Total
14138 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-3085 | 1 Phpgurukul | 1 Emergency Ambulance Hiring Portal | 2025-03-25 | 7.3 High |
| A vulnerability classified as critical has been found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. Affected is an unknown function of the file /admin/login.php of the component Admin Login Page. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-258678 is the identifier assigned to this vulnerability. | ||||
| CVE-2025-2740 | 2025-03-25 | 7.3 High | ||
| A vulnerability classified as critical has been found in PHPGurukul Old Age Home Management System 1.0. Affected is an unknown function of the file /admin/eligibility.php. The manipulation of the argument pagetitle leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-44903 | 2025-03-25 | 7.5 High | ||
| SQL Injection can occur in the SirsiDynix Horizon Information Portal (IPAC20) through 3.25_9382; however, a patch is available from the vendor. This is in ipac.jsp in a SELECT WHERE statement, in a part of the uri= variable in the second part of the full= inner variable. | ||||
| CVE-2024-3552 | 1 Salephpscripts | 1 Web Directory Free | 2025-03-25 | 9.8 Critical |
| The Web Directory Free WordPress plugin before 1.7.0 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection with different techniques like UNION, Time-Based and Error-Based. | ||||
| CVE-2025-2734 | 2025-03-25 | 7.3 High | ||
| A vulnerability, which was classified as critical, was found in PHPGurukul Old Age Home Management System 1.0. Affected is an unknown function of the file /admin/aboutus.php. The manipulation of the argument pagetitle leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-2735 | 2025-03-25 | 7.3 High | ||
| A vulnerability has been found in PHPGurukul Old Age Home Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/add-services.php. The manipulation of the argument sertitle leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-26852 | 2025-03-25 | 4.3 Medium | ||
| DESCOR INFOCAD 3.5.1 and before and fixed in v.3.5.2.0 allows SQL Injection. | ||||
| CVE-2024-53678 | 2025-03-25 | N/A | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache VCL. Users can modify form data submitted when requesting a new Block Allocation such that a SELECT SQL statement is modified. The data returned by the SELECT statement is not viewable by the attacker. This issue affects all versions of Apache VCL from 2.2 through 2.5.1. Users are recommended to upgrade to version 2.5.2, which fixes the issue. | ||||
| CVE-2025-2739 | 2025-03-25 | 7.3 High | ||
| A vulnerability was found in PHPGurukul Old Age Home Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/manage-services.php. The manipulation of the argument sertitle leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-2738 | 2025-03-25 | 7.3 High | ||
| A vulnerability was found in PHPGurukul Old Age Home Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/manage-scdetails.php. The manipulation of the argument namesc leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-2737 | 2025-03-25 | 7.3 High | ||
| A vulnerability was found in PHPGurukul Old Age Home Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/contactus.php. The manipulation of the argument pagetitle leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-2736 | 2025-03-25 | 7.3 High | ||
| A vulnerability was found in PHPGurukul Old Age Home Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/bwdates-report-details.php. The manipulation of the argument fromdate leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | ||||
| CVE-2022-45089 | 1 Gruparge | 1 Smartpower Web | 2025-03-24 | 8.8 High |
| Improper Input Validation vulnerability in Group Arge Energy and Control Systems Smartpower Web allows SQL Injection.This issue affects Smartpower Web: before 23.01.01. | ||||
| CVE-2022-45090 | 1 Gruparge | 1 Smartpower Web | 2025-03-24 | 8.8 High |
| Improper Input Validation vulnerability in Group Arge Energy and Control Systems Smartpower Web allows SQL Injection.This issue affects Smartpower Web: before 23.01.01. | ||||
| CVE-2023-24685 | 1 Churchcrm | 1 Churchcrm | 2025-03-24 | 7.2 High |
| ChurchCRM v4.5.3 and below was discovered to contain a SQL injection vulnerability via the Event parameter under the Event Attendance reports module. | ||||
| CVE-2023-24684 | 1 Churchcrm | 1 Churchcrm | 2025-03-24 | 7.2 High |
| ChurchCRM v4.5.3 and below was discovered to contain a SQL injection vulnerability via the EID parameter at GetText.php. | ||||
| CVE-2023-0758 | 1 Jfinaloa Project | 1 Jfinaloa | 2025-03-24 | 6.3 Medium |
| A vulnerability was found in glorylion JFinalOA 1.0.2 and classified as critical. This issue affects some unknown processing of the file src/main/java/com/pointlion/mvc/common/model/SysOrg.java. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-220469 was assigned to this vulnerability. | ||||
| CVE-2022-4557 | 1 Gruparge | 1 Smartpower | 2025-03-24 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Group Arge Energy and Control Systems Smartpower Web allows SQL Injection.This issue affects Smartpower Web: before 23.01.01. | ||||
| CVE-2025-29641 | 2025-03-24 | 7.3 High | ||
| Phpgurukul Vehicle Record Management System v1.0 is vulnerable to SQL Injection in /index.php via the 'searchinputdata' parameter. | ||||
| CVE-2025-29640 | 2025-03-24 | 5.4 Medium | ||
| Phpgurukul Human Metapneumovirus (HMPV) – Testing Management System v1.0 is vulnerable to SQL Injection in /patient-report.php via the parameter searchdata.. | ||||