Total
11593 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-1298 | 2 Kyantonius, Php-nuke | 2 Hadith Module, Hadith Module | 2024-02-14 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Hadith module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the cat parameter in a viewcat action to modules.php. | |||||
| CVE-2022-44945 | 1 Rukovoditel | 1 Rukovoditel | 2024-02-14 | N/A | 9.8 CRITICAL |
| Rukovoditel v3.2.1 was discovered to contain a SQL injection vulnerability via the heading_field_id parameter. | |||||
| CVE-2023-35188 | 1 Solarwinds | 1 Solarwinds Platform | 2024-02-13 | N/A | 8.8 HIGH |
| SQL Injection Remote Code Execution Vulnerability was found using a create statement in the SolarWinds Platform. This vulnerability requires user authentication to be exploited. | |||||
| CVE-2023-50395 | 1 Solarwinds | 1 Solarwinds Platform | 2024-02-13 | N/A | 8.8 HIGH |
| SQL Injection Remote Code Execution Vulnerability was found using an update statement in the SolarWinds Platform. This vulnerability requires user authentication to be exploited | |||||
| CVE-2023-48645 | 1 Eptura | 1 Archibus | 2024-02-13 | N/A | 7.8 HIGH |
| An issue was discovered in the Archibus app 4.0.3 for iOS. It uses a local database that is synchronized with a Web central server instance every time the application is opened, or when the refresh button is used. There is a SQL injection in the search work request feature in the Maintenance module of the app. This allows performing queries on the local database. | |||||
| CVE-2024-0709 | 1 Coolplugins | 1 Cryptocurrency Widgets | 2024-02-13 | N/A | 7.5 HIGH |
| The Cryptocurrency Widgets – Price Ticker & Coins List plugin for WordPress is vulnerable to SQL Injection via the 'coinslist' parameter in versions 2.0 to 2.6.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | |||||
| CVE-2003-0377 | 1 Iisprotect | 1 Iisprotect | 2024-02-13 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the web-based administration interface for iisPROTECT 2.2-r4, and possibly earlier versions, allows remote attackers to insert arbitrary SQL and execute code via certain variables, as demonstrated using the GroupName variable in SiteAdmin.ASP. | |||||
| CVE-2024-23810 | 2024-02-13 | N/A | 8.8 HIGH | ||
| A vulnerability has been identified in SINEC NMS (All versions < V2.0 SP1). The affected application is vulnerable to SQL injection. This could allow an unauthenticated remote attacker to execute arbitrary SQL queries on the server database. | |||||
| CVE-2024-0685 | 1 Ninjaforms | 1 Ninja Forms | 2024-02-12 | N/A | 9.8 CRITICAL |
| The Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Second Order SQL Injection via the email address value submitted through forms in all versions up to, and including, 3.7.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to inject SQL in their email address that will append additional into the already existing query when an administrator triggers a personal data export. | |||||
| CVE-2024-25318 | 1 Hotel Management System Project | 1 Hotel Management System | 2024-02-12 | N/A | 8.8 HIGH |
| Code-projects Hotel Managment System 1.0 allows SQL Injection via the 'pid' parameter in Hotel/admin/print.php?pid=2. | |||||
| CVE-2024-24112 | 1 Exrick | 1 Xmall | 2024-02-12 | N/A | 9.8 CRITICAL |
| xmall v1.1 was discovered to contain a SQL injection vulnerability via the orderDir parameter. | |||||
| CVE-2024-25304 | 1 Code-projects | 1 Simple School Management System | 2024-02-12 | N/A | 8.8 HIGH |
| Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'apass' parameter at "School/index.php." | |||||
| CVE-2024-25305 | 1 Code-projects | 1 Simple School Management System | 2024-02-12 | N/A | 8.8 HIGH |
| Code-projects Simple School Managment System 1.0 allows Authentication Bypass via the username and password parameters at School/index.php. | |||||
| CVE-2024-25306 | 1 Code-projects | 1 Simple School Management System | 2024-02-12 | N/A | 8.8 HIGH |
| Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'aname' parameter at "School/index.php". | |||||
| CVE-2024-25308 | 1 Code-projects | 1 Simple School Management System | 2024-02-12 | N/A | 8.8 HIGH |
| Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'name' parameter at School/teacher_login.php. | |||||
| CVE-2024-25309 | 1 Code-projects | 1 Simple School Management System | 2024-02-12 | N/A | 8.8 HIGH |
| Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'pass' parameter at School/teacher_login.php. | |||||
| CVE-2024-25312 | 1 Code-projects | 1 Simple School Management System | 2024-02-12 | N/A | 8.8 HIGH |
| Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'id' parameter at "School/sub_delete.php?id=5." | |||||
| CVE-2024-25307 | 1 Code-projects | 1 Cinema Seat Reservation System | 2024-02-12 | N/A | 9.8 CRITICAL |
| Code-projects Cinema Seat Reservation System 1.0 allows SQL Injection via the 'id' parameter at "/Cinema-Reservation/booking.php?id=1." | |||||
| CVE-2024-25310 | 1 Code-projects | 1 Simple School Management System | 2024-02-12 | N/A | 8.8 HIGH |
| Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'id' parameter at "School/delete.php?id=5." | |||||
| CVE-2024-25314 | 1 Hotel Management System Project | 1 Hotel Management System | 2024-02-12 | N/A | 9.8 CRITICAL |
| Code-projects Hotel Managment System 1.0, allows SQL Injection via the 'sid' parameter in Hotel/admin/show.php?sid=2. | |||||