CWE:
 

Topic
Date
Author
Med.
Cacti pollers.php SQL Injection / Remote Code Execution
07.02.2024
Christophe de la Fuent...
Med.
Bank Locker Management System SQL Injection
02.02.2024
SoSPiro
High
xbtitFM 4.1.18 SQL Injection / Shell Upload / Traversal
22.01.2024
Who cares anyway
Med.
WordPress RSVPMaker 9.3.2 SQL Injection
17.01.2024
Amirhossein Bahramizad...
Med.
Copyright Loan Management System 2024 1.0 SQL Injection
13.01.2024
nu11secur1ty
Med.
AdvantechWeb/SCADA 9.1.5U SQL Injection
10.01.2024
Cody Sixteen
High
Hospital Management System 4.0 XSS / Shell Upload / SQL Injection
24.12.2023
Louise Ng
Med.
GilaCMS 1.15.4 SQL Injection
24.12.2023
Louise Ng
Low
Webnink - sql injection Vulnerability
08.11.2023
nabeghehtech
Med.
WordPress AI ChatBot 4.8.9 SQL Injection / Traversal / File Deletion
27.10.2023
Marco Wotschka
Med.
NLB mKlik Makedonija 3.3.12 SQL Injection
16.10.2023
Neurogenesia
Med.
WordPress WP ERP 1.12.2 SQL Injection
16.10.2023
Arvandy
Med.
ChurchCRM 4.5.4 SQL Injection
16.10.2023
Arvandy
Med.
Dawa Pharma 1.0-2022 SQL Injection
14.10.2023
nu11secur1ty
Med.
Smart School 6.4.1 SQL Injection
11.10.2023
CraCkEr
Med.
Academy LMS 6.2 SQL Injection
20.09.2023
CraCkEr
Med.
Taskhub 2.8.7 SQL Injection
20.09.2023
CraCkEr
Med.
WordPress Slimstat Analytics 5.0.9 Cross Site Scripting / SQL Injection
13.09.2023
Lana Codes
Med.
Shuttle Booking Software 1.0 SQL Injection
13.09.2023
nu11secur1ty
Med.
Equipment Rental Script 1.0 SQL Injection
13.09.2023
nu11secur1ty
Med.
Meeting Room Booking System 1.0 SQL Injection
10.09.2023
nu11secur1ty
High
Online ID Generator 1.0 SQL Injection / Shell Upload
31.08.2023
nu11secur1ty
Med.
Business Directory Script 3.2 SQL Injection
26.08.2023
nu11secur1ty
Med.
User Registration And Login And User Management System 3.0 SQL Injection
24.08.2023
Ashutosh Singh Umath
Med.
Global Multi School Management System Express 1.0 SQL Injection
23.08.2023
Ahmet Umit Bayram
Med.
Color Prediction Game 1.0 SQL Injection
23.08.2023
Ahmet Umit Bayram
Med.
OVOO Movie Portal CMS 3.3.3 SQL Injection
23.08.2023
Ahmet Umit Bayram
Med.
Online Diagnostic Lab Management 1.0 SQL Injection
01.08.2023
nu11secur1ty
Med.
Hikvision Hybrid SAN Ds-a71024 SQL Injection
21.07.2023
Thurein Soe
Med.
Faculty Evaluation System v1.0 SQL Injection
21.07.2023
Andrey Stoykov
Med.
Wifi Soft Unibox Administration 3.0 / 3.1 SQL Injection
21.07.2023
Ansh Jain
Med.
CMS SAUDI SOFTECH 5.0.2 SQL Injection
21.07.2023
indoushka
Med.
Groomify v1.0 SQL Injection
06.07.2023
Ahmet Ümit BAYRAM
Med.
WordPress WP AutoComplete Search 1.0.4 SQL Injection
05.07.2023
Matin Nouriyan
Med.
Beauty Salon Management System 1.0 SQL Injection
05.07.2023
Fatih Nacar
Med.
SPIP 4.2.3 SQL Injection
30.06.2023
nu11secur1ty
Med.
MOVEit SQL Injection
25.06.2023
bwatters-r7
Med.
SCRMS 2023-05-27 1.0 Multiple SQL Injection
22.06.2023
nu11secur1ty
Med.
ACJWEB DESIGNER 1.0 SQL Injection
22.06.2023
indoushka
Med.
Expert Job Portal Management System 1.0 SQL Injection
07.06.2023
CraCkEr
Med.
PrinterLogic Build 1.0.757 XSS / SQL Injection / Authentication Bypass
30.05.2023
Nadeem Salim
Med.
Stackposts Social Marketing Tool v1.0 SQL Injection
27.05.2023
Ahmet Ümit BAYRAM
Med.
Quicklancer v1.0 SQL Injection
27.05.2023
Ahmet Ümit BAYRAM
Med.
Smart School 1.0 SQL Injection
24.05.2023
Ahmet Umit Bayram
Med.
LeadPro CRM 1.0 SQL Injection
24.05.2023
Ahmet Umit Bayram
Med.
Service Provider Management System v1.0 SQL Injection
24.05.2023
Ashik Kunjumon
Med.
GaanaGawaana Music Platform PHP Script 1.0 Cross Site Scripting / SQL Injection
21.05.2023
nu11secur1ty
Med.
GaanaGawaana 1.0 SQL Injection
11.05.2023
CraCkEr
Med.
VOTAB Voting Quiz PHP Script 1.0 SQL Injection
10.05.2023
CraCkEr
Med.
Found Information System 1.0 SQL Injection
