Export limit exceeded: 18881 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 18881 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (18881 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-22406 | 1 Shopware | 1 Shopware | 2025-06-02 | 9.3 Critical |
| Shopware is an open headless commerce platform. The Shopware application API contains a search functionality which enables users to search through information stored within their Shopware instance. The searches performed by this function can be aggregated using the parameters in the “aggregations” object. The ‘name’ field in this “aggregations” object is vulnerable SQL-injection and can be exploited using time-based SQL-queries. This issue has been addressed and users are advised to update to Shopware 6.5.7.4. For older versions of 6.1, 6.2, 6.3 and 6.4 corresponding security measures are also available via a plugin. For the full range of functions, we recommend updating to the latest Shopware version. | ||||
| CVE-2023-27113 | 1 A54552239 | 1 Pearprojectapi | 2025-05-30 | 9.8 Critical |
| pearProjectApi v2.8.10 was discovered to contain a SQL injection vulnerability via the organizationCode parameter at project.php. | ||||
| CVE-2023-27112 | 1 A54552239 | 1 Pearprojectapi | 2025-05-30 | 9.8 Critical |
| pearProjectApi v2.8.10 was discovered to contain a SQL injection vulnerability via the projectCode parameter at project.php. | ||||
| CVE-2022-45165 | 1 Archibus | 1 Web Central | 2025-05-30 | 6.5 Medium |
| An issue was discovered in Archibus Web Central 2022.03.01.107. A service exposed by the application accepts a user-controlled parameter that is used to create an SQL query. It causes this service to be prone to SQL injection. | ||||
| CVE-2022-34909 | 1 Aremis | 1 Aremis 4 Nomads | 2025-05-30 | 7.7 High |
| An issue was discovered in the A4N (Aremis 4 Nomad) application 1.5.0 for Android. It allows SQL Injection, by which an attacker can bypass authentication and retrieve data that is stored in the database. | ||||
| CVE-2021-31777 | 1 Dynamic Content Elements Project | 1 Dynamic Content Elements | 2025-05-30 | 4.9 Medium |
| The dce (aka Dynamic Content Element) extension 2.2.0 through 2.6.x before 2.6.2, and 2.7.x before 2.7.1, for TYPO3 allows SQL Injection via a backend user account. | ||||
| CVE-2020-26546 | 1 Evolutionscript | 1 Helpdeskz | 2025-05-30 | 7.5 High |
| An issue was discovered in HelpDeskZ 1.0.2. The feature to auto-login a user, via the RememberMe functionality, is prone to SQL injection. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2024-0729 | 1 Foru Cms Project | 1 Foru Cms | 2025-05-30 | 5.5 Medium |
| A vulnerability, which was classified as critical, has been found in ForU CMS up to 2020-06-23. Affected by this issue is some unknown functionality of the file cms_admin.php. The manipulation of the argument a_name leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-251552. | ||||
| CVE-2024-0734 | 1 Smsot | 1 Smsot | 2025-05-30 | 6.3 Medium |
| A vulnerability was found in Smsot up to 2.12. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /get.php. The manipulation of the argument tid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-251557 was assigned to this vulnerability. | ||||
| CVE-2024-0784 | 1 Hongmaple | 1 Octopus | 2025-05-30 | 6.3 Medium |
| A vulnerability was found in hongmaple octopus 1.0. It has been classified as critical. Affected is an unknown function of the file /system/role/list. The manipulation of the argument dataScope leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The identifier of this vulnerability is VDB-251700. | ||||
| CVE-2024-23646 | 1 Pimcore | 1 Admin Classic Bundle | 2025-05-30 | 8.8 High |
| Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore. The application allows users to create zip files from available files on the site. In the 1.x branch prior to version 1.3.2, parameter `selectedIds` is susceptible to SQL Injection. Any backend user with very basic permissions can execute arbitrary SQL statements and thus alter any data or escalate their privileges to at least admin level. Version 1.3.2 contains a fix for this issue. | ||||
| CVE-2025-4226 | 1 Phpgurukul | 1 Cyber Cafe Management System | 2025-05-30 | 7.3 High |
| A vulnerability classified as critical has been found in PHPGurukul/Campcodes Cyber Cafe Management System 1.0. This affects an unknown part of the file /add-computer.php. The manipulation of the argument compname/comploc leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-52874 | 1 Infoblox | 1 Netmri | 2025-05-30 | 8.8 High |
| In Infoblox NETMRI before 7.6.1, authenticated users can perform SQL injection attacks. | ||||
| CVE-2024-51101 | 1 Phpgurukul | 1 Restaurant Table Booking System | 2025-05-29 | 9.8 Critical |
| PHPGURUKUL Restaurant Table Booking System using PHP and MySQL v1.0 was discovered to contain a SQL injection vulnerability via the searchdata parameter at /rtbs/check-status.php. | ||||
| CVE-2024-24140 | 1 Remyandrade | 1 Daily Habit Tracker | 2025-05-29 | 7.2 High |
| Sourcecodester Daily Habit Tracker App 1.0 allows SQL Injection via the parameter 'tracker.' | ||||
| CVE-2022-38509 | 1 Wedding Planner Project | 1 Wedding Planner | 2025-05-29 | 9.8 Critical |
| Wedding Planner v1.0 was discovered to contain a SQL injection vulnerability via the booking_id parameter at /admin/budget.php. | ||||
| CVE-2024-40392 | 2 Fkgeo, Pharmacy Medical Store And Sale Point Project | 2 Pharmacy\/medical Store Point Of Sale System, Pharmacy Medical Store And Sale Point | 2025-05-29 | 9.8 Critical |
| SourceCodester Pharmacy/Medical Store Point of Sale System Using PHP/MySQL and Bootstrap Framework with Source Code 1.0 was discovered to contain a SQL injection vulnerability via the name parameter under addnew.php. | ||||
| CVE-2024-0883 | 1 Mayurik | 1 Online Tours \& Travels Management System | 2025-05-29 | 6.3 Medium |
| A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0. It has been declared as critical. This vulnerability affects the function prepare of the file admin/pay.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-252034 is the identifier assigned to this vulnerability. | ||||
| CVE-2023-6402 | 1 Phpgurukul | 1 Nipah Virus Testing Management System | 2025-05-29 | 6.3 Medium |
| A vulnerability, which was classified as critical, was found in PHPGurukul Nipah Virus Testing Management System 1.0. This affects an unknown part of the file add-phlebotomist.php. The manipulation of the argument empid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-246423. | ||||
| CVE-2022-23695 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2025-05-29 | 8.8 High |
| Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database potentially leading to complete compromise of the ClearPass Policy Manager cluster in Aruba ClearPass Policy Manager version(s): 6.10.x: 6.10.6 and below; 6.9.x: 6.9.11 and below. Aruba has released upgrades for Aruba ClearPass Policy Manager that address these security vulnerabilities. | ||||