Export limit exceeded: 18906 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (18906 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-3204 | 1 Codeastro | 1 Car Rental System | 2025-04-15 | 6.3 Medium |
| A vulnerability, which was classified as critical, has been found in CodeAstro Car Rental System 1.0. Affected by this issue is some unknown functionality of the file /returncar.php. The manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-2951 | 1 Bluestar | 1 Micro Mall | 2025-04-15 | 6.3 Medium |
| A vulnerability classified as critical has been found in Bluestar Micro Mall 1.0. Affected is an unknown function of the file /api/data.php. The manipulation of the argument Search leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-22953 | 1 Epicor | 1 Human Capital Management | 2025-04-15 | 9.8 Critical |
| A SQL injection vulnerability exists in Epicor HCM 2021 1.9, with patches available: 5.16.0.1033/HCM2022, 5.17.0.1146/HCM2023, and 5.18.0.573/HCM2024. The injection is specifically in the filter parameter of the JsonFetcher.svc endpoint. An attacker can exploit this vulnerability by injecting malicious SQL payloads into the filter parameter, enabling the unauthorized execution of arbitrary SQL commands on the backend database. If certain features (like xp_cmdshell) are enabled, this may lead to remote code execution. | ||||
| CVE-2022-1078 | 1 College Website Management System Project | 1 College Website Management System | 2025-04-15 | 7.3 High |
| A vulnerability was found in SourceCodester College Website Management System 1.0. It has been classified as critical. Affected is the file /cwms/admin/?page=articles/view_article/. The manipulation of the argument id with the input ' and (select * from(select(sleep(10)))Avx) and 'abc' = 'abc with an unknown input leads to sql injection. It is possible to launch the attack remotely and without authentication. | ||||
| CVE-2022-1080 | 1 One Church Management System Project | 1 One Church Management System | 2025-04-15 | 7.3 High |
| A vulnerability was found in SourceCodester One Church Management System 1.0. It has been declared as critical. This vulnerability affects code of the file attendancy.php as the manipulation of the argument search2 leads to sql injection. The attack can be initiated remotely. | ||||
| CVE-2022-1082 | 1 Microfinance Management System Project | 1 Microfinance Management System | 2025-04-15 | 7.3 High |
| A vulnerability was found in SourceCodester Microfinance Management System 1.0. It has been rated as critical. This issue affects the file /mims/login.php of the Login Page. The manipulation of the argument username/password with the input '||1=1# leads to sql injection. The attack may be initiated remotely. | ||||
| CVE-2022-1083 | 1 Microfinance Management System Project | 1 Microfinance Management System | 2025-04-15 | 7.3 High |
| A vulnerability classified as critical has been found in Microfinance Management System. The manipulation of arguments like customer_type_number/account_number/account_status_number/account_type_number with the input ' and (select * from(select(sleep(10)))Avx) and 'abc' = 'abc leads to sql injection in multiple files. It is possible to launch the attack remotely. | ||||
| CVE-2022-1838 | 1 Home Clean Services Management System Project | 1 Home Clean Services Management System | 2025-04-15 | 4.7 Medium |
| A vulnerability classified as critical has been found in Home Clean Services Management System 1.0. This affects an unknown part of admin/login.php. The manipulation of the argument username with the input admin%'/**/AND/**/(SELECT/**/5383/**/FROM/**/(SELECT(SLEEP(5)))JPeh)/**/AND/**/'frfq%'='frfq leads to sql injection. It is possible to initiate the attack remotely but it requires authentication. Exploit details have been disclosed to the public. | ||||
| CVE-2022-1839 | 1 Home Clean Services Management System Project | 1 Home Clean Services Management System | 2025-04-15 | 6.3 Medium |
| A vulnerability classified as critical was found in Home Clean Services Management System 1.0. This vulnerability affects the file login.php. The manipulation of the argument email with the input admin%'/**/AND/**/(SELECT/**/5383/**/FROM/**/(SELECT(SLEEP(2)))JPeh)/**/AND/**/'frfq%'='frfq leads to sql injection. The attack can be initiated remotely but it requires authentication. Exploit details have been disclosed to the public. | ||||
| CVE-2013-10003 | 1 Telecomsoftware | 2 Samwin Agent, Samwin Contact Center | 2025-04-15 | 6.5 Medium |
| A vulnerability classified as critical has been found in Telecommunication Software SAMwin Contact Center Suite 5.1. This affects the function getCurrentDBVersion in the library SAMwinLIBVB.dll of the database handler. The manipulation leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 6.2 is able to address this issue. It is recommended to upgrade the affected component. | ||||
| CVE-2020-36530 | 1 Ibm | 1 Sevone Network Performance Management | 2025-04-15 | 6.3 Medium |
| A vulnerability classified as critical was found in SevOne Network Management System up to 5.7.2.22. This vulnerability affects the Alert Summary. The manipulation leads to sql injection. The attack can be initiated remotely. | ||||
| CVE-2020-36535 | 1 Minmax | 1 Minmax | 2025-04-15 | 6.3 Medium |
| A vulnerability classified as critical has been found in MINMAX. This affects an unknown part of the file /newsDia.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. | ||||
| CVE-2020-36536 | 1 Brandbugle | 1 Brandbugle | 2025-04-15 | 6.3 Medium |
| A vulnerability was found in Brandbugle. It has been rated as critical. Affected by this issue is some unknown functionality of the file /main.php. The manipulation leads to sql injection. The attack may be launched remotely. | ||||
| CVE-2020-36537 | 1 Everywhere | 1 Everywhere Cms | 2025-04-15 | 6.3 Medium |
| A vulnerability was found in Everywhere CMS. It has been classified as critical. Affected is an unknown function. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. | ||||
| CVE-2020-36538 | 1 Etan | 1 Etan Cms | 2025-04-15 | 6.3 Medium |
| A vulnerability was found in Eatan CMS. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to sql injection. The attack can be launched remotely. | ||||
| CVE-2020-36539 | 1 Logicoycreativo | 1 Logico Y Creativo | 2025-04-15 | 6.3 Medium |
| A vulnerability was found in Lógico y Creativo 1.0 and classified as critical. This issue affects some unknown processing. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. | ||||
| CVE-2020-36540 | 1 Neetai | 1 Neetai Tech | 2025-04-15 | 6.3 Medium |
| A vulnerability, which was classified as critical, was found in Neetai Tech. Affected is an unknown function of the file /product.php. The manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2020-36541 | 1 Demokratian | 1 Demokratian | 2025-04-15 | 7.3 High |
| A vulnerability was found in Demokratian. It has been rated as critical. Affected by this issue is some unknown functionality of the file basicos_php/genera_select.php. The manipulation of the argument id_provincia with the input -1%20union%20all%20select%201,2,3,4,database() leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. | ||||
| CVE-2020-36543 | 1 Sialweb | 1 Sialweb Cms | 2025-04-15 | 6.3 Medium |
| A vulnerability, which was classified as critical, was found in SialWeb CMS. This affects an unknown part of the file /about.php. The manipulation of the argument Id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2017-20017 | 1 Tngsitebuilding | 1 The Next Generation Of Genealogy Sitebuilding | 2025-04-15 | 6.3 Medium |
| A vulnerability, which was classified as critical, has been found in The Next Generation of Genealogy Sitebuilding up to 11.1.0. This issue affects some unknown processing of the file /timeline2.php. The manipulation of the argument primaryID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 11.1.1 is able to address this issue. It is recommended to upgrade the affected component. | ||||