Search Results (19791 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-53504 2 B3log, Siyuan 2 Siyuan, Siyuan 2025-04-14 9.8 Critical
A SQL injection vulnerability has been identified in Siyuan 3.1.11 via the notebook parameter in /searchHistory.
CVE-2024-31545 2 Oretnom23, Sourcecodester 2 Computer Laboratory Management System, Computer Laboratory Management System 2025-04-14 9.4 Critical
Computer Laboratory Management System v1.0 is vulnerable to SQL Injection via the "id" parameter of /admin/?page=user/manage_user&id=6.
CVE-2024-31547 1 Oretnom23 1 Computer Laboratory Management System 2025-04-14 9.1 Critical
Computer Laboratory Management System v1.0 is vulnerable to SQL Injection via the "id" parameter of /admin/item/view_item.php.
CVE-2024-31546 2 Oretnom23, Sourcecodester 2 Computer Laboratory Management System, Computer Laboratory Management System 2025-04-14 9.8 Critical
Computer Laboratory Management System v1.0 is vulnerable to SQL Injection via the "id" parameter of /admin/damage/view_damage.php.
CVE-2023-49989 2 Phpgurukul, Pratham-jaiswal 2 Hotel Booking Management System, Hotel Booking Management System 2025-04-14 9.8 Critical
Hotel Booking Management v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at update.php.
CVE-2023-49988 2 Phpgurukul, Pratham-jaiswal 2 Hotel Booking Management System, Hotel Booking Management System 2025-04-14 7.5 High
Hotel Booking Management v1.0 was discovered to contain a SQL injection vulnerability via the npss parameter at rooms.php.
CVE-2016-6419 1 Cisco 1 Secure Firewall Management Center 2025-04-12 N/A
SQL injection vulnerability in Cisco Firepower Management Center 4.10.3 through 5.4.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCur25485.
CVE-2015-4628 1 Limesurvey 1 Limesurvey 2025-04-12 N/A
SQL injection vulnerability in application/controllers/admin/questiongroups.php in LimeSurvey before 2.06+ Build 150618 allows remote authenticated administrators to execute arbitrary SQL commands via the sid parameter.
CVE-2016-1000120 1 Huge-it 1 Catalog 2025-04-12 N/A
SQLi and XSS in Huge IT catalog extension v1.0.4 for Joomla
CVE-2016-1000119 1 Huge-it 1 Catalog 2025-04-12 N/A
SQLi and XSS in Huge IT catalog extension v1.0.4 for Joomla
CVE-2016-1000118 1 Huge-it 1 Slideshow 2025-04-12 N/A
XSS & SQLi in HugeIT slideshow v1.0.4
CVE-2013-2045 1 Owncloud 1 Owncloud Server 2025-04-12 N/A
SQL injection vulnerability in lib/db.php in ownCloud Server 5.0.x before 5.0.6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
CVE-2015-7784 1 Bokublock 2 Bbadminviewscontrol, Bbadminviewscontrol213 2025-04-12 N/A
SQL injection vulnerability in the BOKUBLOCK (1) BbAdminViewsControl213 plugin before 1.1 and (2) BbAdminViewsControl plugin before 2.1 for EC-CUBE allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
CVE-2014-4424 1 Apple 1 Os X Server 2025-04-12 N/A
SQL injection vulnerability in Wiki Server in CoreCollaboration in Apple OS X Server before 2.2.3 and 3.x before 3.2.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2016-6652 1 Pivotal Software 1 Spring Data Jpa 2025-04-12 N/A
SQL injection vulnerability in Pivotal Spring Data JPA before 1.9.6 (Gosling SR6) and 1.10.x before 1.10.4 (Hopper SR4), when used with a repository that defines a String query using the @Query annotation, allows attackers to execute arbitrary JPQL commands via a sort instance with a function call.
CVE-2015-5504 1 Novalnet 1 Novalnet Payment Module Ubercart- 2025-04-12 N/A
SQL injection vulnerability in the Novalnet Payment Module Ubercart module for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2016-9287 1 Exponentcms 1 Exponent Cms 2025-04-12 N/A
In /framework/modules/notfound/controllers/notfoundController.php of Exponent CMS 2.4.0 patch1, untrusted input is passed into getSearchResults. The method getSearchResults is defined in the search model with the parameter '$term' used directly in SQL. Impact is a SQL injection.
CVE-2012-4240 1 Group-office 1 Groupoffice 2025-04-12 N/A
SQL injection vulnerability in modules/calendar/json.php in Group-Office community before 4.0.90 allows remote authenticated users to execute arbitrary SQL commands via the sort parameter.
CVE-2016-9272 1 Exponentcms 1 Exponent Cms 2025-04-12 N/A
A Blind SQL Injection Vulnerability in Exponent CMS through 2.4.0, with the rerank array parameter, can lead to site database information disclosure and denial of service.
CVE-2011-2944 1 Megalab 1 The Uploader 2025-04-12 N/A
SQL injection vulnerability in login.php in MegaLab The Uploader before 2.0.5 allows remote attackers to execute arbitrary SQL commands via the username parameter.