Total
15730 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2022-40043 | 1 Centreon | 1 Centreon | 2025-05-21 | 8.8 High |
Centreon v20.10.18 was discovered to contain a SQL injection vulnerability via the esc_name (Escalation Name) parameter at Configuration/Notifications/Escalations. | ||||
CVE-2024-13726 | 1 Themescoder | 1 Themes Coder | 2025-05-21 | 8.6 High |
The Coder WordPress plugin through 1.3.4 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection | ||||
CVE-2022-40877 | 1 Exam Reviewer Management System Project | 1 Exam Reviewer Management System | 2025-05-21 | 9.8 Critical |
Exam Reviewer Management System 1.0 is vulnerable to SQL Injection via the ‘id’ parameter. | ||||
CVE-2022-40354 | 1 Online Tours \& Travels Management System Project | 1 Online Tours \& Travels Management System | 2025-05-21 | 7.2 High |
Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/update_booking.php. | ||||
CVE-2022-3323 | 1 Advantech | 1 Iview | 2025-05-21 | 7.5 High |
An SQL injection vulnerability in Advantech iView 5.7.04.6469. The specific flaw exists within the ConfigurationServlet endpoint, which listens on TCP port 8080 by default. An unauthenticated remote attacker can craft a special column_value parameter in the setConfiguration action to bypass checks in com.imc.iview.utils.CUtils.checkSQLInjection() to perform SQL injection. For example, the attacker can exploit the vulnerability to retrieve the iView admin password. | ||||
CVE-2021-41433 | 1 Resumes Management And Job Application Website Application Project | 1 Resumes Management And Job Application Website Application | 2025-05-21 | 9.8 Critical |
SQL Injection vulnerability exists in version 1.0 of the Resumes Management and Job Application Website application login form by EGavilan Media that allows authentication bypass through login.php. | ||||
CVE-2022-28813 | 1 Gavazziautomation | 3 Cpy Car Park Server, Uwp 3.0 Monitoring Gateway And Controller, Uwp 3.0 Monitoring Gateway And Controller Firmware | 2025-05-21 | 7.5 High |
In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a remote, unauthenticated attacker could make use of an SQL-injection to gain access to a volatile temporary database with the current states of the device. | ||||
CVE-2022-22524 | 1 Gavazziautomation | 3 Cpy Car Park Server, Uwp 3.0 Monitoring Gateway And Controller, Uwp 3.0 Monitoring Gateway And Controller Firmware | 2025-05-21 | 9.4 Critical |
In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 an unauthenticated remote attacker could utilize a SQL-Injection vulnerability to gain full database access, modify users and stop services . | ||||
CVE-2025-4773 | 1 Phpgurukul | 1 Online Course Registration | 2025-05-21 | 7.3 High |
A vulnerability was found in PHPGurukul Online Course Registration 3.1 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/level.php. The manipulation of the argument level leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
CVE-2025-4777 | 1 Phpgurukul | 1 Park Ticketing Management System | 2025-05-21 | 6.3 Medium |
A vulnerability was found in PHPGurukul Park Ticketing Management System 2.0. It has been classified as critical. This affects an unknown part of the file /view-foreigner-ticket.php. The manipulation of the argument viewid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
CVE-2023-48395 | 1 Kaifa | 1 Webitr Attendance System | 2025-05-21 | 6.5 Medium |
Kaifa Technology WebITR is an online attendance system, it has insufficient validation for user input within a special function. A remote attacker with regular user privilege can exploit this vulnerability to inject arbitrary SQL commands to read database. | ||||
CVE-2025-39481 | 1 Imithemes | 1 Eventer | 2025-05-21 | 9.3 Critical |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in imithemes Eventer allows Blind SQL Injection. This issue affects Eventer: from n/a through 3.9.6. | ||||
CVE-2025-4771 | 1 Phpgurukul | 1 Online Course Registration | 2025-05-21 | 7.3 High |
A vulnerability, which was classified as critical, was found in PHPGurukul Online Course Registration 3.1. Affected is an unknown function of the file /admin/course.php. The manipulation of the argument coursecode leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
CVE-2023-45115 | 1 Projectworlds | 1 Online Examination System | 2025-05-21 | 8.8 High |
Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'ch' parameter of the /update.php?q=addqns resource does not validate the characters received and they are sent unfiltered to the database. | ||||
CVE-2025-4911 | 1 Phpgurukul | 1 Zoo Management System | 2025-05-21 | 7.3 High |
A vulnerability, which was classified as critical, was found in PHPGurukul Zoo Management System 2.1. Affected is an unknown function of the file /admin/view-foreigner-ticket.php. The manipulation of the argument viewid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
CVE-2025-4925 | 1 Phpgurukul | 1 Daily Expense Tracker System | 2025-05-21 | 7.3 High |
A vulnerability has been found in PHPGurukul Daily Expense Tracker System 1.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /expense-monthwise-reports-detailed.php. The manipulation of the argument fromdate/todate leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
CVE-2025-4927 | 1 Phpgurukul | 1 Online Marriage Registration System | 2025-05-21 | 7.3 High |
A vulnerability was found in PHPGurukul Online Marriage Registration System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/between-dates-application-report.php. The manipulation of the argument fromdate/todate leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
CVE-2022-28815 | 1 Gavazziautomation | 3 Cpy Car Park Server, Uwp 3.0 Monitoring Gateway And Controller, Uwp 3.0 Monitoring Gateway And Controller Firmware | 2025-05-20 | 2.7 Low |
In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 the Sentilo Proxy server was discovered to contain a SQL injection vulnerability allowing an attacker to query other tables of the Sentilo service. | ||||
CVE-2022-41440 | 1 Billing System Project Project | 1 Billing System Project | 2025-05-20 | 7.2 High |
Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /phpinventory/editcategory.php. | ||||
CVE-2022-41439 | 1 Billing System Project Project | 1 Billing System Project | 2025-05-20 | 7.2 High |
Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /phpinventory/edituser.php. |