Export limit exceeded: 18268 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (18268 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-46442 | 1 Dedecms | 1 Dedecms | 2025-04-11 | 9.8 Critical |
| dedecms <=V5.7.102 is vulnerable to SQL Injection. In sys_ sql_ n query.php there are no restrictions on the sql query. | ||||
| CVE-2024-20360 | 1 Cisco | 1 Secure Firewall Management Center | 2025-04-11 | 8.8 High |
| A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability exists because the web-based management interface does not adequately validate user input. An attacker could exploit this vulnerability by authenticating to the application and sending crafted SQL queries to an affected system. A successful exploit could allow the attacker to obtain any data from the database, execute arbitrary commands on the underlying operating system, and elevate privileges to root. To exploit this vulnerability, an attacker would need at least Read Only user credentials. | ||||
| CVE-2023-28424 | 1 Gentoo | 1 Soko | 2025-04-11 | 9.1 Critical |
| Soko if the code that powers packages.gentoo.org. Prior to version 1.0.2, the two package search handlers, `Search` and `SearchFeed`, implemented in `pkg/app/handler/packages/search.go`, are affected by a SQL injection via the `q` parameter. As a result, unauthenticated attackers can execute arbitrary SQL queries on `https://packages.gentoo.org/`. It was also demonstrated that primitive was enough to gain code execution in the context of the PostgreSQL container. The issue was addressed in commit `4fa6e4b619c0362728955b6ec56eab0e0cbf1e23y` of version 1.0.2 using prepared statements to interpolate user-controlled data in SQL queries. | ||||
| CVE-2024-2584 | 1 Amss\+\+ Project | 1 Amss\+\+ | 2025-04-11 | 8.2 High |
| Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/modules/book/main/select_send.php, in the 'sd_index' parameter. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB. | ||||
| CVE-2024-2586 | 2 Amss\+\+ Project, Amssplus | 2 Amss\+\+, Amss Plus | 2025-04-11 | 8.2 High |
| Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/index.php, in the 'username' parameter. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB. | ||||
| CVE-2022-34324 | 1 Sage | 1 Sage Xrt Business Exchange | 2025-04-11 | 8.8 High |
| Multiple SQL injections in Sage XRT Business Exchange 12.4.302 allow an authenticated attacker to inject malicious data in SQL queries: Add Currencies, Payment Order, and Transfer History. | ||||
| CVE-2024-29386 | 1 Projeqtor | 1 Projeqtor | 2025-04-11 | 5.4 Medium |
| projeqtor up to 11.2.0 was discovered to contain a SQL injection vulnerability via the component /view/criticalResourceExport.php. | ||||
| CVE-2025-3335 | 1 Adonesevangelista | 1 Online Restaurant Management System | 2025-04-11 | 7.3 High |
| A vulnerability was found in codeprojects Online Restaurant Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/category_update.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-3336 | 1 Adonesevangelista | 1 Online Restaurant Management System | 2025-04-11 | 7.3 High |
| A vulnerability was found in codeprojects Online Restaurant Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/member_save.php. The manipulation of the argument last leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | ||||
| CVE-2025-3337 | 1 Adonesevangelista | 1 Online Restaurant Management System | 2025-04-11 | 7.3 High |
| A vulnerability was found in codeprojects Online Restaurant Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/member_update.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-3353 | 1 Phpgurukul | 1 Men Salon Management System | 2025-04-11 | 7.3 High |
| A vulnerability was found in PHPGurukul Men Salon Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/add-services.php. The manipulation of the argument cost leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2010-3267 | 1 Ifdefined | 1 Bugtracker.net | 2025-04-11 | N/A |
| Multiple SQL injection vulnerabilities in BugTracker.NET before 3.4.5 allow remote authenticated users to execute arbitrary SQL commands via (1) the qu_id parameter to bugs.aspx, (2) the row_id parameter to delete_query.aspx, the (3) new_project or (4) us_id parameter to edit_bug.aspx, or (5) the bug_list parameter to massedit.aspx. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2011-4066 | 1 Sir | 1 Gnuboard | 2025-04-11 | N/A |
| SQL injection vulnerability in bbs/tb.php in Gnuboard 4.33.02 and earlier allows remote attackers to execute arbitrary SQL commands via the PATH_INFO. | ||||
| CVE-2009-4669 | 1 Beaussier | 1 Roomphplanning | 2025-04-11 | N/A |
| Multiple SQL injection vulnerabilities in RoomPHPlanning 1.6 allow remote attackers to execute arbitrary SQL commands via (1) the loginus parameter to Login.php or (2) the Old Password field to changepwd.php, and allow (3) remote authenticated administrators to execute arbitrary SQL commands via the id parameter to admin/userform.php. | ||||
| CVE-2011-2703 | 2 Osgeo, Umn | 2 Mapserver, Mapserver | 2025-04-11 | N/A |
| Multiple SQL injection vulnerabilities in MapServer before 4.10.7, 5.x before 5.6.7, and 6.x before 6.0.1 allow remote attackers to execute arbitrary SQL commands via vectors related to (1) OGC filter encoding or (2) WMS time support. | ||||
| CVE-2009-4687 | 1 Hypersilence | 1 Silentum Guestbook | 2025-04-11 | N/A |
| SQL injection vulnerability in silentum_guestbook.php in Silentum Guestbook 2.0.2 allows remote attackers to execute arbitrary SQL commands via the messageid parameter. | ||||
| CVE-2010-3207 | 1 Galeriashqip | 1 Galeriashqip | 2025-04-11 | N/A |
| SQL injection vulnerability in index.php in GaleriaSHQIP 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the album_id parameter. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2011-5222 | 1 Scripte24shop | 1 Php Flirt-projekt | 2025-04-11 | N/A |
| SQL injection vulnerability in rub2_w.php in PHP Flirt-Projekt 4.8 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the rub parameter. | ||||
| CVE-2010-2042 | 1 Shopex | 1 Ecshop | 2025-04-11 | N/A |
| SQL injection vulnerability in search.php in ECShop 2.7.2 allows remote attackers to execute arbitrary SQL commands via the encode parameter. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2011-5230 | 1 Seotoaster | 1 Seotoaster | 2025-04-11 | N/A |
| Multiple SQL injection vulnerabilities in the selectUserIdByLoginPass function in seotoaster_core/application/models/LoginModel.php in Seotoaster 1.9 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) login parameter to sys/login/index or (2) memberLoginName parameter to sys/login/member. | ||||