in NetworksController.addNetworkAction() that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information. | ||||
| CVE-2025-34246 | 1 Advantech | 2 Webaccess/vpn, Webaccess\/vpn | 2025-11-28 | 6.5 Medium |
| Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxPrevalidationController.ajaxAction() that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information. | ||||
| CVE-2025-34244 | 1 Advantech | 2 Webaccess/vpn, Webaccess\/vpn | 2025-11-28 | 6.5 Medium |
| Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxFwRulesController.ajaxDeviceFwRulesAction() that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information. | ||||
| CVE-2025-34243 | 1 Advantech | 2 Webaccess/vpn, Webaccess\/vpn | 2025-11-28 | 6.5 Medium |
| Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxFwRulesController.ajaxNetworkFwRulesAction() that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information. | ||||
| CVE-2025-34242 | 1 Advantech | 2 Webaccess/vpn, Webaccess\/vpn | 2025-11-28 | 6.5 Medium |
| Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxNetworkController.ajaxAction() that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information. | ||||
| CVE-2025-34241 | 1 Advantech | 2 Webaccess/vpn, Webaccess\/vpn | 2025-11-28 | 6.5 Medium |
| Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxDeviceController.ajaxDeviceAction() that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information. | ||||
| CVE-2025-34240 | 1 Advantech | 2 Webaccess/vpn, Webaccess\/vpn | 2025-11-28 | 6.5 Medium |
| Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AppManagementController.appUpgradeAction() that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information. | ||||
| CVE-2025-13561 | 2 Sourcecodester, Torrahclef | 2 Company Website Cms, Company Website Cms | 2025-11-26 | 7.3 High |
| A vulnerability was determined in SourceCodester Company Website CMS 1.0. This vulnerability affects unknown code of the file /admin/index.php. This manipulation of the argument Username causes sql injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2025-13560 | 2 Sourcecodester, Torrahclef | 2 Company Website Cms, Company Website Cms | 2025-11-26 | 7.3 High |
| A vulnerability was found in SourceCodester Company Website CMS 1.0. This affects an unknown part of the file /admin/reset-password.php. The manipulation of the argument email results in sql injection. The attack may be launched remotely. The exploit has been made public and could be used. | ||||
| CVE-2025-8121 | 2 Pad, Widzialni | 2 Pad Cms, Pad Cms | 2025-11-26 | 8.8 High |
| Improper neutralization of input provided by an authorized user in article positioning functionality allows for Blind SQL Injection attacks. This issue affects all 3 templates: www, bip and ww+bip. This product is End-Of-Life and producent will not publish patches for this vulnerability. | ||||
| CVE-2025-8122 | 2 Pad, Widzialni | 2 Pad Cms, Pad Cms | 2025-11-26 | 8.8 High |
| Improper neutralization of input provided by an authorized user in article positioning functionality allows for Blind SQL Injection attacks. This issue affects all 3 templates: www, bip and ww+bip. This product is End-Of-Life and producent will not publish patches for this vulnerability. | ||||
| CVE-2025-60797 | 2 Phppgadmin, Phppgadmin Project | 2 Phppgadmin, Phppgadmin | 2025-11-25 | 6.5 Medium |
| phpPgAdmin 7.13.0 and earlier contains a SQL injection vulnerability in dataexport.php at line 118. The application directly executes user-supplied SQL queries from the $_REQUEST['query'] parameter without any sanitization or parameterization via $data->conn->Execute($_REQUEST['query']). An authenticated attacker can exploit this vulnerability to execute arbitrary SQL commands, potentially leading to complete database compromise, data theft, or privilege escalation. | ||||