Total
14138 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-2831 | 2025-03-27 | 6.3 Medium | ||
| A vulnerability has been found in mingyuefusu 明月复苏 tushuguanlixitong 图书管理系统 up to d4836f6b49cd0ac79a4021b15ce99ff7229d4694 and classified as critical. This vulnerability affects the function getBookList of the file /admin/bookList?page=1&limit=10. The manipulation of the argument condition leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-0723 | 1 Metagauss | 1 Profilegrid | 2025-03-27 | 6.5 Medium |
| The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to blind and time-based SQL Injections via the rid and search parameters in all versions up to, and including, 5.9.4.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | ||||
| CVE-2025-2625 | 1 Westboy | 1 Cicadascms | 2025-03-27 | 6.3 Medium |
| A vulnerability classified as critical has been found in westboy CicadasCMS 1.0. This affects an unknown part of the file /system/cms/content/page. The manipulation of the argument orderField/orderDirection leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-42913 | 1 Ruoyi | 1 Ruoyi | 2025-03-26 | 5.4 Medium |
| RuoYi CMS v4.7.9 was discovered to contain a SQL injection vulnerability via the job_id parameter at /sasfs1. | ||||
| CVE-2024-33164 | 1 J2eefast | 1 J2eefast | 2025-03-26 | 9.8 Critical |
| J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the authUserList() function. | ||||
| CVE-2023-41014 | 1 Code-projects | 1 Online Job Portal | 2025-03-26 | 9.8 Critical |
| code-projects.org Online Job Portal 1.0 is vulnerable to SQL Injection via the Username parameter for "Employer." | ||||
| CVE-2024-25217 | 1 Oretnom23 | 1 Online Medicine Ordering System | 2025-03-26 | 9.8 Critical |
| Online Medicine Ordering System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /omos/?p=products/view_product. | ||||
| CVE-2024-25227 | 1 Abocms | 1 Abo.cms | 2025-03-26 | 6.5 Medium |
| SQL Injection vulnerability in ABO.CMS version 5.8, allows remote attackers to execute arbitrary code, cause a denial of service (DoS), escalate privileges, and obtain sensitive information via the tb_login parameter in admin login page. | ||||
| CVE-2022-48114 | 1 Ruoyi | 1 Ruoyi | 2025-03-26 | 9.8 Critical |
| RuoYi up to v4.7.5 was discovered to contain a SQL injection vulnerability via the component /tool/gen/createTable. | ||||
| CVE-2022-48082 | 1 Easyone | 1 Easyone Crm | 2025-03-26 | 9.8 Critical |
| Easyone CRM v5.50.02 was discovered to contain a SQL Injection vulnerability via the text parameter at /Services/Misc.asmx/SearchTag. | ||||
| CVE-2022-45589 | 1 Talend | 1 Esb Runtime | 2025-03-26 | 7.2 High |
| All versions before 8.0.1-R2022-10-RT and 7.3.1-R2022-09-RT of the Talend ESB Runtime are potentially vulnerable to SQL Injection attacks in the provisioning service only. Users of the provisioning service should upgrade to either 8.0.1-R2022-10-RT or 7.3.1-R2022-09-RT or a later release and use it in place of the previous version. | ||||
| CVE-2021-37316 | 1 Asus | 2 Rt-ac68u, Rt-ac68u Firmware | 2025-03-26 | 7.5 High |
| SQL injection vulnerability in Cloud Disk in ASUS RT-AC68U router firmware version before 3.0.0.4.386.41634 allows remote attackers to view sensitive information via /etc/shadow. | ||||
| CVE-2025-2624 | 1 Westboy | 1 Cicadascms | 2025-03-26 | 6.3 Medium |
| A vulnerability was found in westboy CicadasCMS 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /system/cms/content/save. The manipulation of the argument content/fujian/laiyuan leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2021-36433 | 1 Jocms Project | 1 Jocms | 2025-03-26 | 9.1 Critical |
| SQL injection vulnerability in jocms 0.8 allows remote attackers to run arbitrary SQL commands and view sentivie information via jo_delete_mask function in jocms/apps/mask/mask.php. | ||||
| CVE-2021-36432 | 1 Jocms Project | 1 Jocms | 2025-03-26 | 7.5 High |
| SQL injection vulnerability in jocms 0.8 allows remote attackers to run arbitrary SQL commands and view sentivie information via jo_set_mask() function in jocms/apps/mask/mask.php. | ||||
| CVE-2021-36431 | 1 Jocms Project | 1 Jocms | 2025-03-26 | 9.1 Critical |
| SQL injection vulnerability in jocms 0.8 allows remote attackers to run arbitrary SQL commands and view sentivie information via jo_json_check() function in jocms/apps/mask/inc/mask.php. | ||||
| CVE-2025-30217 | 2025-03-26 | N/A | ||
| Frappe is a full-stack web application framework. Prior to versions 14.93.2 and 15.55.0, a SQL Injection vulnerability has been identified in Frappe Framework which could allow a malicious actor to access sensitive information. Versions 14.93.2 and 15.55.0 contain a patch for the issue. No known workarounds are available. | ||||
| CVE-2021-36484 | 1 Jizhicms | 1 Jizhicms | 2025-03-26 | 9.8 Critical |
| SQL injection vulnerability in JIZHICMS 1.9.5 allows attackers to run arbitrary SQL commands via add or edit article page. | ||||
| CVE-2021-36434 | 1 Jocms Project | 1 Jocms | 2025-03-26 | 9.1 Critical |
| SQL injection vulnerability in jocms 0.8 allows remote attackers to run arbitrary SQL commands and view sentivie information via jo_json_check function in jocms/apps/mask/inc/getmask.php. | ||||
| CVE-2023-23948 | 1 Owncloud | 1 Owncloud Client | 2025-03-26 | 6.2 Medium |
| The ownCloud Android app allows ownCloud users to access, share, and edit files and folders. Version 2.21.1 of the ownCloud Android app is vulnerable to SQL injection in `FileContentProvider.kt`. This issue can lead to information disclosure. Two databases, `filelist` and `owncloud_database`, are affected. In version 3.0, the `filelist` database was deprecated. However, injections affecting `owncloud_database` remain relevant as of version 3.0. | ||||