Total
18781 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-40032 | 1 Simple Task Managing System Project | 1 Simple Task Managing System | 2025-03-18 | 9.8 Critical |
| SQL Injection vulnerability in Simple Task Managing System version 1.0 in login.php in 'username' and 'password' parameters, allows attackers to execute arbitrary code and gain sensitive information. | ||||
| CVE-2024-0709 | 1 Coolplugins | 1 Cryptocurrency Widgets | 2025-03-18 | 9.8 Critical |
| The Cryptocurrency Widgets – Price Ticker & Coins List plugin for WordPress is vulnerable to SQL Injection via the 'coinslist' parameter in versions 2.0 to 2.6.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | ||||
| CVE-2024-54929 | 1 Lopalopa | 1 E-learning Management System | 2025-03-18 | 7.2 High |
| KASHIPARA E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_subject.php. | ||||
| CVE-2024-25896 | 1 Churchcrm | 1 Churchcrm | 2025-03-17 | 5.3 Medium |
| ChurchCRM 5.5.0 EventEditor.php is vulnerable to Blind SQL Injection (Time-based) via the EID POST parameter. | ||||
| CVE-2024-25894 | 1 Churchcrm | 1 Churchcrm | 2025-03-17 | 9.8 Critical |
| ChurchCRM 5.5.0 /EventEditor.php is vulnerable to Blind SQL Injection (Time-based) via the EventCount POST parameter. | ||||
| CVE-2024-25893 | 1 Churchcrm | 1 Churchcrm | 2025-03-17 | 9.1 Critical |
| ChurchCRM 5.5.0 FRCertificates.php is vulnerable to Blind SQL Injection (Time-based) via the CurrentFundraiser GET parameter. | ||||
| CVE-2024-25892 | 1 Churchcrm | 1 Churchcrm | 2025-03-17 | 8.1 High |
| ChurchCRM 5.5.0 ConfirmReport.php is vulnerable to Blind SQL Injection (Time-based) via the familyId GET parameter. | ||||
| CVE-2023-26093 | 1 Puzzle | 1 Liima | 2025-03-17 | 9.8 Critical |
| Liima before 1.17.28 allows Hibernate query language (HQL) injection, related to colToSort in the deployment filter. | ||||
| CVE-2024-25891 | 1 Churchcrm | 1 Churchcrm | 2025-03-17 | 7.5 High |
| ChurchCRM 5.5.0 FRBidSheets.php is vulnerable to Blind SQL Injection (Time-based) via the CurrentFundraiser GET parameter. | ||||
| CVE-2022-45564 | 1 Znfit | 1 Home Improvement Erp Management System | 2025-03-17 | 9.8 Critical |
| SQL Injection vulnerability in znfit Home improvement ERP management system V50_20220207,v42 allows attackers to execute arbitrary sql commands via the userCode parameter to the wechat applet. | ||||
| CVE-2024-10153 | 1 Phpgurukul | 1 Boat Booking System | 2025-03-16 | 6.3 Medium |
| A vulnerability has been found in PHPGurukul Boat Booking System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file book-boat.php?bid=1 of the component Book a Boat Page. The manipulation of the argument bookingdatefrom/nopeople leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | ||||
| CVE-2024-22280 | 1 Vmware | 2 Aria Automation, Cloud Foundation | 2025-03-14 | 8.5 High |
| VMware Aria Automation does not apply correct input validation which allows for SQL-injection in the product. An authenticated malicious user could enter specially crafted SQL queries and perform unauthorised read/write operations in the database. | ||||
| CVE-2022-45677 | 1 Tuition Management System Project | 1 Tuition Management System | 2025-03-14 | 9.8 Critical |
| SQL Injection Vulnerability in tanujpatra228 Tution Management System (TMS) via the email parameter to processes/student_login.process.php. | ||||
| CVE-2024-57034 | 1 Wegia | 1 Wegia | 2025-03-14 | 9.8 Critical |
| WeGIA < 3.2.0 is vulnerable to SQL Injection in query_geracao_auto.php via the query parameter. | ||||
| CVE-2025-25513 | 1 Seacms | 1 Seacms | 2025-03-14 | 9.8 Critical |
| Seacms <=13.3 is vulnerable to SQL Injection in admin_members.php. | ||||
| CVE-2024-34458 | 1 Keyfactor | 1 Command | 2025-03-14 | 7.5 High |
| Keyfactor Command 10.5.x before 10.5.1 and 11.5.x before 11.5.1 allows SQL Injection which could result in information disclosure. | ||||
| CVE-2024-22923 | 1 Advradius | 1 Adv Radius | 2025-03-13 | 9.8 Critical |
| SQL injection vulnerability in adv radius v.2.2.5 allows a local attacker to execute arbitrary code via a crafted script. | ||||
| CVE-2024-25216 | 1 Sherlock | 1 Employee Management System | 2025-03-13 | 9.8 Critical |
| Employee Managment System v1.0 was discovered to contain a SQL injection vulnerability via the mailud parameter at /aprocess.php. | ||||
| CVE-2024-24101 | 1 Code-projects | 1 Scholars Tracking System | 2025-03-13 | 5.1 Medium |
| Code-projects Scholars Tracking System 1.0 is vulnerable to SQL Injection under Eligibility Information Update. | ||||
| CVE-2025-2088 | 1 Phpgurukul | 1 Pre-school Enrollment System | 2025-03-13 | 7.3 High |
| A vulnerability, which was classified as critical, was found in PHPGurukul Pre-School Enrollment System up to 1.0. Affected is an unknown function of the file /admin/profile.php. The manipulation of the argument fullname/emailid/mobileNumber leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||