08.05.2023
nu11secur1ty
Med.
AC Repair And Services 1.0 SQL Injection
03.05.2023
nu11secur1ty
Med.
ChurchCRM 4.5.3 SQL Injection
03.05.2023
Iyaad Luqman K
Med.
Piwigo 13.5.0 SQL Injection
30.04.2023
Rodolfo Tavares
Med.
Chitor-CMS 1.1.2 SQL Injection
21.04.2023
msd0pe
Med.
NotrinosERP 0.7 SQL Injection
10.04.2023
Arvandy
Med.
ChurchCRM 4.5.1 SQL Injection
10.04.2023
Arvandy
Med.
Intern Record System 1.0 SQL Injection
06.04.2023
Hamdi Sevben
Med.
Dreamer CMS 4.0.0 SQL Injection
02.04.2023
lvren
Med.
EQ Enterprise Management System 2.2.0 SQL Injection
02.04.2023
TLF
Med.
Senayan Library Management System v9.0.0 SQL Injection
02.04.2023
nu11secur1ty
Med.
WebTareas 2.4 SQL Injection (Unauthorised)
30.03.2023
Hubert Wojciechowski
Med.
101+ News Portal 1.0 SQL Injection
22.03.2023
Abdulhakim Oner
Med.
Yoga Class Registration 1.0 SQL Injection
22.03.2023
nu11secur1ty
Med.
Purchase Order Management 1.0 SQL Injection
06.03.2023
nu11secur1ty
Med.
Auto Dealer Management System 1.0 SQL Injection
26.02.2023
Navaid Ansari
High
Device Manager Express 7.8.20002.47752 SQL Injection / XSS / Code Execution / Traversal
24.02.2023
Eric Flokstra
Med.
Yoga Class Registration System 1.0 SQL Injection
24.02.2023
Ahmed Ismail
Med.
Sales Tracker System 1.0 SQL Injection
22.02.2023
Ahmed Ismail
Med.
101news By Mayuri K 1.0 SQL Injection
14.02.2023
nu11secur1ty
Med.
Material Dashboard 2 SQL Injection
09.02.2023
indoushka
Med.
eCommerce Marketplace Platform CMS 1.7 SQL Injection
02.02.2023
CraCkEr
Med.
Online Eyewear Shop 1.0 SQL Injection
01.02.2023
Muhammad Navaid Zafar ...
Med.
PHPJabbers Property Listing Script 3.1 SQL Injection
30.01.2023
CraCkEr
Med.
PHPJabbers Car Rental Script 3.0 SQL Injection
28.01.2023
CraCkEr
Med.
Inout Music 5.1.1 SQL Injection
26.01.2023
CraCkEr
Med.
Inout RealEstate 2.1.3 SQL Injection
23.01.2023
CraCkEr
Med.
Active eCommerce CMS 6.5.0 SQL Injection
21.01.2023
CraCkEr
Med.
BootCommerce 3.2.1 SQL Injection
18.01.2023
CraCkEr
Med.
PHP Hazir Haber Sitesi Scripti 3 SQL Injection
18.01.2023
CraCkEr
Med.
ChiKoi 1.0 SQL Injection
15.01.2023
nu11secur1ty
Med.
Student Attendance Management System 1.0 SQL Injection
31.12.2022
nu11secur1ty
Med.
Senayan Library Management System 9.2.2 SQL Injection
28.12.2022
nu11secur1ty
Med.
Stock Management System 2022 1.0 From Erick Cesar SQL Injection
24.12.2022
nu11secur1ty
Med.
Senayan Library Management System 9.1.1 SQL Injection
21.12.2022
nu11secur1ty
Med.
Senayan Library Management System 9.2.1 SQL Injection
21.12.2022
nu11secur1ty
Med.
Senayan Library Management System 9.2.0 SQL Injection
20.12.2022
nu11secur1ty
Med.
Intel Data Center Manager 4.1 SQL Injection
09.12.2022
Julien Ahrens
Med.
Planet eStream Code Execution / SQL Injection / XSS / Broken Control
09.12.2022
Philipp Espernberger
Med.
Senayan Library Management System 9.5.1 SQL Injection
07.12.2022
nu11secur1ty
Med.
Automotive Shop Management System 1.0 SQL Injection
05.12.2022
nu11secur1ty
Med.
Helmet Store Showroom 1.0 SQL Injection
26.11.2022
syad
Med.
Sanitization Management System 1.0 SQL Injection
26.11.2022
nu11secur1ty
Med.
Revenue Collection System 1.0 SQL Injection / Remote Code Execution
17.11.2022
Joe Pollock
High
Simmeth System GmbH Supplier Manager LFI / SQL Injection / Bypass
15.11.2022
Steffen Robertz
Med.
Senayan Library Management System 9.5.0 SQL Injection
04.11.2022
nu11secur1ty
Med.
Simple Cold Storage Management System 1.0 SQL Injection
31.10.2022
QiaoRui Feng
Med.
WordPress Zephyr Project Manager 3.2.42 SQL Injection
15.10.2022
Rizacan Tufan
Med.
Online Shopping System Advanced 1.0 SQL Injection
12.10.2022
nu11secur1ty
Med.
Joomla JUX Charity Hub 1.0.4 SQL Injection
05.10.2022
CraCkEr
Med.
Joomla JKassa ShoppingCart 2.0.0 SQL Injection
04.10.2022
CraCkEr


