Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 19823 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (19823 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-3335 1 Adonesevangelista 1 Online Restaurant Management System 2025-04-11 7.3 High
A vulnerability was found in codeprojects Online Restaurant Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/category_update.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-3336 1 Adonesevangelista 1 Online Restaurant Management System 2025-04-11 7.3 High
A vulnerability was found in codeprojects Online Restaurant Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/member_save.php. The manipulation of the argument last leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
CVE-2025-3337 1 Adonesevangelista 1 Online Restaurant Management System 2025-04-11 7.3 High
A vulnerability was found in codeprojects Online Restaurant Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/member_update.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-3353 1 Phpgurukul 1 Men Salon Management System 2025-04-11 7.3 High
A vulnerability was found in PHPGurukul Men Salon Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/add-services.php. The manipulation of the argument cost leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2010-5004 1 2daybiz 1 Polls Script 2025-04-11 N/A
SQL injection vulnerability in searchvote.php in 2daybiz Polls (aka Advanced Poll) Script allows remote attackers to execute arbitrary SQL commands via the category parameter.
CVE-2011-5091 1 Grboard 1 Grboard 2025-04-11 N/A
Multiple SQL injection vulnerabilities in GR Board (aka grboard) 1.8.6.5 Community Edition allow remote attackers to execute arbitrary SQL commands via the (1) tableType or (2) blindTarget parameter to view.php, (3) the delTargets[0] parameter to view_memo.php, or (4) the isReported parameter to write_ok.php.
CVE-2011-5099 2 Chillcreations, Joomla 2 Mod Ccnewsletter, Joomla\! 2025-04-11 N/A
SQL injection vulnerability in helper/popup.php in the ccNewsletter (mod_ccnewsletter) component 1.0.7 through 1.0.9 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2013-5120 1 Phpfox 1 Phpfox 2025-04-11 N/A
SQL injection vulnerability in PHPFox before 3.6.0 (build4) allows remote attackers to execute arbitrary SQL commands via the search[gender] parameter to user/browse/view_/.
CVE-2013-5121 1 Phpfox 1 Phpfox 2025-04-11 N/A
SQL injection vulnerability in PHPFox before 3.6.0 (build6) allows remote attackers to execute arbitrary SQL commands via the search[sort_by] parameter to user/browse/view_/.
CVE-2013-4683 2 Christophe Balisky, Typo3 2 Meta Feedit, Typo3 2025-04-11 N/A
SQL injection vulnerability in the meta_feedit extension 0.1.10 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2014-1459 1 Doorgets 1 Doorgets Cms 2025-04-11 N/A
SQL injection vulnerability in dg-admin/index.php in doorGets CMS 5.2 and earlier allows remote authenticated administrators to execute arbitrary SQL commands via the _position_down_id parameter. NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary SQL commands.
CVE-2011-4823 2 Extensionsforjoomla, Joomla 2 Com Vikrealestate, Joomla\! 2025-04-11 N/A
Multiple SQL injection vulnerabilities in Vik Real Estate (com_vikrealestate) component 1.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) contract parameter in a results action and (2) imm parameter in a show action to index.php.
CVE-2013-4662 1 Civicrm 1 Civicrm 2025-04-11 N/A
The Quick Search API in CiviCRM 4.2.0 through 4.2.9 and 4.3.0 through 4.3.3 allows remote authenticated users to bypass the validation layer and conduct SQL injection attacks via a direct request to the "second layer" of the API, related to contact.getquick.
CVE-2013-5304 2 Joachim Ruhs, Typo3 2 Locator, Typo3 2025-04-11 N/A
SQL injection vulnerability in the Store Locator (locator) extension before 3.1.5 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2013-5306 2 Die-netzmacher, Typo3 2 Browser, Typo3 2025-04-11 N/A
SQL injection vulnerability in the Browser - TYPO3 without PHP (browser) extension before 4.5.5 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2011-5218 1 Neubivljiv 1 Dota Openstats 2025-04-11 N/A
SQL injection vulnerability in DotA OpenStats 1.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
CVE-2011-5224 2 Trioniclabs, Wordpress 2 Sentinel, Wordpress 2025-04-11 N/A
SQL injection vulnerability in the Sentinel plugin 1.0.0 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2013-5354 1 Sharetronix 1 Sharetronix 2025-04-11 N/A
Multiple SQL injection vulnerabilities in Sharetronix 3.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) fb_user_id or (2) tw_user_id parameter to signup.
CVE-2013-4461 1 Redhat 1 Enterprise Mrg 2025-04-11 N/A
SQL injection vulnerability in the web interface for cumin in Red Hat Enterprise MRG Grid 2.4 allows remote attackers to execute arbitrary SQL commands via vectors related to the "filtering table operator."
CVE-2011-5145 1 Obm 1 Open Business Management 2025-04-11 N/A
Multiple SQL injection vulnerabilities in Open Business Management (OBM) 2.4.0-rc13 and probably earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) sel_domain_id or (2) action parameter to obm.php; (3) tf_user parameter in a search action to group/group_index.php; (4) tf_delegation, (5) tf_ip, (6) tf_name to host/host_index.php; or (7) lang, (8) theme, (9) cal_alert, (10) cal_first_hour, (11) cal_interval, (12) cal_last_hour, (13) commentorder, (14) csv_sep, (15) date, (16) date_upd, (17) debug_exe, (18) debug_id, (19) debug_param, (20) debug_sess, (21) debug_solr, (22) debug_sql, (23) dsrc, (24) menu, (25) rows, (26) sel_display_days, (27) timeformat, (28) timezone, or (29) todo parameter to settings/settings_index.php.