Total
15478 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-12946 | 1 1000projects | 1 Attendance Tracking Management System | 2025-04-17 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability, which was classified as critical, has been found in 1000 Projects Attendance Tracking Management System 1.0. This issue affects some unknown processing of the file /admin/admin_action.php. The manipulation of the argument admin_user_name leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-12927 | 1 1000projects | 1 Attendance Tracking Management System | 2025-04-17 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability, which was classified as critical, has been found in 1000 Projects Attendance Tracking Management System 1.0. Affected by this issue is some unknown functionality of the file /faculty/check_faculty_login.php. The manipulation of the argument faculty_emailid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-12935 | 1 Code-projects | 1 Simple Admin Panel | 2025-04-17 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability classified as critical was found in code-projects Simple Admin Panel 1.0. This vulnerability affects unknown code of the file editItemForm.php. The manipulation of the argument record leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-46374 | 1 Mayurik | 1 Best House Rental Management System | 2025-04-16 | N/A | 9.8 CRITICAL |
| Best House Rental Management System 1.0 contains a SQL injection vulnerability in the delete_category() function of the file rental/admin_class.php. | |||||
| CVE-2024-25507 | 1 Ruvar | 1 Ruvaroa | 2025-04-16 | N/A | 9.4 CRITICAL |
| RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the email_attach_id parameter at /LHMail/AttachDown.aspx. | |||||
| CVE-2024-25508 | 1 Ruvar | 1 Ruvaroa | 2025-04-16 | N/A | 9.8 CRITICAL |
| RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /bulletin/bulletin_template_show.aspx. | |||||
| CVE-2024-25512 | 1 Ruvar | 1 Ruvaroa | 2025-04-16 | N/A | 8.1 HIGH |
| RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the attach_id parameter at /Bulletin/AttachDownLoad.aspx. | |||||
| CVE-2024-25509 | 1 Ruvar | 1 Ruvaroa | 2025-04-16 | N/A | 9.4 CRITICAL |
| RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the sys_file_storage_id parameter at /WorkFlow/wf_file_download.aspx. | |||||
| CVE-2024-25510 | 1 Ruvar | 1 Ruvaroa | 2025-04-16 | N/A | 9.8 CRITICAL |
| RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /AddressBook/address_public_show.aspx. | |||||
| CVE-2024-25511 | 1 Ruvar | 1 Ruvaroa | 2025-04-16 | N/A | 9.4 CRITICAL |
| RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /AddressBook/address_public_new.aspx. | |||||
| CVE-2024-25513 | 1 Ruvar | 1 Ruvaroa | 2025-04-16 | N/A | 7.8 HIGH |
| RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the file_id parameter at /CorporateCulture/kaizen_download.aspx. | |||||
| CVE-2024-25514 | 1 Ruvar | 1 Ruvaroa | 2025-04-16 | N/A | 9.4 CRITICAL |
| RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the template_id parameter at /SysManage/wf_template_child_field_list.aspx. | |||||
| CVE-2024-25515 | 1 Ruvar | 1 Ruvaroa | 2025-04-16 | N/A | 7.3 HIGH |
| RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the sys_file_storage_id parameter at /WorkFlow/wf_work_finish_file_down.aspx. | |||||
| CVE-2024-33444 | 1 Onethink | 1 Onethink | 2025-04-16 | N/A | 9.8 CRITICAL |
| SQL injection vulnerability in onethink v.1.1 allows a remote attacker to escalate privileges via a crafted script to the ModelModel.class.php component. | |||||
| CVE-2024-2587 | 1 Amss\+\+ Project | 1 Amss\+\+ | 2025-04-16 | N/A | 8.2 HIGH |
| Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/modules/book/main/bookdetail_khet_person.php, in multiple parameters. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB. | |||||
| CVE-2024-2588 | 1 Amss\+\+ Project | 1 Amss\+\+ | 2025-04-16 | N/A | 8.2 HIGH |
| Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/admin/index.php, in the 'id' parameter. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB. | |||||
| CVE-2024-33146 | 1 J2eefast | 1 J2eefast | 2025-04-16 | N/A | 9.1 CRITICAL |
| J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the export function. | |||||
| CVE-2024-33164 | 1 J2eefast | 1 J2eefast | 2025-04-16 | N/A | 9.8 CRITICAL |
| J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the authUserList() function. | |||||
| CVE-2024-33161 | 1 J2eefast | 1 J2eefast | 2025-04-16 | N/A | 5.3 MEDIUM |
| J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the unallocatedList() function. | |||||
| CVE-2024-33155 | 1 J2eefast | 1 J2eefast | 2025-04-16 | N/A | 9.8 CRITICAL |
| J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the getDeptList() function. | |||||