Total
14138 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-24221 | 1 Luckyframe | 1 Luckyframeweb | 2025-03-18 | 9.8 Critical |
| LuckyframeWEB v3.5 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /system/DeptMapper.xml. | ||||
| CVE-2023-24220 | 1 Luckyframe | 1 Luckyframeweb | 2025-03-18 | 9.8 Critical |
| LuckyframeWEB v3.5 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /system/RoleMapper.xml. | ||||
| CVE-2023-24219 | 1 Luckyframe | 1 Luckyframeweb | 2025-03-18 | 9.8 Critical |
| LuckyframeWEB v3.5 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /system/UserMapper.xml. | ||||
| CVE-2023-23279 | 1 Canteen Management System Project | 1 Canteen Management System | 2025-03-18 | 9.8 Critical |
| Canteen Management System 1.0 is vulnerable to SQL Injection via /php_action/getOrderReport.php. | ||||
| CVE-2024-12245 | 2025-03-18 | N/A | ||
| Logout functionality contains a blind SQL injection that can be exploited by unauthenticated attackers. Using a time-based blind SQLi technique the attacker can disclose all database contents. Account takeover is a potential outcome depending on the presence or lack thereof entries in certain database tables. | ||||
| CVE-2024-54447 | 2025-03-18 | N/A | ||
| Saved search functionality contains a blind SQL injection that can be exploited by authenticated attackers. Using a time-based blind SQLi technique the attacker can disclose all database contents. Account takeover is a potential outcome depending on the presence or lack thereof entries in certain database tables. | ||||
| CVE-2025-2391 | 2025-03-18 | 7.3 High | ||
| A vulnerability classified as critical was found in code-projects Blood Bank Management System 1.0. This vulnerability affects unknown code of the file /admin/admin_login.php of the component Admin Login Page. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-2392 | 2025-03-18 | 4.7 Medium | ||
| A vulnerability, which was classified as critical, has been found in code-projects Online Class and Exam Scheduling System 1.0. This issue affects some unknown processing of the file /pages/activate.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-2200 | 2025-03-18 | N/A | ||
| SQL injection vulnerability in the IcProgreso Innovación y Cualificación plugin. This vulnerability allows an attacker to obtain, update and delete data from the database by injecting an SQL query on the parameters user, id, idGroup, start_date and end_date in the endpoint /report/icprogreso/generar_blocks.php. | ||||
| CVE-2025-25914 | 2025-03-18 | 9.8 Critical | ||
| SQL injection vulnerability in Online Exam Mastering System v.1.0 allows a remote attacker to execute arbitrary code via the fid parameter | ||||
| CVE-2023-23007 | 1 Ecisp | 1 Espcms | 2025-03-18 | 7.2 High |
| An issue was discovered in ESPCMS P8.21120101 after logging in to the background, there is a SQL injection vulnerability in the function node where members are added. | ||||
| CVE-2022-40347 | 1 Intern Record System Project | 1 Intern Record System | 2025-03-18 | 9.8 Critical |
| SQL Injection vulnerability in Intern Record System version 1.0 in /intern/controller.php in 'phone', 'email', 'deptType' and 'name' parameters, allows attackers to execute arbitrary code and gain sensitive information. | ||||
| CVE-2022-40032 | 1 Simple Task Managing System Project | 1 Simple Task Managing System | 2025-03-18 | 9.8 Critical |
| SQL Injection vulnerability in Simple Task Managing System version 1.0 in login.php in 'username' and 'password' parameters, allows attackers to execute arbitrary code and gain sensitive information. | ||||
| CVE-2025-26976 | 2025-03-18 | 8.5 High | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Aldo Latino PrivateContent. This issue affects PrivateContent: from n/a through 8.11.4. | ||||
| CVE-2024-0709 | 1 Coolplugins | 1 Cryptocurrency Widgets | 2025-03-18 | 9.8 Critical |
| The Cryptocurrency Widgets – Price Ticker & Coins List plugin for WordPress is vulnerable to SQL Injection via the 'coinslist' parameter in versions 2.0 to 2.6.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | ||||
| CVE-2025-2393 | 2025-03-18 | 4.7 Medium | ||
| A vulnerability, which was classified as critical, was found in code-projects Online Class and Exam Scheduling System 1.0. Affected is an unknown function of the file /pages/salut_del.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-2390 | 2025-03-18 | 6.3 Medium | ||
| A vulnerability classified as critical has been found in code-projects Blood Bank Management System 1.0. This affects an unknown part of the file /user_dashboard/add_donor.php. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-54929 | 1 Lopalopa | 1 E-learning Management System | 2025-03-18 | 7.2 High |
| KASHIPARA E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_subject.php. | ||||
| CVE-2024-46535 | 1 Jepass | 1 Jepass | 2025-03-18 | 9.8 Critical |
| Jepaas v7.2.8 was discovered to contain a SQL injection vulnerability via the orderSQL parameter at /homePortal/loadUserMsg. | ||||
| CVE-2012-5853 | 1 Vinojcardoza | 1 Ajax Post Search | 2025-03-18 | N/A |
| SQL injection vulnerability in the "the_search_function" function in cardoza_ajax_search.php in the AJAX Post Search (cardoza-ajax-search) plugin before 1.3 for WordPress allows remote attackers to execute arbitrary SQL commands via the srch_txt parameter in a "the_search_text" action to wp-admin/admin-ajax.php. | ||||