Total
15140 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2010-3662 | 1 Typo3 | 1 Typo3 | 2024-11-21 | 8.8 High |
| TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows SQL Injection on the backend. | ||||
| CVE-2010-10009 | 1 Ptome Project | 1 Ptome | 2024-11-21 | 5.5 Medium |
| A vulnerability was found in frioux ptome. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to sql injection. The patch is named 26829bba67858ca0bd4ce49ad50e7ce653914276. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218519. | ||||
| CVE-2010-10007 | 1 Click-reminder Project | 1 Click-reminder | 2024-11-21 | 5.5 Medium |
| ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in lierdakil click-reminder. It has been rated as critical. This issue affects the function db_query of the file src/backend/include/BaseAction.php. The manipulation leads to sql injection. The identifier of the patch is 41213b660e8eb01b22c8074f06208f59a73ca8dc. It is recommended to apply a patch to fix this issue. The identifier VDB-218465 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2009-4899 | 1 Pixelpost | 1 Pixelpost | 2024-11-21 | 9.8 Critical |
| pixelpost 1.7.1 has SQL injection | ||||
| CVE-2008-10004 | 1 Email Registration Project | 1 Email Registration | 2024-11-21 | 6.3 Medium |
| A vulnerability was found in Email Registration 5.x-2.1 on Drupal. It has been declared as critical. This vulnerability affects the function email_registration_user of the file email_registration.module. The manipulation of the argument namenew leads to sql injection. The attack can be initiated remotely. Upgrading to version 6.x-1.0 is able to address this issue. The patch is identified as 126c141b7db038c778a2dc931d38766aad8d1112. It is recommended to upgrade the affected component. VDB-222334 is the identifier assigned to this vulnerability. | ||||
| CVE-2008-10003 | 1 Flashgames Project | 1 Flashgames | 2024-11-21 | 6.3 Medium |
| A vulnerability was found in iGamingModules flashgames 1.1.0. It has been classified as critical. Affected is an unknown function of the file game.php. The manipulation of the argument lid leads to sql injection. It is possible to launch the attack remotely. The name of the patch is 6e57683704885be32eea2ea614f80c9bb8f012c5. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-222288. | ||||
| CVE-2007-10003 | 1 Wp-plugins | 1 The Hackers Diet | 2024-11-21 | 6.3 Medium |
| A vulnerability, which was classified as critical, has been found in The Hackers Diet Plugin up to 0.9.6b on WordPress. This issue affects some unknown processing of the file ajax_blurb.php of the component HTTP POST Request Handler. The manipulation of the argument user leads to sql injection. The attack may be initiated remotely. Upgrading to version 0.9.7b is able to address this issue. The patch is named 7dd8acf7cd8442609840037121074425d363b694. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-243803. | ||||
| CVE-2005-4891 | 1 Simplemachines | 1 Simple Machine Forum | 2024-11-21 | 9.8 Critical |
| Simple Machine Forum (SMF) versions 1.0.4 and earlier have an SQL injection vulnerability that allows remote attackers to inject arbitrary SQL statements. | ||||
| CVE-2024-52435 | 1 Wpdownloadmanager | 1 Premium Packages - Sell Digital Products Securely | 2024-11-20 | 7.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in W3 Eden, Inc. Premium Packages allows SQL Injection.This issue affects Premium Packages: from n/a through 5.9.3. | ||||
| CVE-2024-11241 | 2 Anisha, Code-projects | 2 Job Recruitment, Job Recruitment | 2024-11-20 | 7.3 High |
| A vulnerability was found in code-projects Job Recruitment 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file reset.php. The manipulation of the argument e leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-40638 | 1 Glpi-project | 1 Glpi | 2024-11-20 | 8.1 High |
| GLPI is a free asset and IT management software package. An authenticated user can exploit multiple SQL injection vulnerabilities. One of them can be used to alter another user account data and take control of it. Upgrade to 10.0.17. | ||||
| CVE-2024-52431 | 1 Pressaholic | 1 Wordpress Video Robot | 2024-11-20 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Pressaholic WordPress Video Robot - The Ultimate Video Importer allows SQL Injection.This issue affects WordPress Video Robot - The Ultimate Video Importer: from n/a through 1.20.0. | ||||
| CVE-2024-52436 | 1 Wpexperts | 1 Post Smtp | 2024-11-20 | 7.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Post SMTP allows Blind SQL Injection.This issue affects Post SMTP: from n/a through 2.9.9. | ||||
| CVE-2024-41679 | 1 Glpi-project | 1 Glpi | 2024-11-20 | 6.5 Medium |
| GLPI is a free asset and IT management software package. An authenticated user can exploit a SQL injection vulnerability from the ticket form. Upgrade to 10.0.17. | ||||
| CVE-2024-45608 | 1 Glpi-project | 1 Glpi | 2024-11-20 | 6.5 Medium |
| GLPI is a free asset and IT management software package. An authenticated user can perfom a SQL injection by changing its preferences. Upgrade to 10.0.17. | ||||
| CVE-2024-11244 | 2 Anisha, Code-projects | 2 Farmacia, Farmacia | 2024-11-20 | 6.3 Medium |
| A vulnerability classified as critical was found in code-projects Farmacia 1.0. This vulnerability affects unknown code of the file /editar-cliente.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-11245 | 1 Anisha | 1 Farmacia | 2024-11-20 | 6.3 Medium |
| A vulnerability, which was classified as critical, has been found in code-projects Farmacia 1.0. This issue affects some unknown processing of the file /editar-produto.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-11256 | 1 1000projects | 1 Portfolio Management System Mca | 2024-11-19 | 7.3 High |
| A vulnerability was found in 1000 Projects Portfolio Management System MCA 1.0 and classified as critical. This issue affects some unknown processing of the file /login.php. The manipulation of the argument username leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-11257 | 1 1000projects | 1 Beauty Parlour Management System | 2024-11-19 | 7.3 High |
| A vulnerability classified as critical has been found in 1000 Projects Beauty Parlour Management System 1.0. This affects an unknown part of the file /admin/forgot-password.php. The manipulation of the argument email leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-11258 | 1 1000projects | 1 Beauty Parlour Management System | 2024-11-19 | 7.3 High |
| A vulnerability classified as critical was found in 1000 Projects Beauty Parlour Management System 1.0. This vulnerability affects unknown code of the file /admin/index.php. The manipulation of the argument username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||