Total
14138 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-33806 | 1 Campcodes | 1 Complete Web-based School Management System | 2025-03-25 | 9.8 Critical |
| A SQL injection vulnerability in /model/get_grade.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2024-33807 | 1 Campcodes | 1 Complete Web-based School Management System | 2025-03-25 | 5.4 Medium |
| A SQL injection vulnerability in /model/get_teacher_timetable.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the grade parameter. | ||||
| CVE-2024-33808 | 1 Campcodes | 1 Complete Web-based School Management System | 2025-03-25 | 9.8 Critical |
| A SQL injection vulnerability in /model/get_timetable.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2024-33402 | 1 Campcodes | 1 Complete Web-based School Management System | 2025-03-25 | 8.1 High |
| A SQL injection vulnerability in /model/approve_petty_cash.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2023-52155 | 1 Sigb | 1 Pmb | 2025-03-25 | 7.2 High |
| A SQL Injection vulnerability in /admin/sauvegarde/run.php in PMB 7.4.7 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via the sauvegardes variable through the /admin/sauvegarde/run.php endpoint. | ||||
| CVE-2023-52153 | 1 Sigb | 1 Pmb | 2025-03-25 | 9.8 Critical |
| A SQL Injection vulnerability in /pmb/opac_css/includes/sessions.inc.php in PMB 7.4.7 and earlier allows remote unauthenticated attackers to inject arbitrary SQL commands via the PmbOpac-LOGIN cookie value. | ||||
| CVE-2023-51828 | 1 Sigb | 1 Pmb | 2025-03-25 | 9.8 Critical |
| A SQL Injection vulnerability in /admin/convert/export.class.php in PMB 7.4.7 and earlier versions allows remote unauthenticated attackers to execute arbitrary SQL commands via the query parameter in get_next_notice function. | ||||
| CVE-2023-38844 | 1 Sigb | 1 Pmb | 2025-03-25 | 7.5 High |
| SQL injection vulnerability in PMB v.7.4.7 and earlier allows a remote attacker to execute arbitrary code via the thesaurus parameter in export_skos.php. | ||||
| CVE-2023-37177 | 1 Sigb | 1 Pmb | 2025-03-25 | 9.8 Critical |
| SQL Injection vulnerability in PMB Services PMB v.7.4.7 and before allows a remote unauthenticated attacker to execute arbitrary code via the query parameter in the /admin/convert/export_z3950.php endpoint. | ||||
| CVE-2025-22974 | 1 Seacms | 1 Seacms | 2025-03-25 | 9.8 Critical |
| SQL Injection vulnerability in SeaCMS v.13.2 and before allows a remote attacker to execute arbitrary code via the DoTranExecSql parameter in the phome.php component. | ||||
| CVE-2025-2604 | 2025-03-25 | 6.3 Medium | ||
| A vulnerability was found in SourceCodester Kortex Lite Advocate Office Management System 1.0. It has been classified as critical. Affected is an unknown function of the file edit_act.php. The manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-2603 | 2025-03-25 | 6.3 Medium | ||
| A vulnerability was found in SourceCodester Kortex Lite Advocate Office Management System 1.0 and classified as critical. This issue affects some unknown processing of the file deactivate.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-24100 | 1 Code-projects | 1 Computer Book Store | 2025-03-25 | 8.3 High |
| Code-projects Computer Book Store 1.0 is vulnerable to SQL Injection via PublisherID. | ||||
| CVE-2025-26200 | 1 Slims | 1 Slims 9 Bulian | 2025-03-25 | 7.2 High |
| SQL injection in SLIMS v.9.6.1 allows a remote attacker to escalate privileges via the month parameter in the visitor_report_day.php component. | ||||
| CVE-2011-10003 | 1 Xpressengine | 1 Xpressengine | 2025-03-25 | 5.5 Medium |
| A vulnerability was found in XpressEngine up to 1.4.4. It has been rated as critical. This issue affects some unknown processing of the component Update Query Handler. The manipulation leads to sql injection. Upgrading to version 1.4.5 is able to address this issue. The patch is named c6e94449f21256d6362450b29c7847305e756ad5. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-220247. | ||||
| CVE-2025-2682 | 1 Anujkumar | 1 Bank Locker Management System | 2025-03-25 | 7.3 High |
| A vulnerability classified as critical has been found in PHPGurukul Bank Locker Management System 1.0. This affects an unknown part of the file /edit-subadmin.php?said=3. The manipulation of the argument mobilenumber leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-30212 | 2025-03-25 | N/A | ||
| Frappe is a full-stack web application framework. An SQL Injection vulnerability has been identified in Frappe Framework prior to versions 14.89.0 and 15.51.0 which could allow a malicious actor to access sensitive information. Versions 14.89.0 and 15.51.0 fix the issue. Upgrading is required; no other workaround is present. | ||||
| CVE-2024-42533 | 2025-03-25 | 9.8 Critical | ||
| SQL injection vulnerability in the authentication module in Convivance StandVoice 4.5 through 6.2 allows remote attackers to execute arbitrary code via the GEST_LOGIN parameter. | ||||
| CVE-2022-45526 | 1 Institutional Management Website Project | 1 Institutional Management Website | 2025-03-25 | 9.8 Critical |
| SQL Injection vulnerability in Future-Depth Institutional Management Website (IMS) 1.0, allows attackers to execute arbitrary commands via the ad parameter to /admin_area/login_transfer.php. | ||||
| CVE-2024-3039 | 2 Shanghai Brad Technology Bladex Project, Shanghi Brad Technology | 2 Shanghai Brad Technology Bladex, Bladex | 2025-03-25 | 6.3 Medium |
| A vulnerability classified as critical has been found in Shanghai Brad Technology BladeX 3.4.0. Affected is an unknown function of the file /api/blade-user/export-user of the component API. The manipulation with the input updatexml(1,concat(0x3f,md5(123456),0x3f),1)=1 leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-258426 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||