CWE:
 

Topic
Date
Author
Med.
C-MOR Video Surveillance 5.2401 / 6.00PL01 SQL Injection
10.09.2024
Matthias Deeg
Med.
VICIdial Multiple Authenticated SQL Injection
03.09.2024
h00die
Med.
Dolphin 7.4.2 Blind SQL Injection
08.08.2024
Andrey Stoykov
Med.
WordPress PayPlus Payment Gateway SQL Injection
08.08.2024
j3r1ch0123
Med.
ReadyMade Unilevel Ecommerce MLM Blind SQL Injection / Cross Site Scripting
03.08.2024
OoN_Boy
Med.
Leads Manager Tool SQL Injection / Cross Site Scripting
03.08.2024
OoN_Boy
Med.
Hospital Management System Project In ASP.Net MVC 1 SQL Injection
17.07.2024
0xMykull
Med.
WordPress Poll Maker 5.3.2 SQL Injection
11.07.2024
tmrswrr
Med.
WordPress Poll 2.3.6 SQL Injection
09.07.2024
tmrswrr
Med.
Ivanti EPM RecordGoodApp SQL Injection / Remote Code Execution
09.07.2024
Christophe de la Fuent...
Med.
WordPress Video Gallery - YouTube Gallery And Vimeo Gallery 2.3.6 SQL Injection
06.07.2024
tmrswrr
Med.
Xhibiter NFT Marketplace 1.10.2 SQL Injection
02.07.2024
Sohel yousef
Med.
Carbon Forum 5.9.0 Cross Site Request Forgery / SQL Injection
24.06.2024
bRpsd
Med.
AEGON LIFE 1.0 SQL Injection
15.06.2024
Aslam Anwar Mahimkar
Med.
FengOffice 3.11.1.2 SQL Injection
10.06.2024
Andrey Stoykov
Med.
Online Fire Reporting System OFRS SQL Injection Authentication Bypass
07.06.2024
Diyar Saadi
Med.
Boelter Blue System Management 1.3 SQL Injection
07.06.2024
CBKB
Med.
Online Pizza Ordering System 1.0 SQL Injection
07.06.2024
nu11secur1ty
Med.
BWL Advanced FAQ Manager 2.0.3 SQL Injection
02.06.2024
Ivan Spiridonov
Med.
WordPress XStore Theme 9.3.8 SQL Injection
22.05.2024
Abdualhadi Khalifa
Med.
Chat Bot 1.0 SQL Injection
22.05.2024
nu11secur1ty
Med.
Tenant Limited 1.0 SQL Injection
20.05.2024
nu11secur1ty
Med.
Prison Management System SQL Injection Authentication Bypass
13.05.2024
Sanjay Singh
Med.
SOPlanning 1.52.00 SQL Injection
04.05.2024
liquidsky
Med.
FortiNet FortiClient EMS 7.2.2 / 7.0.10 SQL Injection / Remote Code Execution
25.04.2024
Spencer McIntyre
Med.
Centreon 23.10-1.el8 SQL Injection
16.04.2024
Cody Sixteen
Med.
AMPLE BILLS 0.1 SQL injection
15.04.2024
nu11secur1ty
Med.
Moodle 3.10.1 SQL Injection
15.04.2024
Julio Ángel Ferrari
Med.
UP-RESULT 0.1 2024 SQL Injection
08.04.2024
nu11secur1ty
Med.
Daily Expense Manager 1.0 SQL Injection
08.04.2024
Stefan Hesselman
Med.
Human Resource Management System 2024 1.0 SQL Injection
06.04.2024
nu11secur1ty
Med.
Purei CMS 1.0 SQL Injection
30.03.2024
Number 7
Med.
MobileShop master - SQL Injection Vuln.
26.03.2024
HAZIM ARBAŞ
Med.
CSZCMS v1.3.0 SQL Injection (Authenticated)
20.03.2024
Abdulaziz Almetairy
Med.
Human Resource Management System 1.0 SQL Injection
13.03.2024
Srikar
Med.
WordPress Hide My WP SQL Injection
11.03.2024
Xenofon Vassilakopoulo...
Med.
Enrollment System v1.0 SQL Injection
03.03.2024
Gnanaraj Mauviel
Med.
Membership Management System 1.0 SQL Injection
01.03.2024
SoSPiro
Med.
WP Fastest Cache 1.2.2 Unauthenticated SQL Injection
29.02.2024
Meryem Taşkın
Med.
Blood Bank 1.0 SQL Injection
28.02.2024
Ersin Erenler
Med.
WordPress WP Fastest Cache 1.2.2 SQL Injection
28.02.2024
Meryem Taskin
Med.
Simple Inventory Management System v1.0 email SQL Injection
27.02.2024
SoSPiro
Med.
Fuelflow 1.0 SQL Injection
25.02.2024
nu11secur1ty
Med.
Cacti pollers.php SQL Injection / Remote Code Execution
07.02.2024
Christophe de la Fuent...
Med.
Bank Locker Management System SQL Injection
02.02.2024
SoSPiro
High
xbtitFM 4.1.18 SQL Injection / Shell Upload / Traversal
22.01.2024
Who cares anyway
Med.
WordPress RSVPMaker 9.3.2 SQL Injection
17.01.2024
Amirhossein Bahramizad...
Med.
Copyright Loan Management System 2024 1.0 SQL Injection
13.01.2024
nu11secur1ty
Med.
AdvantechWeb/SCADA 9.1.5U SQL Injection
