Export limit exceeded: 364870 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (19783 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-11470 1 Idera 1 Uptime Infrastructure Monitor 2025-04-20 N/A
IDERA Uptime Monitor 7.8 has SQL injection in /gadgets/definitions/uptime.CapacityWhatifGadget/getxenmetrics.php via the element parameter.
CVE-2017-17611 1 Doctor Search Script Project 1 Doctor Search Script 2025-04-20 N/A
Doctor Search Script 1.0 has SQL Injection via the /list city parameter.
CVE-2017-17610 1 E-commerce Mlm Software Project 1 E-commerce Mlm Software 2025-04-20 N/A
E-commerce MLM Software 1.0 has SQL Injection via the service_detail.php pid parameter, event_detail.php eventid parameter, or news_detail.php newid parameter.
CVE-2017-1311 1 Ibm 1 Insights Foundation For Energy 2025-04-20 N/A
IBM Insights Foundation for Energy 2.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 125719.
CVE-2017-3835 1 Cisco 1 Identity Services Engine Software 2025-04-20 N/A
A vulnerability in the sponsor portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to access notices owned by other users, because of SQL Injection. More Information: CSCvb15627. Known Affected Releases: 1.4(0.908).
CVE-2017-11584 1 Finecms 1 Finecms 2025-04-20 N/A
dayrui FineCms 5.0.9 has SQL Injection via the field parameter in an action=module, action=member, action=form, or action=related request to libraries/Template.php.
CVE-2017-14238 1 Dolibarr 1 Dolibarr 2025-04-20 N/A
SQL injection vulnerability in admin/menus/edit.php in Dolibarr ERP/CRM version 6.0.0 allows remote attackers to execute arbitrary SQL commands via the menuId parameter.
CVE-2017-11736 1 Bigtreecms 1 Bigtree Cms 2025-04-20 N/A
SQL injection vulnerability in core\admin\auto-modules\forms\process.php in BigTree 4.2.18 allows remote authenticated users to execute arbitrary SQL commands via the tags array parameter.
CVE-2024-31507 2 Online Graduate Tracer System Project, Tamparongj03 2 Online Graduate Tracer System, Online Graduate Tracer System 2025-04-18 8.6 High
Sourcecodester Online Graduate Tracer System v1.0 is vulnerable to SQL Injection via the "request" parameter in admin/fetch_gendercs.php.
CVE-2023-45503 1 Macs Cms Project 1 Macs Cms 2025-04-18 5.3 Medium
SQL Injection vulnerability in Macrob7 Macs CMS 1.1.4f, allows remote attackers to execute arbitrary code, cause a denial of service (DoS), escalate privileges, and obtain sensitive information via crafted payload to resetPassword, forgotPasswordProcess, saveUser, saveRole, deleteUser, deleteRole, deleteComment, deleteUser, allowComment, saveRole, forgotPasswordProcess, resetPassword, saveUser, addComment, saveRole, and saveUser endpoints.
CVE-2024-50717 1 Smarts-srl 1 Smart Agent 2025-04-18 9.8 Critical
SQL injection vulnerability in Smart Agent v.1.1.0 allows a remote attacker to execute arbitrary code via the client parameter in the /recuperaLog.php component.
CVE-2024-34220 2 Oretnom23, Sourcecodester 2 Human Resource Management System, Human Resource Management System 2025-04-18 7.5 High
Sourcecodester Human Resource Management System 1.0 is vulnerable to SQL Injection via the 'leave' parameter.
CVE-2024-34222 2 Oretnom23, Sourcecodester 2 Human Resource Management System, Human Resource Management System 2025-04-18 5.9 Medium
Sourcecodester Human Resource Management System 1.0 is vulnerable to SQL Injection via the searccountry parameter.
CVE-2022-20518 1 Google 1 Android 2025-04-18 5.5 Medium
In query of MmsSmsProvider.java, there is a possible access to restricted tables due to SQL injection. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-224770203
CVE-2022-20517 1 Google 1 Android 2025-04-18 5.5 Medium
In getMessagesByPhoneNumber of MmsSmsProvider.java, there is a possible access to restricted tables due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-224769956
CVE-2024-57095 1 Go-admin 1 Go-cms 2025-04-18 6.8 Medium
SQL injection vulnerability in Go-CMS v.1.1.10 allows a remote attacker to execute arbitrary code via a crafted payload.
CVE-2025-0950 1 Angeljudesuarez 1 Tailoring Management System 2025-04-18 6.3 Medium
A vulnerability was found in itsourcecode Tailoring Management System 1.0 and classified as critical. This issue affects some unknown processing of the file staffview.php. The manipulation of the argument staffid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-25991 1 Hoosk 1 Hoosk 2025-04-18 5.1 Medium
SQL Injection vulnerability in hooskcms v.1.7.1 allows a remote attacker to obtain sensitive information via the /install/index.php component.
CVE-2024-48177 1 Mrcms 1 Mrcms 2025-04-18 8.8 High
MRCMS 3.1.2 contains a SQL injection vulnerability via the RID parameter in /admin/article/delete.do.
CVE-2024-2592 1 Amss\+\+ Project 1 Amss\+\+ 2025-04-17 8.2 High
Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/modules/person/pic_show.php, in the 'person_id' parameter. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB.