Total
15388 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-39179 | 1 College Management System Project | 1 College Management System | 2025-04-28 | N/A | 7.2 HIGH |
| College Management System v1.0 - Authenticated remote code execution. An admin user (the authentication can be bypassed using SQL Injection that mentioned in my other report) can upload .php file that contains malicious code via student.php file. | |||||
| CVE-2022-43213 | 1 Billing System Project Project | 1 Billing System Project | 2025-04-28 | N/A | 9.8 CRITICAL |
| Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at editorder.php. | |||||
| CVE-2025-3827 | 1 Phpgurukul | 1 Men Salon Management System | 2025-04-28 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability has been found in PHPGurukul Men Salon Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/forgot-password.php. The manipulation of the argument email leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-3828 | 1 Phpgurukul | 1 Men Salon Management System | 2025-04-28 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in PHPGurukul Men Salon Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/view-appointment.php?viewid=11. The manipulation of the argument remark leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | |||||
| CVE-2025-3829 | 1 Phpgurukul | 1 Men Salon Management System | 2025-04-28 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in PHPGurukul Men Salon Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/sales-reports-detail.php. The manipulation of the argument fromdate/todate leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-48357 | 1 Lylme | 1 Lylme Spage | 2025-04-28 | N/A | 9.8 CRITICAL |
| LyLme Spage 1.2.0 through 1.6.0 is vulnerable to SQL Injection via /admin/apply.php. | |||||
| CVE-2024-39842 | 1 Centreon | 1 Centreon | 2025-04-28 | N/A | 7.2 HIGH |
| A SQL injection vulnerability in Centreon 24.04.2 allows a remote high-privileged attacker to execute arbitrary SQL command via user massive changes inputs. | |||||
| CVE-2024-39843 | 1 Centreon | 1 Centreon | 2025-04-28 | N/A | 6.7 MEDIUM |
| A SQL injection vulnerability in Centreon 24.04.2 allows a remote high-privileged attacker to execute arbitrary SQL command via create user form inputs. | |||||
| CVE-2024-40456 | 1 Thinksaas | 1 Thinksaas | 2025-04-28 | N/A | 9.8 CRITICAL |
| ThinkSAAS v3.7.0 was discovered to contain a SQL injection vulnerability via the name parameter at \system\action\update.php. | |||||
| CVE-2024-40486 | 1 Lopalopa | 1 Live Membership System | 2025-04-28 | N/A | 9.8 CRITICAL |
| A SQL injection vulnerability in "/index.php" of Kashipara Live Membership System v1.0 allows remote attackers to execute arbitrary SQL commands and bypass Login via the email or password Login parameters. | |||||
| CVE-2024-42994 | 1 Vtiger | 1 Vtiger Crm | 2025-04-28 | N/A | 7.2 HIGH |
| VTiger CRM <= 8.1.0 does not properly sanitize user input before using it in a SQL statement, leading to a SQL Injection in the "CompanyDetails" operation of the "MailManager" module. | |||||
| CVE-2022-45535 | 1 Aerocms Project | 1 Aerocms | 2025-04-25 | N/A | 4.9 MEDIUM |
| AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the edit parameter at \admin\categories.php. This vulnerability allows attackers to access database information. | |||||
| CVE-2022-45529 | 1 Aerocms Project | 1 Aerocms | 2025-04-25 | N/A | 4.9 MEDIUM |
| AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the post_category_id parameter at \admin\includes\edit_post.php. This vulnerability allows attackers to access database information. | |||||
| CVE-2022-45331 | 1 Aerocms Project | 1 Aerocms | 2025-04-25 | N/A | 7.5 HIGH |
| AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the p_id parameter at \post.php. This vulnerability allows attackers to access database information. | |||||
| CVE-2022-45330 | 1 Aerocms Project | 1 Aerocms | 2025-04-25 | N/A | 7.5 HIGH |
| AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the Category parameter at \category.php. This vulnerability allows attackers to access database information. | |||||
| CVE-2022-44139 | 1 Apartment Visitors Management System Project | 1 Apartment Visitors Management System | 2025-04-25 | N/A | 9.8 CRITICAL |
| Apartment Visitor Management System v1.0 is vulnerable to SQL Injection via /avms/index.php. | |||||
| CVE-2022-44120 | 1 Dedebiz | 1 Dedecmsv6 | 2025-04-25 | N/A | 9.8 CRITICAL |
| dedecmdv6 6.1.9 is vulnerable to SQL Injection. via sys_sql_query.php. | |||||
| CVE-2022-45278 | 1 Jizhicms | 1 Jizhicms | 2025-04-25 | N/A | 8.8 HIGH |
| Jizhicms v2.3.3 was discovered to contain a SQL injection vulnerability via the /index.php/admins/Fields/get_fields.html component. | |||||
| CVE-2022-44399 | 1 Poultry Farm Management System Project | 1 Poultry Farm Management System | 2025-04-25 | N/A | 9.8 CRITICAL |
| Poultry Farm Management System v1.0 contains a SQL injection vulnerability via the del parameter at /Redcock-Farm/farm/category.php. | |||||
| CVE-2022-44278 | 1 Sanitization Management System Project | 1 Sanitization Management System | 2025-04-25 | N/A | 7.2 HIGH |
| Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/?page=user/manage_user&id=. | |||||