10.01.2024
Cody Sixteen
High
Hospital Management System 4.0 XSS / Shell Upload / SQL Injection
24.12.2023
Louise Ng
Med.
GilaCMS 1.15.4 SQL Injection
24.12.2023
Louise Ng
Low
Webnink - sql injection Vulnerability
08.11.2023
nabeghehtech
Med.
WordPress AI ChatBot 4.8.9 SQL Injection / Traversal / File Deletion
27.10.2023
Marco Wotschka
Med.
NLB mKlik Makedonija 3.3.12 SQL Injection
16.10.2023
Neurogenesia
Med.
WordPress WP ERP 1.12.2 SQL Injection
16.10.2023
Arvandy
Med.
ChurchCRM 4.5.4 SQL Injection
16.10.2023
Arvandy
Med.
Dawa Pharma 1.0-2022 SQL Injection
14.10.2023
nu11secur1ty
Med.
Smart School 6.4.1 SQL Injection
11.10.2023
CraCkEr
Med.
Academy LMS 6.2 SQL Injection
20.09.2023
CraCkEr
Med.
Taskhub 2.8.7 SQL Injection
20.09.2023
CraCkEr
Med.
WordPress Slimstat Analytics 5.0.9 Cross Site Scripting / SQL Injection
13.09.2023
Lana Codes
Med.
Shuttle Booking Software 1.0 SQL Injection
13.09.2023
nu11secur1ty
Med.
Equipment Rental Script 1.0 SQL Injection
13.09.2023
nu11secur1ty
Med.
Meeting Room Booking System 1.0 SQL Injection
10.09.2023
nu11secur1ty
High
Online ID Generator 1.0 SQL Injection / Shell Upload
31.08.2023
nu11secur1ty
Med.
Business Directory Script 3.2 SQL Injection
26.08.2023
nu11secur1ty
Med.
User Registration And Login And User Management System 3.0 SQL Injection
24.08.2023
Ashutosh Singh Umath
Med.
Global Multi School Management System Express 1.0 SQL Injection
23.08.2023
Ahmet Umit Bayram
Med.
Color Prediction Game 1.0 SQL Injection
23.08.2023
Ahmet Umit Bayram
Med.
OVOO Movie Portal CMS 3.3.3 SQL Injection
23.08.2023
Ahmet Umit Bayram
Med.
Online Diagnostic Lab Management 1.0 SQL Injection
01.08.2023
nu11secur1ty
Med.
Hikvision Hybrid SAN Ds-a71024 SQL Injection
21.07.2023
Thurein Soe
Med.
Faculty Evaluation System v1.0 SQL Injection
21.07.2023
Andrey Stoykov
Med.
Wifi Soft Unibox Administration 3.0 / 3.1 SQL Injection
21.07.2023
Ansh Jain
Med.
CMS SAUDI SOFTECH 5.0.2 SQL Injection
21.07.2023
indoushka
Med.
Groomify v1.0 SQL Injection
06.07.2023
Ahmet Ümit BAYRAM
Med.
WordPress WP AutoComplete Search 1.0.4 SQL Injection
05.07.2023
Matin Nouriyan
Med.
Beauty Salon Management System 1.0 SQL Injection
05.07.2023
Fatih Nacar
Med.
SPIP 4.2.3 SQL Injection
30.06.2023
nu11secur1ty
Med.
MOVEit SQL Injection
25.06.2023
bwatters-r7
Med.
SCRMS 2023-05-27 1.0 Multiple SQL Injection
22.06.2023
nu11secur1ty
Med.
ACJWEB DESIGNER 1.0 SQL Injection
22.06.2023
indoushka
Med.
Expert Job Portal Management System 1.0 SQL Injection
07.06.2023
CraCkEr
Med.
PrinterLogic Build 1.0.757 XSS / SQL Injection / Authentication Bypass
30.05.2023
Nadeem Salim
Med.
Stackposts Social Marketing Tool v1.0 SQL Injection
27.05.2023
Ahmet Ümit BAYRAM
Med.
Quicklancer v1.0 SQL Injection
27.05.2023
Ahmet Ümit BAYRAM
Med.
Smart School 1.0 SQL Injection
24.05.2023
Ahmet Umit Bayram
Med.
LeadPro CRM 1.0 SQL Injection
24.05.2023
Ahmet Umit Bayram
Med.
Service Provider Management System v1.0 SQL Injection
24.05.2023
Ashik Kunjumon
Med.
GaanaGawaana Music Platform PHP Script 1.0 Cross Site Scripting / SQL Injection
21.05.2023
nu11secur1ty
Med.
GaanaGawaana 1.0 SQL Injection
11.05.2023
CraCkEr
Med.
VOTAB Voting Quiz PHP Script 1.0 SQL Injection
10.05.2023
CraCkEr
Med.
Found Information System 1.0 SQL Injection
08.05.2023
nu11secur1ty
Med.
AC Repair And Services 1.0 SQL Injection
03.05.2023
nu11secur1ty
Med.
ChurchCRM 4.5.3 SQL Injection
03.05.2023
Iyaad Luqman K
Med.
Piwigo 13.5.0 SQL Injection
30.04.2023
Rodolfo Tavares
Med.
Chitor-CMS 1.1.2 SQL Injection
21.04.2023
msd0pe
Med.
NotrinosERP 0.7 SQL Injection
10.04.2023
Arvandy
Med.
ChurchCRM 4.5.1 SQL Injection
10.04.2023
Arvandy
Med.
Intern Record System 1.0 SQL Injection
06.04.2023
Hamdi Sevben


