Total
15354 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-5224 | 1 Campcodes | 1 Online Hospital Management System | 2025-05-28 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability classified as critical has been found in Campcodes Online Hospital Management System 1.0. Affected is an unknown function of the file /admin/add-doctor.php. The manipulation of the argument Doctorspecialization leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-5225 | 1 Campcodes | 1 Advanced Online Voting System | 2025-05-28 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability, which was classified as critical, was found in Campcodes Advanced Online Voting System 1.0. This affects an unknown part of the file /index.php. The manipulation of the argument voter leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-5229 | 1 Campcodes | 1 Online Hospital Management System | 2025-05-28 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in Campcodes Online Hospital Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/view-patient.php. The manipulation of the argument viewid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-5246 | 1 Campcodes | 1 Online Hospital Management System | 2025-05-28 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability classified as critical was found in Campcodes Online Hospital Management System 1.0. This vulnerability affects unknown code of the file /hms/admin/query-details.php. The manipulation of the argument adminremark leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-5298 | 1 Campcodes | 1 Online Hospital Management System | 2025-05-28 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability, which was classified as critical, was found in Campcodes Online Hospital Management System 1.0. Affected is an unknown function of the file /admin/betweendates-detailsreports.php. The manipulation of the argument fromdate/todate leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-22212 | 1 Convert Forms Project | 1 Convert Forms | 2025-05-28 | N/A | 2.7 LOW |
| A SQL injection vulnerability in the Convert Forms component versions 1.0.0-1.0.0 - 4.4.9 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands in the submission management area in backend. | |||||
| CVE-2024-12964 | 1 1000projects | 1 Daily College Class Work Report Book | 2025-05-28 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in 1000 Projects Daily College Class Work Report Book 1.0. It has been classified as critical. This affects an unknown part of the file /login.php. The manipulation of the argument user leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-48814 | 1 Silverpeas | 1 Silverpeas | 2025-05-28 | N/A | 7.5 HIGH |
| SQL Injection vulnerability in Silverpeas 6.4.1 allows a remote attacker to obtain sensitive information via the ViewType parameter of the findbywhereclause function | |||||
| CVE-2025-4359 | 1 Adrianmercurio | 1 Gym Management System | 2025-05-28 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability classified as critical was found in itsourcecode Gym Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /ajax.php?action=delete_member. The manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-4360 | 1 Adrianmercurio | 1 Gym Management System | 2025-05-28 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability, which was classified as critical, has been found in itsourcecode Gym Management System 1.0. Affected by this issue is some unknown functionality of the file /view_member.php. The manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-4362 | 1 Adrianmercurio | 1 Gym Management System | 2025-05-28 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability classified as critical was found in itsourcecode Gym Management System 1.0. This vulnerability affects unknown code of the file /ajax.php?action=save_membership. The manipulation of the argument member_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-35409 | 1 Webidsupport | 1 Webid | 2025-05-28 | N/A | 9.8 CRITICAL |
| WeBid 1.1.2 is vulnerable to SQL Injection via admin/tax.php. | |||||
| CVE-2025-3242 | 1 Phpgurukul | 1 E-diary Management System | 2025-05-28 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability has been found in PHPGurukul e-Diary Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /search-result.php. The manipulation of the argument id/searchdata leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-3211 | 1 Fabianros | 1 Patient Record Management System | 2025-05-28 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability classified as critical has been found in code-projects Patient Record Management System 1.0. This affects an unknown part of the file /birthing_print.php. The manipulation of the argument itr_no/birth_id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-25775 | 1 Codeastro | 1 Bus Ticket Booking System | 2025-05-28 | N/A | 9.8 CRITICAL |
| Codeastro Bus Ticket Booking System v1.0 is vulnerable to SQL injection via the kodetiket parameter in /BusTicket-CI/tiket/cekorder. | |||||
| CVE-2024-25168 | 1 Dingflow | 1 Snow | 2025-05-28 | N/A | 6.3 MEDIUM |
| SQL injection vulnerability in snow snow v.2.0.0 allows a remote attacker to execute arbitrary code via the dataScope parameter of the system/role/list interface. | |||||
| CVE-2024-28559 | 1 Niushop | 1 B2b2c Multi-business | 2025-05-28 | N/A | 8.8 HIGH |
| SQL injection vulnerability in Niushop B2B2C v.5.3.3 and before allows an attacker to escalate privileges via the setPrice() function of the Goodsbatchset.php component. | |||||
| CVE-2024-28560 | 1 Niushop | 1 B2b2c Multi-business | 2025-05-28 | N/A | 5.4 MEDIUM |
| SQL injection vulnerability in Niushop B2B2C v.5.3.3 and before allows an attacker to escalate privileges via the deleteArea() function of the Address.php component. | |||||
| CVE-2024-9475 | 1 Ays-pro | 1 Poll Maker | 2025-05-28 | N/A | 4.9 MEDIUM |
| The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to generic SQL Injection via the order_by parameter in all versions up to, and including, 5.4.6 due to insufficient escaping on the user-supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level permissions and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | |||||
| CVE-2023-41504 | 1 Code-projects | 1 Student Enrollment | 2025-05-28 | N/A | 8.8 HIGH |
| SQL Injection vulnerability in Student Enrollment In PHP 1.0 allows attackers to run arbitrary code via the Student Search function. | |||||