Export limit exceeded: 19582 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (19582 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-4161 | 1 Contest-gallery | 1 Contest Gallery | 2025-04-14 | 6.5 Medium |
| The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cg_copy_start POST parameter before concatenating it to an SQL query in copy-gallery-images.php. This may allow malicious users with at least author privilege to leak sensitive information from the site's database. | ||||
| CVE-2024-54925 | 1 Lopalopa | 1 E-learning Management System | 2025-04-14 | 9.8 Critical |
| A SQL Injection was found in /remove_sent_message.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the id parameter. | ||||
| CVE-2024-53505 | 2 B3log, Siyuan | 2 Siyuan, Siyuan | 2025-04-14 | 9.8 Critical |
| A SQL injection vulnerability has been identified in Siyuan 3.1.11 via the id parameter at /getAssetContent. | ||||
| CVE-2024-53506 | 2 B3log, Siyuan | 2 Siyuan, Siyuan | 2025-04-14 | 9.8 Critical |
| A SQL injection vulnerability has been identified in Siyuan 3.1.11 via the ids array parameter in /batchGetBlockAttrs. | ||||
| CVE-2024-53507 | 2 B3log, Siyuan | 2 Siyuan, Siyuan | 2025-04-14 | 9.8 Critical |
| A SQL injection vulnerability was discovered in Siyuan 3.1.11 in /getHistoryItems. | ||||
| CVE-2025-30372 | 1 Emlog | 1 Emlog | 2025-04-14 | 9.8 Critical |
| Emlog is an open source website building system. Emlog Pro versions pro-2.5.7 and pro-2.5.8 contain an SQL injection vulnerability. `search_controller.php` does not use addslashes after urldecode, allowing the preceeding addslashes to be bypassed by URL double encoding. This could result in potential leakage of sensitive information from the user database. Version pro-2.5.9 fixes the issue. | ||||
| CVE-2024-53504 | 2 B3log, Siyuan | 2 Siyuan, Siyuan | 2025-04-14 | 9.8 Critical |
| A SQL injection vulnerability has been identified in Siyuan 3.1.11 via the notebook parameter in /searchHistory. | ||||
| CVE-2024-31545 | 2 Oretnom23, Sourcecodester | 2 Computer Laboratory Management System, Computer Laboratory Management System | 2025-04-14 | 9.4 Critical |
| Computer Laboratory Management System v1.0 is vulnerable to SQL Injection via the "id" parameter of /admin/?page=user/manage_user&id=6. | ||||
| CVE-2024-31547 | 1 Oretnom23 | 1 Computer Laboratory Management System | 2025-04-14 | 9.1 Critical |
| Computer Laboratory Management System v1.0 is vulnerable to SQL Injection via the "id" parameter of /admin/item/view_item.php. | ||||
| CVE-2024-31546 | 2 Oretnom23, Sourcecodester | 2 Computer Laboratory Management System, Computer Laboratory Management System | 2025-04-14 | 9.8 Critical |
| Computer Laboratory Management System v1.0 is vulnerable to SQL Injection via the "id" parameter of /admin/damage/view_damage.php. | ||||
| CVE-2023-49989 | 2 Phpgurukul, Pratham-jaiswal | 2 Hotel Booking Management System, Hotel Booking Management System | 2025-04-14 | 9.8 Critical |
| Hotel Booking Management v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at update.php. | ||||
| CVE-2023-49988 | 2 Phpgurukul, Pratham-jaiswal | 2 Hotel Booking Management System, Hotel Booking Management System | 2025-04-14 | 7.5 High |
| Hotel Booking Management v1.0 was discovered to contain a SQL injection vulnerability via the npss parameter at rooms.php. | ||||
| CVE-2016-10096 | 1 Genixcms | 1 Genixcms | 2025-04-12 | N/A |
| SQL injection vulnerability in register.php in GeniXCMS before 1.0.0 allows remote attackers to execute arbitrary SQL commands via the activation parameter. | ||||
| CVE-2015-7791 | 1 Welcart | 1 Welcart E-commerce | 2025-04-12 | N/A |
| Multiple SQL injection vulnerabilities in admin.php in the Collne Welcart plugin before 1.5.3 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) search[column] or (2) switch parameter. | ||||
| CVE-2016-6616 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-12 | N/A |
| An issue was discovered in phpMyAdmin. In the "User group" and "Designer" features, a user can execute an SQL injection attack against the account of the control user. All 4.6.x versions (prior to 4.6.4) and 4.4.x versions (prior to 4.4.15.8) are affected. | ||||
| CVE-2016-3172 | 1 Cacti | 1 Cacti | 2025-04-12 | N/A |
| SQL injection vulnerability in tree.php in Cacti 0.8.8g and earlier allows remote authenticated users to execute arbitrary SQL commands via the parent_id parameter in an item_edit action. | ||||
| CVE-2016-6419 | 1 Cisco | 1 Secure Firewall Management Center | 2025-04-12 | N/A |
| SQL injection vulnerability in Cisco Firepower Management Center 4.10.3 through 5.4.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCur25485. | ||||
| CVE-2016-4837 | 1 Ec-cube | 1 Discount Coupon | 2025-04-12 | 9.8 Critical |
| SQL injection vulnerability in the Seed Coupon plugin before 1.6 for EC-CUBE allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2014-8586 | 1 Cp Multi View Event Calendar Project | 1 Cp Multi View Event Calendar | 2025-04-12 | N/A |
| SQL injection vulnerability in the CP Multi View Event Calendar plugin 1.01 for WordPress allows remote attackers to execute arbitrary SQL commands via the calid parameter. | ||||
| CVE-2014-8295 | 1 Bacula | 1 Bacula-web | 2025-04-12 | N/A |
| SQL injection vulnerability in joblogs.php in Bacula-Web 5.2.10 allows remote attackers to execute arbitrary SQL commands via the jobid parameter. | ||||