Total
18744 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-28094 | 1 Schoolbox | 1 Schoolbox | 2025-02-05 | 8.8 High |
| Chat functionality in Schoolbox application before version 23.1.3 is vulnerable to blind SQL Injection enabling the authenticated attackers to read, modify, and delete database records. | ||||
| CVE-2023-30076 | 1 Judging Management System Project | 1 Judging Management System | 2025-02-05 | 9.8 Critical |
| Sourcecodester Judging Management System v1.0 is vulnerable to SQL Injection via /php-jms/print_judges.php?print_judges.php=&se_name=&sub_event_id=. | ||||
| CVE-2023-2149 | 1 Online Thesis Archiving System Project | 1 Online Thesis Archiving System | 2025-02-05 | 6.3 Medium |
| A vulnerability classified as critical was found in Campcodes Online Thesis Archiving System 1.0. This vulnerability affects unknown code of the file /admin/user/manage_user.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-226270 is the identifier assigned to this vulnerability. | ||||
| CVE-2023-26865 | 1 Brandsdistribution | 1 Bdroppy | 2025-02-05 | 9.8 Critical |
| SQL injection vulnerability found in PrestaShop bdroppy v.2.2.12 and before allowing a remote attacker to gain privileges via the BdroppyCronModuleFrontController::importProducts component. | ||||
| CVE-2024-6007 | 1 Netentsec | 1 Application Security Gateway | 2025-02-05 | 6.3 Medium |
| A vulnerability classified as critical has been found in Netentsec NS-ASG Application Security Gateway 6.3. This affects an unknown part of the file /protocol/iscgwtunnel/deleteiscgwrouteconf.php. The manipulation of the argument messagecontent leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-268695. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-30556 | 1 Archerydms | 1 Archery | 2025-02-05 | 6.5 Medium |
| Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases. Affected versions are subject to SQL injection in the `optimize_sqltuningadvisor` method of `sql_optimize.py`. User input coming from the `db_name` parameter value in `sql_optimize.py` is passed to the `sqltuningadvisor` method in `oracle.py`for execution. To mitigate escape the variables accepted via user input when used in `sql_optimize.py`. Users may also use prepared statements when dealing with SQL as a mitigation for this issue. This issue is also indexed as `GHSL-2022-107`. | ||||
| CVE-2024-2329 | 1 Netentsec | 1 Application Security Gateway | 2025-02-05 | 6.3 Medium |
| A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/list_resource_icon.php?action=delete. The manipulation of the argument IconId leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256280. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-2330 | 1 Netentsec | 1 Application Security Gateway | 2025-02-05 | 6.3 Medium |
| A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. It has been classified as critical. This affects an unknown part of the file /protocol/index.php. The manipulation of the argument IPAddr leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256281 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-2212 | 1 Coffee Shop Pos System Project | 1 Coffee Shop Pos System | 2025-02-04 | 6.3 Medium |
| A vulnerability was found in Campcodes Coffee Shop POS System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/products/view_product.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-226977 was assigned to this vulnerability. | ||||
| CVE-2023-2217 | 1 Task Reminder System Project | 1 Task Reminder System | 2025-02-04 | 6.3 Medium |
| A vulnerability, which was classified as critical, was found in SourceCodester Task Reminder System 1.0. This affects an unknown part of the file /admin/reminders/manage_reminder.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-226983. | ||||
| CVE-2024-30491 | 1 Metagauss | 1 Profilegrid | 2025-02-04 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.8. | ||||
| CVE-2024-30490 | 1 Metagauss | 1 Profilegrid | 2025-02-04 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.8. | ||||
| CVE-2024-30241 | 1 Metagauss | 1 Profilegrid | 2025-02-04 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.1. | ||||
| CVE-2023-2114 | 1 Basixonline | 1 Nex-forms | 2025-02-04 | 7.2 High |
| The NEX-Forms WordPress plugin before 8.4 does not properly escape the `table` parameter, which is populated with user input, before concatenating it to an SQL query. | ||||
| CVE-2023-0388 | 1 Random Text Project | 1 Random Text | 2025-02-04 | 8.8 High |
| The Random Text WordPress plugin through 0.3.0 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by any authenticated users, such as subscribers. | ||||
| CVE-2025-0846 | 1 1000projects | 1 Employee Task Management System | 2025-02-04 | 7.3 High |
| A vulnerability was found in 1000 Projects Employee Task Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/AdminLogin.php. The manipulation of the argument email leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-0847 | 1 1000projects | 1 Employee Task Management System | 2025-02-04 | 7.3 High |
| A vulnerability was found in 1000 Projects Employee Task Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /index.php of the component Login. The manipulation of the argument email leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2023-29849 | 1 Hockeycomputindo | 1 Bang Resto | 2025-02-04 | 8.8 High |
| Bang Resto 1.0 was discovered to contain multiple SQL injection vulnerabilities via the btnMenuItemID, itemID, itemPrice, menuID, staffID, or itemqty parameter. | ||||
| CVE-2024-55593 | 1 Fortinet | 1 Fortiweb | 2025-02-03 | 2.6 Low |
| A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiWeb versions 6.3.17 through 7.6.1 allows attacker to gain information disclosure via crafted SQL queries | ||||
| CVE-2024-52969 | 1 Fortinet | 1 Fortisiem | 2025-02-03 | 3.7 Low |
| An Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability [CWE-89] in FortiSIEM ersion 7.1.7 and below, version 7.1.0, version 7.0.3 and below, version 6.7.9 and below, 6.7.8, version 6.6.5 and below, version 6.5.3 and below, version 6.4.4 and below Update/Create Case feature may allow an authenticated attacker to extract database information via crafted requests. | ||||