Total
18727 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-1981 | 1 Wpvivid | 1 Migration\, Backup\, Staging | 2025-01-16 | 9.8 Critical |
| The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to SQL Injection via the 'table_prefix' parameter in version 0.9.68 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | ||||
| CVE-2024-25833 | 1 F-logic | 1 Datacube3 | 2025-01-16 | 9.8 Critical |
| F-logic DataCube3 v1.0 is vulnerable to unauthenticated SQL injection, which could allow an unauthenticated malicious actor to execute arbitrary SQL queries in database. | ||||
| CVE-2023-2750 | 1 Cityboss | 1 E-municipality | 2025-01-16 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cityboss E-municipality allows SQL Injection.This issue affects E-municipality: before 6.05. | ||||
| CVE-2023-2064 | 1 Minovateknoloji | 1 Etrace | 2025-01-16 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Minova Technology eTrace allows SQL Injection.This issue affects eTrace: before 23.05.20. | ||||
| CVE-2023-2045 | 1 Ipekyolunet | 1 Software Auto Damage Tracking Software | 2025-01-16 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ipekyolu Software Auto Damage Tracking Software allows SQL Injection.This issue affects Auto Damage Tracking Software: before 4. | ||||
| CVE-2023-33280 | 1 Storecommander | 1 Quickaccounting | 2025-01-16 | 9.8 Critical |
| In the Store Commander scquickaccounting module for PrestaShop through 3.7.3, multiple sensitive SQL calls can be executed with a trivial HTTP request and exploited to forge a blind SQL injection. | ||||
| CVE-2023-33279 | 1 Scfixmyprestashop Project | 1 Scfixmyprestashop | 2025-01-16 | 9.8 Critical |
| In the Store Commander scfixmyprestashop module through 2023-05-09 for PrestaShop, sensitive SQL calls can be executed with a trivial HTTP request and exploited to forge a blind SQL injection. | ||||
| CVE-2023-33278 | 1 Storecommander | 1 Customers Export | 2025-01-16 | 9.8 Critical |
| In the Store Commander scexportcustomers module for PrestaShop through 3.6.1, sensitive SQL calls can be executed with a trivial HTTP request and exploited to forge a blind SQL injection. | ||||
| CVE-2024-3148 | 1 Dedecms | 1 Dedecms | 2025-01-15 | 6.3 Medium |
| A vulnerability, which was classified as critical, has been found in DedeCMS 5.7.112. This issue affects some unknown processing of the file dede/makehtml_archives_action.php. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258923. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2015-9452 | 1 Basixonline | 1 Nex-forms | 2025-01-15 | 9.8 Critical |
| The nex-forms-express-wp-form-builder plugin before 4.6.1 for WordPress has SQL injection via the wp-admin/admin.php?page=nex-forms-main nex_forms_Id parameter. | ||||
| CVE-2021-44092 | 1 Code-projects | 1 Pharmacy Management | 2025-01-15 | 9.8 Critical |
| An SQL Injection vulnerability exists in code-projects Pharmacy Management 1.0 via the username parameter in the administer login form. | ||||
| CVE-2023-33677 | 1 Oretnom23 | 1 Lost And Found Information System | 2025-01-15 | 7.5 High |
| Sourcecodester Lost and Found Information System's Version 1.0 is vulnerable to unauthenticated SQL Injection at "?page=items/view&id=*". | ||||
| CVE-2023-33439 | 1 Faculty Evaluation System Project | 1 Faculty Evaluation System | 2025-01-14 | 7.2 High |
| Sourcecodester Faculty Evaluation System v1.0 is vulnerable to SQL Injection via /eval/admin/manage_task.php?id=. | ||||
| CVE-2023-38724 | 1 Ibm | 1 Cognos Controller | 2025-01-14 | 6.3 Medium |
| IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 262183. | ||||
| CVE-2021-43926 | 1 Synology | 1 Diskstation Manager | 2025-01-14 | 4.7 Medium |
| Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Log Management functionality in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote attackers to inject SQL commands via unspecified vectors. | ||||
| CVE-2021-43927 | 1 Synology | 1 Diskstation Manager | 2025-01-14 | 4.7 Medium |
| Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Security Management functionality in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote attackers to inject SQL commands via unspecified vectors. | ||||
| CVE-2021-43925 | 1 Synology | 1 Diskstation Manager | 2025-01-14 | 4.7 Medium |
| Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Log Management functionality in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote attackers to inject SQL commands via unspecified vectors. | ||||
| CVE-2022-24628 | 1 Audiocodes | 1 Device Manager Express | 2025-01-14 | 7.2 High |
| An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is authenticated SQL injection in the id parameter of IPPhoneFirmwareEdit.php. | ||||
| CVE-2022-24627 | 1 Audiocodes | 1 Device Manager Express | 2025-01-14 | 9.8 Critical |
| An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is an unauthenticated SQL injection in the p parameter of the process_login.php login form. | ||||
| CVE-2021-4336 | 1 Itrsgroup | 1 Ninja | 2025-01-13 | 5.5 Medium |
| A vulnerability was found in ITRS Group monitor-ninja up to 2021.11.1. It has been rated as critical. Affected by this issue is some unknown functionality of the file modules/reports/models/scheduled_reports.php. The manipulation leads to sql injection. Upgrading to version 2021.11.30 is able to address this issue. The name of the patch is 6da9080faec9bca1ca5342386c0421dca0a6c0cc. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-230084. | ||||