Total
14138 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-1702 | 2025-03-05 | 7.5 High | ||
| The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the 'search' parameter in all versions up to, and including, 2.10.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | ||||
| CVE-2024-12097 | 2025-03-05 | 9.8 Critical | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Boceksoft Informatics E-Travel allows SQL Injection.This issue affects E-Travel: before 15.12.2024. | ||||
| CVE-2024-50706 | 2025-03-04 | 9.8 Critical | ||
| Unauthenticated SQL injection vulnerability in Uniguest Tripleplay before 24.2.1 allows remote attackers to execute arbitrary SQL queries on the backend database. | ||||
| CVE-2025-1954 | 2025-03-04 | 7.3 High | ||
| A vulnerability was found in PHPGurukul Human Metapneumovirus Testing Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /login.php. The manipulation of the argument username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2023-1050 | 1 Askoc | 1 Web Report System | 2025-03-04 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in As Koc Energy Web Report System allows SQL Injection.This issue affects Web Report System: before 23.03.10. | ||||
| CVE-2025-1952 | 2025-03-04 | 7.3 High | ||
| A vulnerability, which was classified as critical, was found in PHPGurukul Restaurant Table Booking System 1.0. Affected is an unknown function of the file /admin/password-recovery.php. The manipulation of the argument username/mobileno leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-3698 | 1 Campcodes | 1 House Rental Management System | 2025-03-04 | 6.3 Medium |
| A vulnerability was found in Campcodes House Rental Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file manage_payment.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-260485 was assigned to this vulnerability. | ||||
| CVE-2024-3696 | 1 Campcodes | 1 House Rental Management System | 2025-03-04 | 6.3 Medium |
| A vulnerability was found in Campcodes House Rental Management System 1.0 and classified as critical. This issue affects some unknown processing of the file view_payment.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-260483. | ||||
| CVE-2024-3697 | 1 Campcodes | 1 House Rental Management System | 2025-03-04 | 6.3 Medium |
| A vulnerability was found in Campcodes House Rental Management System 1.0. It has been classified as critical. Affected is an unknown function of the file manage_tenant.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-260484. | ||||
| CVE-2023-7100 | 1 Phpgurukul | 1 Restaurant Table Booking System | 2025-03-04 | 6.3 Medium |
| A vulnerability, which was classified as critical, was found in PHPGurukul Restaurant Table Booking System 1.0. Affected is an unknown function of the file /admin/bwdates-report-details.php. The manipulation of the argument fdate/tdate leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2023-3694 | 1 Sourcecodester House Rental And Property Listing Project | 1 House Rental And Property Listing | 2025-03-04 | 6.3 Medium |
| A vulnerability, which was classified as critical, has been found in SourceCodester/projectworlds House Rental and Property Listing 1.0. This issue affects some unknown processing of the file /index.php. The manipulation of the argument keywords/location leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-5314 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2025-03-04 | 9.1 Critical |
| Vulnerabilities in Dolibarr ERP - CRM that affect version 9.0.1 and allow SQL injection. These vulnerabilities could allow a remote attacker to send a specially crafted SQL query to the system and retrieve all the information stored in the database through the parameters sortorder y sortfield in /dolibarr/admin/dict.php. | ||||
| CVE-2024-5315 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2025-03-04 | 9.1 Critical |
| Vulnerabilities in Dolibarr ERP - CRM that affect version 9.0.1 and allow SQL injection. These vulnerabilities could allow a remote attacker to send a specially crafted SQL query to the system and retrieve all the information stored in the database through the parameters viewstatut in /dolibarr/commande/list.php. | ||||
| CVE-2025-1321 | 2025-03-04 | 6.5 Medium | ||
| The teachPress plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the 'tpsearch' shortcode in all versions up to, and including, 9.0.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | ||||
| CVE-2024-9149 | 2025-03-04 | 8.6 High | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Wind Media E-Commerce Website Template allows SQL Injection.This issue affects E-Commerce Website Template: before v1.5. | ||||
| CVE-2025-1906 | 2025-03-04 | 4.7 Medium | ||
| A vulnerability has been found in PHPGurukul Restaurant Table Booking System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/profile.php. The manipulation of the argument mobilenumber leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | ||||
| CVE-2023-26922 | 1 Variscite | 1 Matrix-gui | 2025-03-04 | 9.8 Critical |
| SQL injection vulnerability found in Varisicte matrix-gui v.2 allows a remote attacker to execute arbitrary code via the shell_exect parameter to the \www\pages\matrix-gui-2.0 endpoint. | ||||
| CVE-2025-22211 | 2025-03-04 | 3.4 Low | ||
| A SQL injection vulnerability in the JoomShopping component versions 1.0.0-1.4.3 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands in the country management area in backend. | ||||
| CVE-2025-1812 | 2025-03-03 | 6.3 Medium | ||
| A vulnerability classified as critical has been found in zj1983 zz up to 2024-08. Affected is the function GetUserOrg of the file com/futvan/z/framework/core/SuperZ.java. The manipulation of the argument userId leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-1811 | 2025-03-03 | 7.3 High | ||
| A vulnerability was found in AT Software Solutions ATSVD up to 3.4.1. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /login.aspx of the component Login Endpoint. The manipulation of the argument txtUsuario leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.4.2 is able to address this issue. It is recommended to upgrade the affected component. | ||||