Total
16020 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-48814 | 1 Silverpeas | 1 Silverpeas | 2025-05-28 | N/A | 7.5 HIGH |
| SQL Injection vulnerability in Silverpeas 6.4.1 allows a remote attacker to obtain sensitive information via the ViewType parameter of the findbywhereclause function | |||||
| CVE-2025-4359 | 1 Adrianmercurio | 1 Gym Management System | 2025-05-28 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability classified as critical was found in itsourcecode Gym Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /ajax.php?action=delete_member. The manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-4360 | 1 Adrianmercurio | 1 Gym Management System | 2025-05-28 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability, which was classified as critical, has been found in itsourcecode Gym Management System 1.0. Affected by this issue is some unknown functionality of the file /view_member.php. The manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-4362 | 1 Adrianmercurio | 1 Gym Management System | 2025-05-28 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability classified as critical was found in itsourcecode Gym Management System 1.0. This vulnerability affects unknown code of the file /ajax.php?action=save_membership. The manipulation of the argument member_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-35409 | 1 Webidsupport | 1 Webid | 2025-05-28 | N/A | 9.8 CRITICAL |
| WeBid 1.1.2 is vulnerable to SQL Injection via admin/tax.php. | |||||
| CVE-2025-3242 | 1 Phpgurukul | 1 E-diary Management System | 2025-05-28 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability has been found in PHPGurukul e-Diary Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /search-result.php. The manipulation of the argument id/searchdata leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-3211 | 1 Fabianros | 1 Patient Record Management System | 2025-05-28 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability classified as critical has been found in code-projects Patient Record Management System 1.0. This affects an unknown part of the file /birthing_print.php. The manipulation of the argument itr_no/birth_id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-25775 | 1 Codeastro | 1 Bus Ticket Booking System | 2025-05-28 | N/A | 9.8 CRITICAL |
| Codeastro Bus Ticket Booking System v1.0 is vulnerable to SQL injection via the kodetiket parameter in /BusTicket-CI/tiket/cekorder. | |||||
| CVE-2024-25168 | 1 Dingflow | 1 Snow | 2025-05-28 | N/A | 6.3 MEDIUM |
| SQL injection vulnerability in snow snow v.2.0.0 allows a remote attacker to execute arbitrary code via the dataScope parameter of the system/role/list interface. | |||||
| CVE-2024-28559 | 1 Niushop | 1 B2b2c Multi-business | 2025-05-28 | N/A | 8.8 HIGH |
| SQL injection vulnerability in Niushop B2B2C v.5.3.3 and before allows an attacker to escalate privileges via the setPrice() function of the Goodsbatchset.php component. | |||||
| CVE-2024-28560 | 1 Niushop | 1 B2b2c Multi-business | 2025-05-28 | N/A | 5.4 MEDIUM |
| SQL injection vulnerability in Niushop B2B2C v.5.3.3 and before allows an attacker to escalate privileges via the deleteArea() function of the Address.php component. | |||||
| CVE-2024-9475 | 1 Ays-pro | 1 Poll Maker | 2025-05-28 | N/A | 4.9 MEDIUM |
| The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to generic SQL Injection via the order_by parameter in all versions up to, and including, 5.4.6 due to insufficient escaping on the user-supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level permissions and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | |||||
| CVE-2023-41504 | 1 Code-projects | 1 Student Enrollment | 2025-05-28 | N/A | 8.8 HIGH |
| SQL Injection vulnerability in Student Enrollment In PHP 1.0 allows attackers to run arbitrary code via the Student Search function. | |||||
| CVE-2025-2847 | 1 Codezips | 1 Gym Management System | 2025-05-28 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability, which was classified as critical, has been found in Codezips Gym Management System 1.0. This issue affects some unknown processing of the file /dashboard/admin/over_month.php. The manipulation of the argument mm leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-57768 | 1 Jfinaloa Project | 1 Jfinaloa | 2025-05-28 | N/A | 9.8 CRITICAL |
| JFinalOA before v2025.01.01 was discovered to contain a SQL injection vulnerability via the component validRoleKey?sysRole.key. | |||||
| CVE-2025-3309 | 1 Adonesevangelista | 1 Online Blood Bank Management System | 2025-05-28 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in code-projects Blood Bank Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/campsdetails.php. The manipulation of the argument hospital leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-3310 | 1 Adonesevangelista | 1 Online Blood Bank Management System | 2025-05-28 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability classified as critical has been found in code-projects Blood Bank Management System 1.0. This affects an unknown part of the file /admin/delete.php. The manipulation of the argument Search leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-50706 | 1 Uniguest | 1 Tripleplay | 2025-05-28 | N/A | 9.8 CRITICAL |
| Unauthenticated SQL injection vulnerability in Uniguest Tripleplay version 23.1+ allows remote attackers to execute arbitrary SQL queries on the backend database. | |||||
| CVE-2025-1162 | 1 Anisha | 1 Job Recruitment | 2025-05-28 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability classified as critical has been found in code-projects Job Recruitment 1.0. This affects an unknown part of the file /\_parse/load\_user-profile.php. The manipulation of the argument userhash leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2022-37205 | 1 Jflyfox | 1 Jfinal Cms | 2025-05-28 | N/A | 8.8 HIGH |
| JFinal CMS 5.1.0 is affected by: SQL Injection. These interfaces do not use the same component, nor do they have filters, but each uses its own SQL concatenation method, resulting in SQL injection. | |||||