Total
19306 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-43775 | 1 Easytest | 1 Easytest Online Test Platform | 2024-09-04 | N/A | 8.8 HIGH |
| SQL Injection in search course titles function of Easytest Online Test Platform ver.24E01 and earlier allow remote authenticated users to execute arbitrary SQL commands via the search parameter. | |||||
| CVE-2024-43774 | 1 Easytest | 1 Easytest Online Test Platform | 2024-09-04 | N/A | 8.8 HIGH |
| SQL Injection in download personal learning course function of Easytest Online Test Platform ver.24E01 and earlier allow remote authenticated users to execute arbitrary SQL commands via the uid parameter. | |||||
| CVE-2024-43773 | 1 Easytest | 1 Easytest Online Test Platform | 2024-09-04 | N/A | 9.8 CRITICAL |
| SQL Injection in download class learning course function of Easytest Online Test Platform ver.24E01 and earlier allow remote attackers to execute arbitrary SQL commands via the cstr parameter. | |||||
| CVE-2024-43772 | 1 Easytest | 1 Easytest Online Test Platform | 2024-09-04 | N/A | 9.8 CRITICAL |
| SQL Injection in download student learning course function of Easytest Online Test Platform ver.24E01 and earlier allow remote attackers to execute arbitrary SQL commands via the uid parameter. | |||||
| CVE-2024-8344 | 1 Campcodes | 1 Supplier Management System | 2024-09-03 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability has been found in Campcodes Supplier Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/edit_area.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-7936 | 1 Project Expense Monitoring System Project | 1 Project Expense Monitoring System | 2024-09-03 | 6.5 MEDIUM | 9.8 CRITICAL |
| A vulnerability classified as critical has been found in itsourcecode Project Expense Monitoring System 1.0. This affects an unknown part of the file transferred_report.php. The manipulation of the argument start/end/employee leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-7937 | 1 Project Expense Monitoring System Project | 1 Project Expense Monitoring System | 2024-09-03 | 6.5 MEDIUM | 9.8 CRITICAL |
| A vulnerability classified as critical was found in itsourcecode Project Expense Monitoring System 1.0. This vulnerability affects unknown code of the file printtransfer.php. The manipulation of the argument transfer_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-42568 | 1 Arajajyothibabu | 1 School Management System | 2024-09-03 | N/A | 9.8 CRITICAL |
| School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the transport parameter at vehicle.php. | |||||
| CVE-2024-8331 | 1 Openrapid | 1 Rapidcms | 2024-09-03 | 6.5 MEDIUM | 9.8 CRITICAL |
| A vulnerability was found in OpenRapid RapidCMS up to 1.3.1. It has been classified as critical. This affects an unknown part of the file /admin/user/user-move-run.php. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-8332 | 1 Master-nan | 1 Sweet-cms | 2024-09-03 | 6.5 MEDIUM | 9.8 CRITICAL |
| A vulnerability was found in master-nan Sweet-CMS up to 5f441e022b8876f07cde709c77b5be6d2f262e3f. It has been declared as critical. This vulnerability affects unknown code of the file /table/index. The manipulation leads to sql injection. The attack can be initiated remotely. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The name of the patch is 146359646a5a90cb09156dbd0013b7df77f2aa6c. It is recommended to apply a patch to fix this issue. | |||||
| CVE-2024-41236 | 1 Lopalopa | 1 Responsive School Management System | 2024-08-30 | N/A | 7.2 HIGH |
| A SQL injection vulnerability in /smsa/admin_login.php in Kashipara Responsive School Management System v3.2.0 allows an attacker to execute arbitrary SQL commands via the "username" parameter of the Admin Login Page | |||||
| CVE-2024-29723 | 1 Sportsnet | 1 Sportsnet | 2024-08-30 | N/A | 9.8 CRITICAL |
| SQL injection vulnerabilities in SportsNET affecting version 4.0.1. These vulnerabilities could allow an attacker to retrieve, update and delete all information in the database by sending a specially crafted SQL query: https://XXXXXXX.saludydesafio.com/conexiones/ax/openTracExt/, parameter categoria;. | |||||
| CVE-2024-29724 | 1 Sportsnet | 1 Sportsnet | 2024-08-30 | N/A | 9.8 CRITICAL |
| SQL injection vulnerabilities in SportsNET affecting version 4.0.1. These vulnerabilities could allow an attacker to retrieve, update and delete all information in the database by sending a specially crafted SQL query: https://XXXXXXX.saludydesafio.com/ax/registerSp/, parameter idDesafio. | |||||
| CVE-2024-29725 | 1 Sportsnet | 1 Sportsnet | 2024-08-30 | N/A | 9.8 CRITICAL |
| SQL injection vulnerabilities in SportsNET affecting version 4.0.1. These vulnerabilities could allow an attacker to retrieve, update and delete all information in the database by sending a specially crafted SQL query: https://XXXXXXX.saludydesafio.com/app/ax/sort_bloques/, parameter list. | |||||
| CVE-2024-29726 | 1 Sportsnet | 1 Sportsnet | 2024-08-30 | N/A | 9.8 CRITICAL |
| SQL injection vulnerabilities in SportsNET affecting version 4.0.1. These vulnerabilities could allow an attacker to retrieve, update and delete all information in the database by sending a specially crafted SQL query: https://XXXXXXX.saludydesafio.com/app/ax/setAsRead/, parameter id. | |||||
| CVE-2024-29728 | 1 Sportsnet | 1 Sportsnet | 2024-08-30 | N/A | 9.8 CRITICAL |
| SQL injection vulnerabilities in SportsNET affecting version 4.0.1. These vulnerabilities could allow an attacker to retrieve, update and delete all information in the database by sending a specially crafted SQL query: https://XXXXXXX.saludydesafio.com/app/ax/inscribeUsuario/ , parameter idDesafio. | |||||
| CVE-2024-29729 | 1 Sportsnet | 1 Sportsnet | 2024-08-30 | N/A | 9.8 CRITICAL |
| SQL injection vulnerabilities in SportsNET affecting version 4.0.1. These vulnerabilities could allow an attacker to retrieve, update and delete all information in the database by sending a specially crafted SQL query: https://XXXXXXX.saludydesafio.com/app/ax/generateShortURL/, parameter url. | |||||
| CVE-2024-29730 | 1 Sportsnet | 1 Sportsnet | 2024-08-30 | N/A | 9.8 CRITICAL |
| SQL injection vulnerabilities in SportsNET affecting version 4.0.1. These vulnerabilities could allow an attacker to retrieve, update and delete all information in the database by sending a specially crafted SQL query: https://XXXXXXX.saludydesafio.com/app/ax/consejoRandom/ , parameter idCat;. | |||||
| CVE-2024-29731 | 1 Sportsnet | 1 Sportsnet | 2024-08-30 | N/A | 9.8 CRITICAL |
| SQL injection vulnerabilities in SportsNET affecting version 4.0.1. These vulnerabilities could allow an attacker to retrieve, update and delete all information in the database by sending a specially crafted SQL query: https://XXXXXXX.saludydesafio.com/app/ax/checkBlindFields/ , parameters idChallenge and idEmpresa. | |||||
| CVE-2024-29727 | 1 Sportsnet | 1 Sportsnet | 2024-08-30 | N/A | 9.8 CRITICAL |
| SQL injection vulnerabilities in SportsNET affecting version 4.0.1. These vulnerabilities could allow an attacker to retrieve, update and delete all information in the database by sending a specially crafted SQL query: https://XXXXXXX.saludydesafio.com/app/ax/sendParticipationRemember/ , parameter send. | |||||