Total
18775 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-0842 | 1 Needyamin | 1 Library Card System | 2025-02-25 | 7.3 High |
| A vulnerability was found in needyamin Library Card System 1.0 and classified as critical. This issue affects some unknown processing of the file admin.php of the component Login. The manipulation of the argument email/password leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-0880 | 1 Codezips | 1 Gym Management System | 2025-02-25 | 6.3 Medium |
| A vulnerability was found in Codezips Gym Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /dashboard/admin/updateplan.php. The manipulation of the argument planid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-1183 | 1 Codezips | 1 Gym Management System | 2025-02-25 | 6.3 Medium |
| A vulnerability has been found in CodeZips Gym Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /dashboard/admin/more-userprofile.php. The manipulation of the argument login_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2023-28660 | 1 E-dynamics | 1 Events Made Easy | 2025-02-25 | 8.8 High |
| The Events Made Easy WordPress Plugin, version <= 2.3.14 is affected by an authenticated SQL injection vulnerability in the 'search_name' parameter in the eme_recurrences_list action. | ||||
| CVE-2023-28661 | 1 Accesspressthemes | 1 Wp Popup Banners | 2025-02-25 | 8.8 High |
| The WP Popup Banners WordPress Plugin, version <= 1.2.5, is affected by an authenticated SQL injection vulnerability in the 'value' parameter in the get_popup_data action. | ||||
| CVE-2024-25928 | 1 Sitepact | 1 Contact Form 7 Extension For Klaviyo | 2025-02-25 | 7.1 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Sitepact.This issue affects Sitepact: from n/a through 1.0.5. | ||||
| CVE-2023-24788 | 1 Notrinos | 1 Notrinoserp | 2025-02-25 | 8.8 High |
| NotrinosERP v0.7 was discovered to contain a SQL injection vulnerability via the OrderNumber parameter at /NotrinosERP/sales/customer_delivery.php. | ||||
| CVE-2023-27034 | 1 Joommasters | 1 Jms Blog | 2025-02-25 | 9.8 Critical |
| PrestaShop jmsblog 2.5.5 was discovered to contain a SQL injection vulnerability. | ||||
| CVE-2023-28108 | 1 Pimcore | 1 Pimcore | 2025-02-25 | 7.9 High |
| Pimcore is an open source data and experience management platform. Prior to version 10.5.19, quoting is not done properly in UUID DAO model. There is the theoretical possibility to inject custom SQL if the developer is using this methods with input data and not doing proper input validation in advance and so relies on the auto-quoting being done by the DAO class. Users should update to version 10.5.19 to receive a patch or, as a workaround, apply the patch manually. | ||||
| CVE-2023-28438 | 1 Pimcore | 1 Pimcore | 2025-02-25 | 6.2 Medium |
| Pimcore is an open source data and experience management platform. Prior to version 10.5.19, since a user with 'report' permission can already write arbitrary SQL queries and given the fact that this endpoint is using the GET method (no CSRF protection), an attacker can inject an arbitrary query by manipulating a user to click on a link. Users should upgrade to version 10.5.19 to receive a patch or, as a workaround, may apply the patch manually. | ||||
| CVE-2025-1640 | 2025-02-25 | 7.3 High | ||
| A vulnerability was found in Benner ModernaNet up to 1.1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /Home/JS_CarregaCombo?formName=DADOS_PESSOAIS_PLANO&additionalCondition=&insideParameters=&elementToReturn=DADOS_PESSOAIS_PLANO&ordenarPelaDescricao=true&direcaoOrdenacao=asc&_=1739290047295. The manipulation leads to sql injection. The attack may be launched remotely. Upgrading to version 1.1.1 is able to address this issue. It is recommended to upgrade the affected component. | ||||
| CVE-2025-1641 | 2025-02-25 | 7.3 High | ||
| A vulnerability was found in Benner ModernaNet up to 1.1.0. It has been classified as critical. This affects an unknown part of the file /AGE0000700/GetHorariosDoDia?idespec=0&idproced=1103&data=2025-02-25+19%3A25&agserv=0&convenio=1&localatend=1&idplano=5&pesfis=01&idprofissional=0&target=.horarios--dia--d0&_=1739371223797. The manipulation leads to sql injection. It is possible to initiate the attack remotely. Upgrading to version 1.1.1 is able to address this issue. It is recommended to upgrade the affected component. | ||||
| CVE-2025-1356 | 1 Needyamin | 1 Library Card System | 2025-02-25 | 6.3 Medium |
| A vulnerability was found in needyamin Library Card System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file card.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-13846 | 1 Wpindeed | 1 Ultimate Learning Pro | 2025-02-25 | 4.9 Medium |
| The Indeed Ultimate Learning Pro plugin for WordPress is vulnerable to time-based SQL Injection via the ‘post_id’ parameter in all versions up to, and including, 3.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | ||||
| CVE-2025-27133 | 2025-02-24 | N/A | ||
| WeGIA is a Web manager for charitable institutions. A SQL Injection vulnerability was discovered in the WeGIA application prior to version 3.2.15 at the `adicionar_tipo_exame.php` endpoint. This vulnerability allows an authorized attacker to execute arbitrary SQL queries, allowing access to sensitive information. Version 3.2.15 contains a patch for the issue. | ||||
| CVE-2023-44047 | 1 Oretnom23 | 1 Toll Tax Management System | 2025-02-24 | 7.2 High |
| Sourcecodester Toll Tax Management System v1 is vulnerable to SQL Injection. | ||||
| CVE-2022-26283 | 1 Oretnom23 | 1 Simple Subscription Website | 2025-02-24 | 9.8 Critical |
| Simple Subscription Website v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the view_plan endpoint. This vulnerability allows attackers to dump the application's database via crafted HTTP requests. | ||||
| CVE-2021-43140 | 1 Oretnom23 | 1 Simple Subscription Website | 2025-02-24 | 9.8 Critical |
| SQL Injection vulnerability exists in Sourcecodester. Simple Subscription Website 1.0. via the login. | ||||
| CVE-2022-34067 | 1 Oretnom23 | 1 Warehouse Management System | 2025-02-24 | 7.5 High |
| Warehouse Management System v1.0 was discovered to contain a SQL injection vulnerability via the cari parameter. | ||||
| CVE-2022-30053 | 1 Oretnom23 | 1 Toll Tax Management System | 2025-02-24 | 9.8 Critical |
| In Toll Tax Management System 1.0, the id parameter appears to be vulnerable to SQL injection attacks. | ||||