Total
15984 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-4778 | 1 Phpgurukul | 1 Park Ticketing Management System | 2025-06-20 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in PHPGurukul Park Ticketing Management System 2.0. It has been declared as critical. This vulnerability affects unknown code of the file /normal-search.php. The manipulation of the argument searchdata leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2023-6620 | 1 Wpexperts | 1 Post Smtp | 2025-06-20 | N/A | 7.2 HIGH |
| The POST SMTP Mailer WordPress plugin before 2.8.7 does not properly sanitise and escape several parameters before using them in SQL statements, leading to a SQL injection exploitable by high privilege users such as admin. | |||||
| CVE-2023-51978 | 1 Phpgurukul | 1 Art Gallery Management System | 2025-06-20 | N/A | 6.5 MEDIUM |
| In PHPGurukul Art Gallery Management System v1.1, "Update Artist Image" functionality of "imageid" parameter is vulnerable to SQL Injection. | |||||
| CVE-2023-51805 | 1 Tduckcloud | 1 Tduck-platform | 2025-06-20 | N/A | 6.5 MEDIUM |
| SQL Injection vulnerability in TDuckCLoud tduck-platform v.4.0 allows a remote attacker to obtain sensitive information via the getFormKey parameter in the search function of FormDataMysqlService.java file. | |||||
| CVE-2023-30016 | 1 Oretnom23 | 1 Judging Management System | 2025-06-20 | N/A | 9.8 CRITICAL |
| SQL Injection vulnerability in oretnom23 Judging Management System v1.0, allows remote attackers to execute arbitrary code and obtain sensitive information via sub_event_id parameter in sub_event_details_edit.php. | |||||
| CVE-2022-3764 | 1 Wpvibes | 1 Form Vibes | 2025-06-20 | N/A | 7.2 HIGH |
| The plugin does not filter the "delete_entries" parameter from user requests, leading to an SQL Injection vulnerability. | |||||
| CVE-2021-24151 | 1 Benjaminrojas | 1 Wp Editor | 2025-06-20 | N/A | 7.2 HIGH |
| The WP Editor WordPress plugin before 1.2.7 did not sanitise or validate its setting fields leading to an authenticated (admin+) blind SQL injection issue via an arbitrary parameter when making a request to save the settings. | |||||
| CVE-2023-48864 | 1 Sem-cms | 1 Semcms | 2025-06-20 | N/A | 7.5 HIGH |
| SEMCMS v4.8 was discovered to contain a SQL injection vulnerability via the languageID parameter in /web_inc.php. | |||||
| CVE-2025-6005 | 1 Kicode111 | 1 Like-girl | 2025-06-20 | 5.8 MEDIUM | 4.7 MEDIUM |
| A vulnerability classified as critical was found in kiCode111 like-girl 5.2.0. This vulnerability affects unknown code of the file /admin/aboutPost.php. The manipulation of the argument title/aboutimg/info1/info2/info3/btn1/btn2/infox1/infox2/infox3/infox4/infox5/infox6/btnx2/infof1/infof2/infof3/infof4/btnf3/infod1/infod2/infod3/infod4/infod5 leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-6006 | 1 Kicode111 | 1 Like-girl | 2025-06-20 | 5.8 MEDIUM | 4.7 MEDIUM |
| A vulnerability, which was classified as critical, has been found in kiCode111 like-girl 5.2.0. This issue affects some unknown processing of the file /admin/ImgUpdaPost.php. The manipulation of the argument id/imgText/imgDatd/imgUrl leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-6007 | 1 Kicode111 | 1 Like-girl | 2025-06-19 | 5.8 MEDIUM | 4.7 MEDIUM |
| A vulnerability, which was classified as critical, was found in kiCode111 like-girl 5.2.0. Affected is an unknown function of the file /admin/CopyadminPost.php. The manipulation of the argument icp/Copyright leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-6008 | 1 Kicode111 | 1 Like-girl | 2025-06-19 | 5.8 MEDIUM | 4.7 MEDIUM |
| A vulnerability has been found in kiCode111 like-girl 5.2.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/ImgAddPost.php. The manipulation of the argument imgDatd/imgText/imgUrl leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-6009 | 1 Kicode111 | 1 Like-girl | 2025-06-19 | 5.8 MEDIUM | 4.7 MEDIUM |
| A vulnerability was found in kiCode111 like-girl 5.2.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/ipAddPost.php. The manipulation of the argument bz/ipdz leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-44755 | 1 Mayurik | 1 Sacco Management System | 2025-06-19 | N/A | 9.8 CRITICAL |
| Sacco Management system v1.0 was discovered to contain a SQL injection vulnerability via the password parameter at /sacco/ajax.php. | |||||
| CVE-2025-25580 | 1 R1bbit | 1 Yimioa | 2025-06-19 | N/A | 6.1 MEDIUM |
| yimioa before v2024.07.04 was discovered to contain a SQL injection vulnerability via the listNameBySql() method at /xml/UserMapper.xml. | |||||
| CVE-2025-25590 | 1 R1bbit | 1 Yimioa | 2025-06-19 | N/A | 6.1 MEDIUM |
| yimioa before v2024.07.04 was discovered to contain a SQL injection vulnerability via the component /mapper/xml/AddressDao.xml. | |||||
| CVE-2025-22980 | 1 Slims | 1 Senayan Library Management System Bulian | 2025-06-18 | N/A | 6.7 MEDIUM |
| A SQL Injection vulnerability exists in Senayan Library Management System SLiMS 9 Bulian 9.6.1 via the tempLoanID parameter in the loan form on /admin/modules/circulation/loan.php. | |||||
| CVE-2025-49211 | 2025-06-18 | N/A | 7.7 HIGH | ||
| A SQL injection vulnerability in the Trend Micro Endpoint Encryption PolicyServer could allow an attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability. | |||||
| CVE-2025-49218 | 2025-06-18 | N/A | 7.7 HIGH | ||
| A post-auth SQL injection vulnerability in the Trend Micro Endpoint Encryption PolicyServer could allow an attacker to escalate privileges on affected installations. This is similar to, but not identical to CVE-2025-49215. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability. | |||||
| CVE-2025-27753 | 2025-06-17 | N/A | 6.5 MEDIUM | ||
| A SQLi vulnerability in RSMediaGallery component 1.7.4 - 2.1.6 for Joomla was discovered. The vulnerability is due to the use of unescaped user-supplied parameters in SQL queries within the dashboard component. This allows an authenticated attacker to inject malicious SQL code through unsanitized input fields, which are used directly in SQL queries. Exploiting this flaw can lead to unauthorized database access, data leakage, or modification of records. | |||||