Export limit exceeded: 347336 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 347336 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 18850 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (18850 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-22338 | 1 Ibm | 1 Sterling B2b Integrator | 2025-04-10 | 6.3 Medium |
| IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 219510. | ||||
| CVE-2024-30985 | 1 Phpgurukul | 1 Client Management System | 2025-04-10 | 9.8 Critical |
| SQL Injection vulnerability in "B/W Dates Reports" page in phpgurukul Client Management System using PHP & MySQL 1.1 allows attacker to execute arbitrary SQL commands via "todate" and "fromdate" parameters. | ||||
| CVE-2024-30990 | 1 Phpgurukul | 1 Client Management System | 2025-04-10 | 9.8 Critical |
| SQL Injection vulnerability in the "Invoices" page in phpgurukul Client Management System using PHP & MySQL 1.1 allows attacker to execute arbitrary SQL commands via "searchdata" parameter. | ||||
| CVE-2014-125046 | 1 Cub-scout-tracker Project | 1 Cub-scout-tracker | 2025-04-10 | 5.5 Medium |
| A vulnerability, which was classified as critical, was found in Seiji42 cub-scout-tracker. This affects an unknown part of the file databaseAccessFunctions.js. The manipulation leads to sql injection. The patch is named b4bc1a328b1f59437db159f9d136d9ed15707e31. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217551. | ||||
| CVE-2022-47523 | 1 Zohocorp | 3 Manageengine Access Manager Plus, Manageengine Pam360, Manageengine Password Manager Pro | 2025-04-09 | 9.8 Critical |
| Zoho ManageEngine Access Manager Plus before 4309, Password Manager Pro before 12210, and PAM360 before 5801 are vulnerable to SQL Injection. | ||||
| CVE-2025-3119 | 1 Oretnom23 | 1 Online Tutor Portal | 2025-04-09 | 6.3 Medium |
| A vulnerability was found in SourceCodester Online Tutor Portal 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /tutor/courses/manage_course.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-3137 | 1 Phpgurukul | 1 Online Security Guards Hiring System | 2025-04-09 | 7.3 High |
| A vulnerability, which was classified as critical, was found in PHPGurukul Online Security Guards Hiring System 1.0. Affected is an unknown function of the file /admin/changeimage.php. The manipulation of the argument editid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-3138 | 1 Phpgurukul | 1 Online Security Guards Hiring System | 2025-04-09 | 7.3 High |
| A vulnerability has been found in PHPGurukul Online Security Guards Hiring System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/edit-guard-detail.php. The manipulation of the argument editid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-3140 | 1 Oretnom23 | 1 Online Medicine Ordering System | 2025-04-09 | 6.3 Medium |
| A vulnerability was found in SourceCodester Online Medicine Ordering System 1.0. It has been classified as critical. This affects an unknown part of the file /view_category.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-3141 | 1 Oretnom23 | 1 Online Medicine Ordering System | 2025-04-09 | 6.3 Medium |
| A vulnerability was found in SourceCodester Online Medicine Ordering System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /manage_category.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2018-25070 | 1 Aista | 1 Phosphorus Five | 2025-04-09 | 5.5 Medium |
| A vulnerability has been found in polterguy Phosphorus Five up to 8.2 and classified as critical. This vulnerability affects the function csv.Read of the file plugins/extras/p5.mysql/NonQuery.cs of the component CSV Import. The manipulation leads to sql injection. Upgrading to version 8.3 is able to address this issue. The patch is identified as c179a3d0703db55cfe0cb939b89593f2e7a87246. It is recommended to upgrade the affected component. VDB-217606 is the identifier assigned to this vulnerability. | ||||
| CVE-2022-40828 | 1 Codeigniter | 1 Codeigniter | 2025-04-09 | 9.8 Critical |
| B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php or_where_not_in() function. Note: Multiple third parties have disputed this as not a valid vulnerability. | ||||
| CVE-2022-40827 | 1 Codeigniter | 1 Codeigniter | 2025-04-09 | 9.8 Critical |
| B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php where() function. Note: Multiple third parties have disputed this as not a valid vulnerability. | ||||
| CVE-2025-22140 | 1 Wegia | 1 Wegia | 2025-04-09 | 8.8 High |
| WeGIA is a web manager for charitable institutions. A SQL Injection vulnerability was identified in the /html/funcionario/dependente_listar_um.php endpoint, specifically in the id_dependente parameter. This vulnerability allows attackers to execute arbitrary SQL commands, compromising the confidentiality, integrity, and availability of the database. This vulnerability is fixed in 3.2.8. | ||||
| CVE-2025-22141 | 1 Wegia | 1 Wegia | 2025-04-09 | 8.8 High |
| WeGIA is a web manager for charitable institutions. A SQL Injection vulnerability was identified in the /dao/verificar_recursos_cargo.php endpoint, specifically in the cargo parameter. This vulnerability allows attackers to execute arbitrary SQL commands, compromising the confidentiality, integrity, and availability of the database. This vulnerability is fixed in 3.2.8. | ||||
| CVE-2022-38492 | 1 Easyvista | 1 Service Manager | 2025-04-09 | 7.7 High |
| An issue was discovered in EasyVista 2020.2.125.3 and 2022.1.109.0.03. One parameter allows SQL injection. Version 2022.1.110.1.02 fixes the vulnerability. | ||||
| CVE-2022-38490 | 1 Easyvista | 1 Service Manager | 2025-04-09 | 9.6 Critical |
| An issue was discovered in EasyVista 2020.2.125.3 and 2022.1.109.0.03. Some parameters allow SQL injection. Version 2022.1.110.1.02 corrects this issue. | ||||
| CVE-2022-4855 | 1 Lead Management System Project | 1 Lead Management System | 2025-04-09 | 7.3 High |
| A vulnerability, which was classified as critical, was found in SourceCodester Lead Management System 1.0. Affected is an unknown function of the file login.php. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-217020. | ||||
| CVE-2022-47866 | 1 Lead Management System Project | 1 Lead Management System | 2025-04-09 | 9.8 Critical |
| Lead management system v1.0 is vulnerable to SQL Injection via the id parameter in removeBrand.php. | ||||
| CVE-2022-47865 | 1 Lead Management System Project | 1 Lead Management System | 2025-04-09 | 9.8 Critical |
| Lead Management System v1.0 is vulnerable to SQL Injection via the id parameter in removeOrder.php. | ||||