Export limit exceeded: 18774 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (18774 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-25076 | 1 Anchore | 1 Anchore | 2026-04-15 | 7.3 High |
| Anchore Enterprise versions before 5.25.1 contain an SQL injection vulnerability in the GraphQL Reports API. An authenticated attacker that is able to access the GraphQL API could execute arbitrary SQL instructions resulting in modifications to the data contained in the Anchore Enterprise database. | ||||
| CVE-2019-25537 | 1 Netartmedia | 1 Event Portal | 2026-04-15 | 8.2 High |
| Netartmedia Event Portal 2.0 contains a time-based blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the Email parameter. Attackers can send POST requests to loginaction.php with malicious SQL payloads in the Email field to extract sensitive database information. | ||||
| CVE-2019-25530 | 1 Hotel-booking-script | 1 Uhotelbooking System | 2026-04-15 | 8.2 High |
| uHotelBooking System contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the system_page GET parameter. Attackers can send crafted requests to index.php with malicious system_page values using time-based blind SQL injection techniques to extract sensitive database information. | ||||
| CVE-2019-25486 | 1 Varient | 1 Varient Sql Inj. | 2026-04-15 | 8.2 High |
| Varient 1.6.1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the user_id parameter. Attackers can submit POST requests with crafted SQL payloads in the user_id field to bypass authentication and extract sensitive database information. | ||||
| CVE-2019-25473 | 1 Softwebinternational | 1 Clinic Pro | 2026-04-15 | 7.1 High |
| Clinic Pro contains a SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the month parameter. Attackers can send POST requests to the monthly_expense_overview endpoint with crafted month values using boolean-based blind, time-based blind, or error-based SQL injection techniques to extract sensitive database information. | ||||
| CVE-2019-25481 | 1 Iscripts | 1 Reservelogic | 2026-04-15 | 8.2 High |
| iScripts ReserveLogic contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the jqSearchDestination parameter. Attackers can send POST requests to the search endpoint with crafted SQL payloads to extract sensitive database information. | ||||
| CVE-2019-25532 | 1 Netartmedia | 1 Jobs Portal | 2026-04-15 | 8.2 High |
| Netartmedia Jobs Portal 6.1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the Email parameter. Attackers can send POST requests to loginaction.php with crafted SQL payloads in the Email field to extract sensitive database information or bypass authentication. | ||||
| CVE-2019-25533 | 1 Netartmedia | 1 Php Business Directory | 2026-04-15 | 8.2 High |
| Netartmedia PHP Business Directory 4.2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the Email parameter. Attackers can send POST requests to the loginaction.php endpoint with crafted SQL payloads in the Email field to extract sensitive database information or bypass authentication. | ||||
| CVE-2019-25534 | 1 Netartmedia | 1 Php Car Dealer | 2026-04-15 | 8.2 High |
| Netartmedia PHP Car Dealer contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the features[] parameter. Attackers can submit POST requests to index.php with crafted SQL payloads in the features[] parameter to extract sensitive database information or manipulate database queries. | ||||
| CVE-2019-25535 | 1 Netartmedia | 1 Php Dating Site | 2026-04-15 | 8.2 High |
| Netartmedia PHP Dating Site contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the Email parameter. Attackers can send POST requests to loginaction.php with time-based SQL injection payloads in the Email field to extract sensitive database information. | ||||
| CVE-2019-25479 | 1 Inoutscripts | 1 Inout Realestate | 2026-04-15 | 8.2 High |
| Inout RealEstate contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the city parameter. Attackers can send POST requests to the agents/agentlistdetails endpoint with malicious SQL payloads in the city parameter to extract sensitive database information. | ||||
| CVE-2019-25509 | 1 Xooscripts | 1 Xoodigital | 2026-04-15 | 8.2 High |
| XooDigital Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'p' parameter. Attackers can send GET requests to results.php with malicious 'p' values to extract sensitive database information. | ||||
| CVE-2019-25529 | 1 Sourceforge | 1 Placeto Cms | 2026-04-15 | 7.1 High |
| Placeto CMS Alpha rv.4 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'page' parameter. Attackers can send GET requests to the admin/edit.php endpoint with malicious 'page' values using boolean-based blind, time-based blind, or union-based techniques to extract sensitive database information. | ||||
| CVE-2019-25531 | 1 Netartmedia | 1 Real Estate Portal | 2026-04-15 | 8.2 High |
| Netartmedia Deals Portal contains an SQL injection vulnerability in the Email parameter of loginaction.php that allows unauthenticated attackers to manipulate database queries. Attackers can submit crafted SQL payloads through POST requests to extract sensitive information or bypass authentication mechanisms. | ||||
| CVE-2019-25507 | 1 Ashopsoftware | 1 Ashop Shopping Cart Software | 2026-04-15 | 8.2 High |
| Ashop Shopping Cart Software contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'shop' parameter. Attackers can send GET requests to index.php with malicious 'shop' values using UNION-based SQL injection to extract sensitive database information. | ||||
| CVE-2018-25166 | 1 Sourceforge | 1 Meneame English Pligg | 2026-04-15 | 8.2 High |
| Meneame English Pligg 5.8 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the search parameter. Attackers can send GET requests to index.php with crafted SQL payloads in the search parameter to extract sensitive database information including usernames, database names, and version details. | ||||
| CVE-2018-25165 | 1 Galaxy | 1 Galaxy Forces Mmorpg | 2026-04-15 | 7.1 High |
| Galaxy Forces MMORPG 0.5.8 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'type' parameter. Attackers can send POST requests to ads.php with crafted SQL payloads in the type parameter to extract sensitive database information including usernames, databases, and version details. | ||||
| CVE-2018-25163 | 1 Bitzoom | 1 Bitzoom | 2026-04-15 | 8.2 High |
| BitZoom 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the rollno and username parameters in forgot.php and login.php. Attackers can submit crafted POST requests with SQL UNION statements to extract database schema information and table contents from the application database. | ||||
| CVE-2018-25197 | 1 Playjoom | 1 Playjoom | 2026-04-15 | 8.2 High |
| PlayJoom 0.10.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the catid parameter. Attackers can send GET requests to index.php with option=com_playjoom&view=genre&catid=[SQL] to extract sensitive database information including usernames, databases, and version details. | ||||
| CVE-2018-25188 | 3 Github, Webiness Inventory Project, Webiness Project | 3 Webiness Inventory, Webiness Inventory, Webiness Inventory | 2026-04-15 | 8.2 High |
| Webiness Inventory 2.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the order parameter. Attackers can send POST requests to the WsModelGrid.php endpoint with crafted SQL payloads to extract sensitive database information including usernames, databases, and version details. | ||||