Total
14476 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-3828 | 1 Phpgurukul | 1 Men Salon Management System | 2025-04-28 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in PHPGurukul Men Salon Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/view-appointment.php?viewid=11. The manipulation of the argument remark leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | |||||
| CVE-2025-3829 | 1 Phpgurukul | 1 Men Salon Management System | 2025-04-28 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in PHPGurukul Men Salon Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/sales-reports-detail.php. The manipulation of the argument fromdate/todate leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-48357 | 1 Lylme | 1 Lylme Spage | 2025-04-28 | N/A | 9.8 CRITICAL |
| LyLme Spage 1.2.0 through 1.6.0 is vulnerable to SQL Injection via /admin/apply.php. | |||||
| CVE-2024-39842 | 1 Centreon | 1 Centreon | 2025-04-28 | N/A | 7.2 HIGH |
| A SQL injection vulnerability in Centreon 24.04.2 allows a remote high-privileged attacker to execute arbitrary SQL command via user massive changes inputs. | |||||
| CVE-2024-39843 | 1 Centreon | 1 Centreon | 2025-04-28 | N/A | 6.7 MEDIUM |
| A SQL injection vulnerability in Centreon 24.04.2 allows a remote high-privileged attacker to execute arbitrary SQL command via create user form inputs. | |||||
| CVE-2024-40456 | 1 Thinksaas | 1 Thinksaas | 2025-04-28 | N/A | 9.8 CRITICAL |
| ThinkSAAS v3.7.0 was discovered to contain a SQL injection vulnerability via the name parameter at \system\action\update.php. | |||||
| CVE-2024-40486 | 1 Lopalopa | 1 Live Membership System | 2025-04-28 | N/A | 9.8 CRITICAL |
| A SQL injection vulnerability in "/index.php" of Kashipara Live Membership System v1.0 allows remote attackers to execute arbitrary SQL commands and bypass Login via the email or password Login parameters. | |||||
| CVE-2024-42994 | 1 Vtiger | 1 Vtiger Crm | 2025-04-28 | N/A | 7.2 HIGH |
| VTiger CRM <= 8.1.0 does not properly sanitize user input before using it in a SQL statement, leading to a SQL Injection in the "CompanyDetails" operation of the "MailManager" module. | |||||
| CVE-2025-3235 | 2025-04-27 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability was found in PHPGurukul Old Age Home Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/profile.php. The manipulation of the argument adminname/contactnumber leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2022-45535 | 1 Aerocms Project | 1 Aerocms | 2025-04-25 | N/A | 4.9 MEDIUM |
| AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the edit parameter at \admin\categories.php. This vulnerability allows attackers to access database information. | |||||
| CVE-2022-45529 | 1 Aerocms Project | 1 Aerocms | 2025-04-25 | N/A | 4.9 MEDIUM |
| AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the post_category_id parameter at \admin\includes\edit_post.php. This vulnerability allows attackers to access database information. | |||||
| CVE-2022-45331 | 1 Aerocms Project | 1 Aerocms | 2025-04-25 | N/A | 7.5 HIGH |
| AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the p_id parameter at \post.php. This vulnerability allows attackers to access database information. | |||||
| CVE-2022-45330 | 1 Aerocms Project | 1 Aerocms | 2025-04-25 | N/A | 7.5 HIGH |
| AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the Category parameter at \category.php. This vulnerability allows attackers to access database information. | |||||
| CVE-2022-44139 | 1 Apartment Visitors Management System Project | 1 Apartment Visitors Management System | 2025-04-25 | N/A | 9.8 CRITICAL |
| Apartment Visitor Management System v1.0 is vulnerable to SQL Injection via /avms/index.php. | |||||
| CVE-2022-44120 | 1 Dedebiz | 1 Dedecmsv6 | 2025-04-25 | N/A | 9.8 CRITICAL |
| dedecmdv6 6.1.9 is vulnerable to SQL Injection. via sys_sql_query.php. | |||||
| CVE-2022-45278 | 1 Jizhicms | 1 Jizhicms | 2025-04-25 | N/A | 8.8 HIGH |
| Jizhicms v2.3.3 was discovered to contain a SQL injection vulnerability via the /index.php/admins/Fields/get_fields.html component. | |||||
| CVE-2022-44399 | 1 Poultry Farm Management System Project | 1 Poultry Farm Management System | 2025-04-25 | N/A | 9.8 CRITICAL |
| Poultry Farm Management System v1.0 contains a SQL injection vulnerability via the del parameter at /Redcock-Farm/farm/category.php. | |||||
| CVE-2022-44278 | 1 Sanitization Management System Project | 1 Sanitization Management System | 2025-04-25 | N/A | 7.2 HIGH |
| Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/?page=user/manage_user&id=. | |||||
| CVE-2022-44140 | 1 Jizhicms | 1 Jizhicms | 2025-04-25 | N/A | 8.8 HIGH |
| Jizhicms v2.3.3 was discovered to contain a SQL injection vulnerability via the /Member/memberedit.html component. | |||||
| CVE-2022-36193 | 1 Lahirudanushka | 1 School Management System | 2025-04-25 | N/A | 9.8 CRITICAL |
| SQL injection in School Management System 1.0 allows remote attackers to modify or delete data, causing persistent changes to the application's content or behavior by using malicious SQL queries. | |||||