Total
14138 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-2332 | 1 Oretnom23 | 1 Online Mobile Store Management System | 2025-02-18 | 6.3 Medium |
| A vulnerability was found in SourceCodester Online Mobile Management Store 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/maintenance/manage_category.php of the component HTTP GET Request Handler. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256283. | ||||
| CVE-2022-38922 | 1 Iss-oberlausitz | 1 Bluepage Cms | 2025-02-18 | 9.8 Critical |
| BluePage CMS thru 3.9 processes an insufficiently sanitized HTTP Header Cookie value allowing MySQL Injection in the 'users-cookie-settings' token using a Time-based blind SLEEP payload. | ||||
| CVE-2024-2168 | 1 Mayurik | 1 Online Tours \& Travels Management System | 2025-02-18 | 4.7 Medium |
| A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/operations/expense_category.php of the component HTTP POST Request Handler. The manipulation of the argument status leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-255678 is the identifier assigned to this vulnerability. | ||||
| CVE-2025-22290 | 2025-02-18 | 9.3 Critical | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in enituretechnology LTL Freight Quotes – FreightQuote Edition allows SQL Injection. This issue affects LTL Freight Quotes – FreightQuote Edition: from n/a through 2.3.11. | ||||
| CVE-2025-1389 | 2025-02-18 | 8.8 High | ||
| Orca HCM from Learning Digital has a SQL Injection vulnerability, allowing attackers with regular privileges to inject arbitrary SQL commands to read, modify, and delete database contents. | ||||
| CVE-2025-25221 | 2025-02-18 | N/A | ||
| The LuxCal Web Calendar prior to 5.3.3M (MySQL version) and prior to 5.3.3L (SQLite version) contains an SQL injection vulnerability in pdf.php. If this vulnerability is exploited, information in a database may be deleted, altered, or retrieved. | ||||
| CVE-2025-25994 | 2025-02-18 | 7.5 High | ||
| SQL Injection vulnerability in FeMiner wms wms 1.0 allows a remote attacker to obtain sensitive information via the parameters date1, date2, id. | ||||
| CVE-2025-26348 | 2025-02-17 | 5.5 Medium | ||
| A CWE-89 "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')" in maxprofile/menu/model.lua (editUserMenu endpoint) in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to execute arbitrary SQL commands via crafted HTTP requests. | ||||
| CVE-2025-26346 | 2025-02-17 | 5.5 Medium | ||
| A CWE-89 "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')" in maxprofile/menu/model.lua (editUserGroupMenu endpoint) in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to execute arbitrary SQL commands via crafted HTTP requests. | ||||
| CVE-2025-26157 | 2025-02-14 | 5.9 Medium | ||
| A SQL Injection vulnerability was found in /bpms/index.php in Source Code and Project Beauty Parlour Management System V1.1, which allows remote attackers to execute arbitrary code via the name POST request parameter. | ||||
| CVE-2025-25991 | 2025-02-14 | 5.1 Medium | ||
| SQL Injection vulnerability in hooskcms v.1.7.1 allows a remote attacker to obtain sensitive information via the /install/index.php component. | ||||
| CVE-2025-25355 | 1 Phpgurukul | 1 Land Record System | 2025-02-14 | 7.2 High |
| A SQL Injection vulnerability was found in /admin/bwdates-reports-details.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the fromdate POST request parameter. | ||||
| CVE-2022-38923 | 1 Iss-oberlausitz | 1 Bluepage Cms | 2025-02-14 | 9.8 Critical |
| BluePage CMS thru v3.9 processes an insufficiently sanitized HTTP Header allowing MySQL Injection in the 'User-Agent' field using a Time-based blind SLEEP payload. | ||||
| CVE-2025-25352 | 1 Phpgurukul | 1 Land Record System | 2025-02-14 | 7.2 High |
| A SQL Injection vulnerability was found in /admin/aboutus.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the pagetitle POST request parameter. | ||||
| CVE-2025-25354 | 1 Phpgurukul | 1 Land Record System | 2025-02-14 | 7.2 High |
| A SQL Injection was found in /admin/admin-profile.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the contactnumber POST request parameter. | ||||
| CVE-2025-25356 | 1 Phpgurukul | 1 Land Record System | 2025-02-14 | 7.2 High |
| A SQL Injection vulnerability was found in /admin/bwdates-reports-details.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the " todate" POST request parameter. | ||||
| CVE-2025-25357 | 1 Phpgurukul | 1 Land Record System | 2025-02-14 | 7.2 High |
| A SQL Injection vulnerability was found in /admin/contactus.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the email POST request parameter. | ||||
| CVE-2025-25351 | 1 Phpgurukul | 1 Daily Expense Tracker System | 2025-02-14 | 9.8 Critical |
| PHPGurukul Daily Expense Tracker System v1.1 is vulnerable to SQL Injection in /dets/add-expense.php via the dateexpense parameter. | ||||
| CVE-2024-3087 | 1 Phpgurukul | 1 Emergency Ambulance Hiring Portal | 2025-02-14 | 7.3 High |
| A vulnerability, which was classified as critical, has been found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. Affected by this issue is some unknown functionality of the file ambulance-tracking.php of the component Ambulance Tracking Page. The manipulation of the argument searchdata leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258680. | ||||
| CVE-2025-26156 | 2025-02-14 | 8.8 High | ||
| A SQL Injection vulnerability was found in /shopping/track-orders.php in PHPGurukul Online Shopping Portal v2.1, which allows remote attackers to execute arbitrary code via orderid POST request parameter. | ||||