Total
15984 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-6410 | 1 Phpgurukul | 1 Art Gallery Management System | 2025-06-24 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in PHPGurukul Art Gallery Management System 1.1. It has been classified as critical. Affected is an unknown function of the file /admin/edit-art-medium-detail.php. The manipulation of the argument editid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-6411 | 1 Phpgurukul | 1 Art Gallery Management System | 2025-06-24 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in PHPGurukul Art Gallery Management System 1.1. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/changepropic.php. The manipulation of the argument imageid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-6412 | 1 Phpgurukul | 1 Art Gallery Management System | 2025-06-24 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in PHPGurukul Art Gallery Management System 1.1. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/changeimage.php. The manipulation of the argument editid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-6413 | 1 Phpgurukul | 1 Art Gallery Management System | 2025-06-24 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability classified as critical has been found in PHPGurukul Art Gallery Management System 1.1. This affects an unknown part of the file /admin/changeimage1.php. The manipulation of the argument editid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-6414 | 1 Phpgurukul | 1 Art Gallery Management System | 2025-06-24 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability classified as critical was found in PHPGurukul Art Gallery Management System 1.1. This vulnerability affects unknown code of the file /admin/changeimage2.php. The manipulation of the argument editid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-6415 | 1 Phpgurukul | 1 Art Gallery Management System | 2025-06-24 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability, which was classified as critical, has been found in PHPGurukul Art Gallery Management System 1.1. This issue affects some unknown processing of the file /admin/changeimage3.php. The manipulation of the argument editid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-6416 | 1 Phpgurukul | 1 Art Gallery Management System | 2025-06-24 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability, which was classified as critical, was found in PHPGurukul Art Gallery Management System 1.1. Affected is an unknown function of the file /admin/changeimage4.php. The manipulation of the argument editid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-6417 | 1 Phpgurukul | 1 Art Gallery Management System | 2025-06-24 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability has been found in PHPGurukul Art Gallery Management System 1.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/add-artist.php. The manipulation of the argument awarddetails leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-1858 | 1 Codezips | 1 Online Shopping Website | 2025-06-24 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability classified as critical was found in Codezips Online Shopping Website 1.0. This vulnerability affects unknown code of the file /success.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-1856 | 1 Codezips | 1 Gym Management System | 2025-06-24 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in Codezips Gym Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /dashboard/admin/gen_invoice.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-51164 | 1 Ketr | 1 Jepaas | 2025-06-24 | N/A | 9.1 CRITICAL |
| Multiple parameters have SQL injection vulnerability in JEPaaS 7.2.8 via /je/login/btnLog/insertBtnLog, which could allow a remote user to submit a specially crafted query, allowing an attacker to retrieve all the information stored in the DB. | |||||
| CVE-2025-1854 | 1 Codezips | 1 Gym Management System | 2025-06-24 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in Codezips Gym Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /dashboard/admin/del_member.php. The manipulation of the argument name leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2021-1470 | 1 Cisco | 1 Catalyst Sd-wan Manager | 2025-06-24 | N/A | 4.9 MEDIUM |
| A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability is due to improper input validation of SQL queries to an affected system. An attacker could exploit this vulnerability by authenticating to the application and sending malicious SQL queries to an affected system. A successful exploit could allow the attacker to modify values on or return values from the vManage database or the underlying operating system.Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities. | |||||
| CVE-2025-26136 | 1 Wangl1989 | 1 Mysiteforme | 2025-06-24 | N/A | 9.8 CRITICAL |
| A SQL injection vulnerability exists in mysiteforme versions prior to 2025.01.1. | |||||
| CVE-2024-51165 | 1 Ketr | 1 Jepaas | 2025-06-24 | N/A | 7.5 HIGH |
| SQL injection vulnerability in JEPAAS7.2.8, via /je/rbac/rbac/loadLoginCount in the dateVal parameter, which could allow a remote user to submit a specially crafted query, allowing an attacker to retrieve all the information stored in the DB. | |||||
| CVE-2024-57430 | 1 Phpjabbers | 1 Cinema Booking System | 2025-06-24 | N/A | 9.8 CRITICAL |
| An SQL injection vulnerability in the pjActionGetUser function of PHPJabbers Cinema Booking System v2.0 allows attackers to manipulate database queries via the column parameter. Exploiting this flaw can lead to unauthorized information disclosure, privilege escalation, or database manipulation. | |||||
| CVE-2025-6267 | 2025-06-23 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability was found in zhilink 智互联(深圳)科技有限公司 ADP Application Developer Platform 应用开发者平台 1.0.0. It has been rated as critical. This issue affects some unknown processing of the file /adpweb/a/base/barcodeDetail/. The manipulation of the argument barcodeNo/barcode/itemNo leads to sql injection. The attack may be initiated remotely. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-4738 | 2025-06-23 | N/A | 9.8 CRITICAL | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Yirmibes Software MY ERP allows SQL Injection.This issue affects MY ERP: before 1.170. | |||||
| CVE-2025-6277 | 2025-06-23 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability classified as critical has been found in Brilliance Golden Link Secondary System up to 20250609. This affects an unknown part of the file /storagework/custTakeInfoPage.htm. The manipulation of the argument custTradeName leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-52821 | 2025-06-23 | N/A | 8.5 HIGH | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in thanhtungtnt Video List Manager allows SQL Injection. This issue affects Video List Manager: from n/a through 1.7. | |||||