Total
14581 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-2890 | 2025-04-30 | 6.5 Medium | ||
| The tagDiv Opt-In Builder plugin for WordPress is vulnerable to time-based SQL Injection via the ‘subscriptionCouponId’ parameter in all versions up to, and including, 1.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | ||||
| CVE-2025-4108 | 2025-04-30 | 7.3 High | ||
| A vulnerability, which was classified as critical, was found in PHPGurukul Student Record System 3.20. Affected is an unknown function of the file /add-subject.php. The manipulation of the argument sub1 leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-4109 | 2025-04-30 | 6.3 Medium | ||
| A vulnerability has been found in PHPGurukul Pre-School Enrollment System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/edit-subadmin.php. The manipulation of the argument mobilenumber leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | ||||
| CVE-2024-44739 | 2 Oretnom23, Sourcecodester | 2 Simple Forum Website, Simple Forum Website | 2025-04-30 | 8.8 High |
| Sourcecodester Simple Forum Website v1.0 has a SQL injection vulnerability in /php-sqlite-forum/?page=manage_user&id=. | ||||
| CVE-2024-25239 | 2 Sourcecodester, Walterjnr1 | 2 Employee Management System, Employee Management System | 2025-04-30 | 9.8 Critical |
| SQL Injection vulnerability in Sourcecodester Employee Management System v1.0 allows attackers to run arbitrary SQL commands via crafted POST request to /emloyee_akpoly/Account/login.php. | ||||
| CVE-2025-45021 | 2025-04-30 | 5.3 Medium | ||
| A SQL Injection vulnerability was identified in the admin/edit-directory.php file of the PHPGurukul Directory Management System v2.0. Attackers can exploit this vulnerability via the email parameter in a POST request to execute arbitrary SQL commands. | ||||
| CVE-2022-43256 | 1 Seacms | 1 Seacms | 2025-04-30 | 9.8 Critical |
| SeaCms before v12.6 was discovered to contain a SQL injection vulnerability via the component /js/player/dmplayer/dmku/index.php. | ||||
| CVE-2022-43135 | 1 Online Diagnostic Lab Management System Project | 1 Online Diagnostic Lab Management System | 2025-04-30 | 9.8 Critical |
| Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the username parameter at /diagnostic/login.php. | ||||
| CVE-2022-38148 | 1 Silverstripe | 1 Framework | 2025-04-30 | 8.8 High |
| Silverstripe silverstripe/framework through 4.11 allows SQL Injection. | ||||
| CVE-2021-38819 | 1 Simple Image Gallery Web App Project | 1 Simple Image Gallery Web App | 2025-04-30 | 8.8 High |
| A SQL injection vulnerability exits on the Simple Image Gallery System 1.0 application through "id" parameter on the album page. | ||||
| CVE-2025-32968 | 1 Xwiki | 1 Xwiki | 2025-04-30 | 8.8 High |
| XWiki is a generic wiki platform. In versions starting from 1.6-milestone-1 to before 15.10.16, 16.4.6, and 16.10.1, it is possible for a user with SCRIPT right to escape from the HQL execution context and perform a blind SQL injection to execute arbitrary SQL statements on the database backend. Depending on the used database backend, the attacker may be able to not only obtain confidential information such as password hashes from the database, but also execute UPDATE/INSERT/DELETE queries. This issue has been patched in versions 16.10.1, 16.4.6 and 15.10.16. There is no known workaround, other than upgrading XWiki. The protection added to this REST API is the same as the one used to validate complete select queries, making it more consistent. However, while the script API always had this protection for complete queries, it's important to note that it's a very strict protection and some valid, but complex, queries might suddenly require the author to have programming right. | ||||
| CVE-2025-4110 | 2025-04-30 | 6.3 Medium | ||
| A vulnerability was found in PHPGurukul Pre-School Enrollment System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/edit-teacher.php. The manipulation of the argument mobilenumber leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | ||||
| CVE-2025-4111 | 2025-04-30 | 6.3 Medium | ||
| A vulnerability was found in PHPGurukul Pre-School Enrollment System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/visitor-details.php. The manipulation of the argument Status leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-32969 | 1 Xwiki | 1 Xwiki | 2025-04-30 | 9.8 Critical |
| XWiki is a generic wiki platform. In versions starting from 1.8 and prior to 15.10.16, 16.4.6, and 16.10.1, it is possible for a remote unauthenticated user to escape from the HQL execution context and perform a blind SQL injection to execute arbitrary SQL statements on the database backend, including when "Prevent unregistered users from viewing pages, regardless of the page rights" and "Prevent unregistered users from editing pages, regardless of the page rights" options are enabled. Depending on the used database backend, the attacker may be able to not only obtain confidential information such as password hashes from the database, but also execute UPDATE/INSERT/DELETE queries. This issue has been patched in versions 16.10.1, 16.4.6 and 15.10.16. There is no known workaround, other than upgrading XWiki. | ||||
| CVE-2025-4112 | 2025-04-30 | 7.3 High | ||
| A vulnerability was found in PHPGurukul Student Record System 3.20. It has been declared as critical. This vulnerability affects unknown code of the file /add-course.php. The manipulation of the argument course-short leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-4113 | 2025-04-30 | 6.3 Medium | ||
| A vulnerability was found in PHPGurukul Curfew e-Pass Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/edit-pass-detail.php. The manipulation of the argument editid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-45020 | 2025-04-30 | 7.2 High | ||
| A SQL Injection vulnerability was discovered in the normal-bwdates-reports-details.php file of PHPGurukul Park Ticketing Management System v2.0. This vulnerability allows remote attackers to execute arbitrary SQL code via the todate parameter in a POST request. | ||||
| CVE-2025-46252 | 1 Kofimokome | 1 Message Filter For Contact Form 7 | 2025-04-30 | 7.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in kofimokome Message Filter for Contact Form 7 allows SQL Injection. This issue affects Message Filter for Contact Form 7: from n/a through 1.6.3.2. | ||||
| CVE-2022-44378 | 1 Automotive Shop Management System Project | 1 Automotive Shop Management System | 2025-04-30 | 7.2 High |
| Automotive Shop Management System v1.0 is vulnerable to SQL via /asms/classes/Master.php?f=delete_mechanic. | ||||
| CVE-2022-44003 | 1 Backclick | 1 Backclick | 2025-04-30 | 9.8 Critical |
| An issue was discovered in BACKCLICK Professional 5.9.63. Due to insufficient escaping of user-supplied input, the application is vulnerable to SQL injection at various locations. | ||||