Export limit exceeded: 349838 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 349838 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 349838 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (18950 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-31547 | 1 Oretnom23 | 1 Computer Laboratory Management System | 2025-04-14 | 9.1 Critical |
| Computer Laboratory Management System v1.0 is vulnerable to SQL Injection via the "id" parameter of /admin/item/view_item.php. | ||||
| CVE-2024-31546 | 2 Oretnom23, Sourcecodester | 2 Computer Laboratory Management System, Computer Laboratory Management System | 2025-04-14 | 9.8 Critical |
| Computer Laboratory Management System v1.0 is vulnerable to SQL Injection via the "id" parameter of /admin/damage/view_damage.php. | ||||
| CVE-2023-49989 | 2 Phpgurukul, Pratham-jaiswal | 2 Hotel Booking Management System, Hotel Booking Management System | 2025-04-14 | 9.8 Critical |
| Hotel Booking Management v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at update.php. | ||||
| CVE-2023-49988 | 2 Phpgurukul, Pratham-jaiswal | 2 Hotel Booking Management System, Hotel Booking Management System | 2025-04-14 | 7.5 High |
| Hotel Booking Management v1.0 was discovered to contain a SQL injection vulnerability via the npss parameter at rooms.php. | ||||
| CVE-2015-2199 | 1 Wonderplugin | 1 Audio Player | 2025-04-12 | N/A |
| Multiple SQL injection vulnerabilities in the WonderPlugin Audio Player plugin before 2.1 for WordPress allow (1) remote authenticated users to execute arbitrary SQL commands via the item[id] parameter in a wonderplugin_audio_save_item action to wp-admin/admin-ajax.php or remote administrators to execute arbitrary SQL commands via the itemid parameter in the (2) wonderplugin_audio_show_item, (3) wonderplugin_audio_show_items, or (4) wonderplugin_audio_edit_item page to wp-admin/admin.php. | ||||
| CVE-2014-2318 | 1 Atcom | 1 Netvolution | 2025-04-12 | N/A |
| SQL injection vulnerability in ATCOM Netvolution 3 allows remote attackers to execute arbitrary SQL commands via the m parameter. | ||||
| CVE-2013-2945 | 1 B2evolution | 1 B2evolution | 2025-04-12 | N/A |
| SQL injection vulnerability in blogs/admin.php in b2evolution before 4.1.7 allows remote authenticated administrators to execute arbitrary SQL commands via the show_statuses[] parameter. NOTE: this can be leveraged using CSRF to allow remote unauthenticated attackers to execute arbitrary SQL commands. | ||||
| CVE-2016-9864 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-12 | N/A |
| An issue was discovered in phpMyAdmin. With a crafted username or a table name, it was possible to inject SQL statements in the tracking functionality that would run with the privileges of the control user. This gives read and write access to the tables of the configuration storage database, and if the control user has the necessary privileges, read access to some tables of the MySQL database. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. | ||||
| CVE-2016-9481 | 1 Exponentcms | 1 Exponent Cms | 2025-04-12 | N/A |
| In framework/modules/core/controllers/expCommentController.php of Exponent CMS 2.4.0, content_id input is passed into showComments. The method showComments is defined in the expCommentControllercontroller with the parameter '$this->params['content_id']' used directly in SQL. Impact is a SQL injection. | ||||
| CVE-2016-9288 | 1 Exponentcms | 1 Exponent Cms | 2025-04-12 | N/A |
| In framework/modules/navigation/controllers/navigationController.php in Exponent CMS v2.4.0 or older, the parameter "target" of function "DragnDropReRank" is directly used without any filtration which caused SQL injection. The payload can be used like this: /navigation/DragnDropReRank/target/1. | ||||
| CVE-2016-9287 | 1 Exponentcms | 1 Exponent Cms | 2025-04-12 | N/A |
| In /framework/modules/notfound/controllers/notfoundController.php of Exponent CMS 2.4.0 patch1, untrusted input is passed into getSearchResults. The method getSearchResults is defined in the search model with the parameter '$term' used directly in SQL. Impact is a SQL injection. | ||||
| CVE-2016-9283 | 1 Exponentcms | 1 Exponent Cms | 2025-04-12 | N/A |
| SQL Injection in framework/core/subsystems/expRouter.php in Exponent CMS v2.4.0 allows remote attackers to read database information via address/addContentToSearch/id/ and a trailing string, related to a "sef URL" issue. | ||||
| CVE-2016-9282 | 1 Exponentcms | 1 Exponent Cms | 2025-04-12 | N/A |
| SQL Injection in framework/modules/search/controllers/searchController.php in Exponent CMS v2.4.0 allows remote attackers to read database information via action=search&module=search with the search_string parameter. | ||||
| CVE-2016-9272 | 1 Exponentcms | 1 Exponent Cms | 2025-04-12 | N/A |
| A Blind SQL Injection Vulnerability in Exponent CMS through 2.4.0, with the rerank array parameter, can lead to site database information disclosure and denial of service. | ||||
| CVE-2016-9242 | 1 Exponentcms | 1 Exponent Cms | 2025-04-12 | N/A |
| Multiple SQL injection vulnerabilities in the update method in framework/modules/core/controllers/expRatingController.php in Exponent CMS 2.4.0 allow remote authenticated users to execute arbitrary SQL commands via the (1) content_type or (2) subtype parameter. | ||||
| CVE-2016-9135 | 1 Exponentcms | 1 Exponent Cms | 2025-04-12 | N/A |
| Exponent CMS 2.3.9 suffers from a SQL injection vulnerability in "/framework/modules/help/controllers/helpController.php" affecting the version parameter. Impact is Information Disclosure. | ||||
| CVE-2016-9134 | 1 Exponentcms | 1 Exponent Cms | 2025-04-12 | N/A |
| Exponent CMS 2.3.9 suffers from a SQL injection vulnerability in "/expPaginator.php" affecting the order parameter. Impact is Information Disclosure. | ||||
| CVE-2016-8908 | 1 Dotcms | 1 Dotcms | 2025-04-12 | N/A |
| SQL injection vulnerability in the "Site Browser > HTML pages" screen in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the orderby parameter. | ||||
| CVE-2016-8907 | 1 Dotcms | 1 Dotcms | 2025-04-12 | N/A |
| SQL injection vulnerability in the "Content Types > Content Types" screen in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the orderby parameter. | ||||
| CVE-2016-8906 | 1 Dotcms | 1 Dotcms | 2025-04-12 | N/A |
| SQL injection vulnerability in the "Site Browser > Links pages" screen in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the orderby parameter. | ||||