Total
15484 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-53507 | 1 B3log | 1 Siyuan | 2025-04-14 | N/A | 9.8 CRITICAL |
| A SQL injection vulnerability was discovered in Siyuan 3.1.11 in /getHistoryItems. | |||||
| CVE-2025-30372 | 1 Emlog | 1 Emlog | 2025-04-14 | N/A | 9.8 CRITICAL |
| Emlog is an open source website building system. Emlog Pro versions pro-2.5.7 and pro-2.5.8 contain an SQL injection vulnerability. `search_controller.php` does not use addslashes after urldecode, allowing the preceeding addslashes to be bypassed by URL double encoding. This could result in potential leakage of sensitive information from the user database. Version pro-2.5.9 fixes the issue. | |||||
| CVE-2024-53504 | 1 B3log | 1 Siyuan | 2025-04-14 | N/A | 9.8 CRITICAL |
| A SQL injection vulnerability has been identified in Siyuan 3.1.11 via the notebook parameter in /searchHistory. | |||||
| CVE-2024-31545 | 1 Oretnom23 | 1 Computer Laboratory Management System | 2025-04-14 | N/A | 9.4 CRITICAL |
| Computer Laboratory Management System v1.0 is vulnerable to SQL Injection via the "id" parameter of /admin/?page=user/manage_user&id=6. | |||||
| CVE-2024-31547 | 1 Oretnom23 | 1 Computer Laboratory Management System | 2025-04-14 | N/A | 9.1 CRITICAL |
| Computer Laboratory Management System v1.0 is vulnerable to SQL Injection via the "id" parameter of /admin/item/view_item.php. | |||||
| CVE-2024-31546 | 1 Oretnom23 | 1 Computer Laboratory Management System | 2025-04-14 | N/A | 9.8 CRITICAL |
| Computer Laboratory Management System v1.0 is vulnerable to SQL Injection via the "id" parameter of /admin/damage/view_damage.php. | |||||
| CVE-2023-49989 | 1 Pratham-jaiswal | 1 Hotel Booking Management System | 2025-04-14 | N/A | 9.8 CRITICAL |
| Hotel Booking Management v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at update.php. | |||||
| CVE-2023-49988 | 1 Pratham-jaiswal | 1 Hotel Booking Management System | 2025-04-14 | N/A | 7.5 HIGH |
| Hotel Booking Management v1.0 was discovered to contain a SQL injection vulnerability via the npss parameter at rooms.php. | |||||
| CVE-2014-5189 | 1 Leadoctopus | 1 Lead Octopus | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in lib/optin/optin_page.php in the Lead Octopus plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2014-8682 | 1 Gogits | 1 Gogs | 2025-04-12 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Gogs (aka Go Git Service) 0.3.1-9 through 0.5.x before 0.5.6.1105 Beta allow remote attackers to execute arbitrary SQL commands via the q parameter to (1) api/v1/repos/search, which is not properly handled in models/repo.go, or (2) api/v1/users/search, which is not properly handled in models/user.go. | |||||
| CVE-2014-2847 | 1 Construtiva | 1 Cis Manager Cms | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in default.asp in CIS Manager CMS allows remote attackers to execute arbitrary SQL commands via the TroncoID parameter. | |||||
| CVE-2014-8083 | 1 Osclass | 1 Osclass | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Search::setJsonAlert method in OSClass before 3.4.3 allows remote attackers to execute arbitrary SQL commands via the alert parameter in a search alert subscription action. | |||||
| CVE-2014-9115 | 1 Piwigo | 1 Piwigo | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the rate_picture function in include/functions_rate.inc.php in Piwigo before 2.5.5, 2.6.x before 2.6.4, and 2.7.x before 2.7.2 allows remote attackers to execute arbitrary SQL commands via the rate parameter to picture.php, related to an improper data type in a comparison of a non-numeric value that begins with a digit. | |||||
| CVE-2014-5185 | 1 Quartz Plugin Project | 1 Quartz Plugin | 2025-04-12 | 6.0 MEDIUM | N/A |
| SQL injection vulnerability in the Quartz plugin 1.01.1 for WordPress allows remote authenticated users with Contributor privileges to execute arbitrary SQL commands via the quote parameter in an edit action in the quartz/quote_form.php page to wp-admin/edit.php. | |||||
| CVE-2014-9457 | 1 Pmb Services | 1 Pmb | 2025-04-12 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in classes/mono_display.class.php in PMB 4.1.3 and earlier allows remote authenticated users to execute arbitrary SQL commands via the id parameter to catalog.php. | |||||
| CVE-2015-6659 | 1 Drupal | 1 Drupal | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the SQL comment filtering system in the Database API in Drupal 7.x before 7.39 allows remote attackers to execute arbitrary SQL commands via an SQL comment. | |||||
| CVE-2014-9096 | 1 Pligg | 1 Pligg Cms | 2025-04-12 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in recover.php in Pligg CMS 2.0.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) n parameter. | |||||
| CVE-2014-8295 | 1 Bacula | 1 Bacula-web | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in joblogs.php in Bacula-Web 5.2.10 allows remote attackers to execute arbitrary SQL commands via the jobid parameter. | |||||
| CVE-2014-7981 | 1 Joomla | 1 Joomla\! | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Joomla! CMS 3.1.x and 3.2.x before 3.2.3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2016-0710 | 1 Apache | 1 Jetspeed | 2025-04-12 | 7.5 HIGH | 8.8 HIGH |
| Multiple SQL injection vulnerabilities in the User Manager service in Apache Jetspeed before 2.3.1 allow remote attackers to execute arbitrary SQL commands via the (1) role or (2) user parameter to services/usermanager/users/. | |||||