CVEMAP Search Results

CVE
Details
Description
2024-02-23
Waiting for details
CVE-2024-1784

Updating...
 

 
A vulnerability classified as problematic was found in Limbas 5.2.14. Affected by this vulnerability is an unknown functionality of the file main_admin.php. The manipulation of the argument tab_group leads to sql injection. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-254575. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

 
2024-02-21
Waiting for details
CVE-2024-1702

Updating...
 

 
A vulnerability was found in keerti1924 PHP-MYSQL-User-Login-System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /edit.php. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-254390 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

 
2024-02-15
Waiting for details
CVE-2024-26264

Updating...
 

 
EBM Technologies RISWEB's specific query function parameter does not properly restrict user input, and this feature page is accessible without login. This allows remote attackers to inject SQL commands without authentication, enabling them to read, modify, and delete database records.

 
Waiting for details
CVE-2024-26262

Updating...
 

 
EBM Technologies Uniweb/SoliPACS WebServer's query functionality lacks proper restrictions of user input, allowing remote attackers authenticated as regular user to inject SQL commands for reading, modifying, and deleting database records, as well as executing system commands. Attackers may even leverage the dbo privilege in the database for privilege escalation, elevating their privileges to administrator .

 
Waiting for details
CVE-2024-1523

Updating...
 

 
EC-WEB FS-EZViewer(Web)'s query functionality lacks proper restrictions of user input, allowing remote attackers authenticated as regular user to inject SQL commands for reading, modifying, and deleting database records, as well as executing system commands. Attackers may even leverage the dbo privilege in the database for privilege escalation, elevating their privileges to administrator.

 
Waiting for details
CVE-2024-1530

Updating...
 

 
A vulnerability, which was classified as critical, has been found in ECshop 4.1.8. Affected by this issue is some unknown functionality of the file /admin/view_sendlist.php. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-250562 is the identifier assigned to this vulnerability.

 
Waiting for details
CVE-2023-7081

Updating...
 

 
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in POSTAHSIL Online Payment System allows SQL Injection.This issue affects Online Payment System: before 14.02.2024.

 
Waiting for details
CVE-2023-5155

Updating...
 

 
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Utarit Information Technologies SoliPay Mobile App allows SQL Injection.This issue affects SoliPay Mobile App: before 5.0.8.

 
2024-02-14
Waiting for details
CVE-2023-44294

Updating...
 

 
In Dell Secure Connect Gateway Application and Secure Connect Gateway Appliance (between v5.10.00.00 and v5.18.00.00), a security concern has been identified, where a malicious user with a valid User session may inject malicious content in filters of Collection Rest API. This issue may potentially lead to unintentional information disclosure from the product database.

 
Waiting for details
CVE-2023-44293

Updating...
 

 
In Dell Secure Connect Gateway Application and Secure Connect Gateway Appliance (between v5.10.00.00 and v5.18.00.00), a security concern has been identified, where a malicious user with a valid User session may inject malicious content in filters of IP Range Rest API. This issue may potentially lead to unintentional information disclosure from the product database.

 

 


Copyright 2024, cxsecurity.com

 

Back to Top