CVEMAP Search Results

CVE
Details
Description
2024-09-15
Waiting for details
CVE-2024-8868

Updating...
 

 
A vulnerability was found in code-projects Crud Operation System 1.0. It has been rated as critical. This issue affects some unknown processing of the file savedata.php. The manipulation of the argument sname leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

 
2024-09-14
Waiting for details
CVE-2024-8669

Updating...
 

 
The Backuply �?? Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to SQL Injection via the 'options' parameter passed to the backuply_wp_clone_sql() function in all versions up to, and including, 1.3.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

 
2024-09-13
Waiting for details
CVE-2024-8762

Updating...
 

 
A vulnerability was found in code-projects Crud Operation System 1.0. It has been classified as critical. This affects an unknown part of the file /updatedata.php. The manipulation of the argument sid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

 
Waiting for details
CVE-2024-8784

Updating...
 

 
A vulnerability classified as critical was found in QDocs Smart School Management System 7.0.0. Affected by this vulnerability is an unknown functionality of the file /user/chat/mynewuser of the component Chat. The manipulation of the argument users[] with the input 1'+AND+(SELECT+3220+FROM+(SELECT(SLEEP(5)))ZNun)+AND+'WwBM'%3d'WwBM as part of POST Request Parameter leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 7.0.1 is able to address this issue. It is recommended to upgrade the affected component.

 
2024-09-12
Waiting for details
CVE-2024-8710

Updating...
 

 
A vulnerability classified as critical was found in code-projects Inventory Management 1.0. Affected by this vulnerability is an unknown functionality of the file /model/viewProduct.php of the component Products Table Page. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

 
Waiting for details
CVE-2024-8709

Updating...
 

 
A vulnerability classified as critical has been found in SourceCodester Best House Rental Management System 1.0. Affected is the function delete_user/save_user of the file /admin_class.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

 
Waiting for details
CVE-2024-8529

Updating...
 

 
The LearnPress �?? WordPress LMS Plugin plugin for WordPress is vulnerable to SQL Injection via the 'c_fields' parameter of the /wp-json/lp/v1/courses/archive-course REST API endpoint in all versions up to, and including, 4.2.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

 
Waiting for details
CVE-2024-8522

Updating...
 

 
The LearnPress �?? WordPress LMS Plugin plugin for WordPress is vulnerable to SQL Injection via the 'c_only_fields' parameter of the /wp-json/learnpress/v1/courses REST API endpoint in all versions up to, and including, 4.2.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

 
Waiting for details
CVE-2024-8749

Updating...
 

 
SQL injection vulnerability in idoit pro version 28. This vulnerability could allow an attacker to send a specially crafted query to the ID parameter in /var/www/html/src/classes/modules/api/model/cmdb/isys_api_model_cmdb_objects_by_relation.class.php and retrieve all the information stored in the database.

 
2024-09-11
Waiting for details
CVE-2019-25212

Updating...
 

 
The video carousel slider with lightbox plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 1.0.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

 

 


Copyright 2024, cxsecurity.com

 

Back to Top