Total
17198 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-60797 | 1 Phppgadmin Project | 1 Phppgadmin | 2025-11-25 | N/A | 6.5 MEDIUM |
| phpPgAdmin 7.13.0 and earlier contains a SQL injection vulnerability in dataexport.php at line 118. The application directly executes user-supplied SQL queries from the $_REQUEST['query'] parameter without any sanitization or parameterization via $data->conn->Execute($_REQUEST['query']). An authenticated attacker can exploit this vulnerability to execute arbitrary SQL commands, potentially leading to complete database compromise, data theft, or privilege escalation. | |||||
| CVE-2025-60798 | 1 Phppgadmin Project | 1 Phppgadmin | 2025-11-25 | N/A | 6.5 MEDIUM |
| phpPgAdmin 7.13.0 and earlier contains a SQL injection vulnerability in display.php at line 396. The application passes user-controlled input from $_REQUEST['query'] directly to the browseQuery function without proper sanitization. An authenticated attacker can exploit this vulnerability to execute arbitrary SQL commands through malicious query manipulation, potentially leading to complete database compromise. | |||||
| CVE-2025-64493 | 1 Salesagility | 1 Suitecrm | 2025-11-25 | N/A | 6.5 MEDIUM |
| SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. In versions 8.6.0 through 8.9.0, there is an authenticated, blind (time-based) SQL-injection inside the appMetadata-operation of the GraphQL-API. This allows extraction of arbitrary data from the database, and does not require administrative access. This issue is fixed in version 8.9.1. | |||||
| CVE-2025-64492 | 1 Salesagility | 1 Suitecrm | 2025-11-25 | N/A | 8.8 HIGH |
| SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Versions 8.9.0 and below contain a time-based blind SQL Injection vulnerability. This vulnerability allows an authenticated attacker to infer data from the database by measuring response times, potentially leading to the extraction of sensitive information. It is possible for an attacker to enumerate database, table, and column names, extract sensitive data, or escalate privileges. This is fixed in version 8.9.1. | |||||
| CVE-2025-64488 | 1 Salesagility | 1 Suitecrm | 2025-11-25 | N/A | 8.8 HIGH |
| SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. In versions 7.14.7 and below and 8.0.0-beta.1 through 8.9.0 8.0.0-beta.1, an attacker can craft a malicious call_id that alters the logic of the SQL query or injects arbitrary SQL. An attack can lead to unauthorized data access and data ex-filtration, complete database compromise, and other various issues. This issue is fixed in versions 7.14.8 and 8.9.1. | |||||
| CVE-2025-50860 | 1 Ehcp | 1 Easy Hosting Control Panel | 2025-11-25 | N/A | 5.4 MEDIUM |
| SQL Injection in the listdomains function in Easy Hosting Control Panel (EHCP) 20.04.1.b allows authenticated attackers to access or manipulate database contents via the arananalan POST parameter. | |||||
| CVE-2024-40614 | 1 Egroupware | 1 Egroupware | 2025-11-25 | N/A | 9.8 CRITICAL |
| EGroupware before 23.1.20240624 mishandles an ORDER BY clause. This leads to json.php?menuaction=EGroupware\Api\Etemplate\Widget\Nextmatch::ajax_get_rows sort.id SQL injection by authenticated users for Address Book or InfoLog sorting. | |||||
| CVE-2024-34472 | 1 Hsclabs | 1 Mailinspector | 2025-11-25 | N/A | 5.5 MEDIUM |
| An issue was discovered in HSC Mailinspector 5.2.17-3 through v.5.2.18. An authenticated blind SQL injection vulnerability exists in the mliRealtimeEmails.php file. The ordemGrid parameter in a POST request to /mailinspector/mliRealtimeEmails.php does not properly sanitize input, allowing an authenticated attacker to execute arbitrary SQL commands, leading to the potential disclosure of the entire application database. | |||||
| CVE-2022-2679 | 1 Janobe | 1 Interview Management System | 2025-11-25 | N/A | 6.3 MEDIUM |
| A vulnerability was found in SourceCodester Interview Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /viewReport.php. The manipulation of the argument id with the input (UPDATEXML(9729,CONCAT(0x2e,0x716b707071,(SELECT (ELT(9729=9729,1))),0x7162766a71),7319)) leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-205667. | |||||
| CVE-2022-38576 | 1 Janobe | 1 Interview Management System | 2025-11-25 | N/A | 7.2 HIGH |
| Interview Management System v1.0 was discovered to contain a SQL injection vulnerability via the component /interview/delete.php?action=deletecand&id=. | |||||
| CVE-2022-38260 | 1 Janobe | 1 Interview Management System | 2025-11-25 | N/A | 7.2 HIGH |
| Interview Management System v1.0 was discovered to contain a SQL injection vulnerability via the component /interview/delete.php?action=questiondelete&id=. | |||||
| CVE-2022-38255 | 1 Janobe | 1 Interview Management System | 2025-11-25 | N/A | 7.2 HIGH |
| Interview Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /interview/editQuestion.php. | |||||
| CVE-2025-63608 | 2025-11-24 | N/A | 5.4 MEDIUM | ||
| A SQL injection vulnerability exists in CSZ-CMS <=1.3.0 in the Form Builder view functionality. The vulnerability is located in the field parameter of the form viewing feature, allowing authenticated administrators to execute arbitrary SQL queries. | |||||
| CVE-2025-13410 | 1 Campcodes | 1 Retro Basketball Shoes Online Store | 2025-11-24 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability has been found in Campcodes Retro Basketball Shoes Online Store 1.0. Affected is an unknown function of the file /admin/receipt.php. Such manipulation of the argument tid leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2022-50589 | 1 Salesagility | 1 Suitecrm | 2025-11-24 | N/A | 9.8 CRITICAL |
| SuiteCRM versions prior to 7.12.6 contain a SQL injection vulnerability within the processing of the ‘uid’ parameter within the ‘export’ functionality. Successful exploitation allows remote unauthenticated attackers to ultimately execute arbitrary code. | |||||
| CVE-2022-50591 | 1 Advantech | 1 Iview | 2025-11-24 | N/A | 9.8 CRITICAL |
| Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the ‘ztp_config_id’ parameter to the ‘NetworkServlet’ endpoint. Successful exploitation allows for the exfiltration of user data, included clear text passwords. | |||||
| CVE-2022-50592 | 1 Advantech | 1 Iview | 2025-11-24 | N/A | 7.2 HIGH |
| Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the ‘getInventoryReportData’ parameter to the ‘NetworkServlet’ endpoint. Successful exploitation allows for remote code execution with administrator privileges. | |||||
| CVE-2022-50594 | 1 Advantech | 1 Iview | 2025-11-24 | N/A | 7.5 HIGH |
| Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the ‘data’ parameter to the ‘NetworkServlet’ endpoint. Successful exploitation allows for the exfiltration of user data, included clear text passwords. | |||||
| CVE-2022-50595 | 1 Advantech | 1 Iview | 2025-11-24 | N/A | 7.2 HIGH |
| Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the ‘ztp_search_value’ parameter to the ‘NetworkServlet’ endpoint. Successful exploitation allows for remote code execution with administrator privileges. | |||||
| CVE-2025-13485 | 1 Admerc | 1 File Management System | 2025-11-24 | 7.5 HIGH | 7.3 HIGH |
| A security flaw has been discovered in itsourcecode Online File Management System 1.0. This issue affects some unknown processing of the file /ajax.php?action=login. The manipulation of the argument Username results in sql injection. The attack may be launched remotely. The exploit has been released to the public and may be exploited. | |||||