Total
14524 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-45535 | 1 Aerocms Project | 1 Aerocms | 2025-04-25 | N/A | 4.9 MEDIUM |
| AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the edit parameter at \admin\categories.php. This vulnerability allows attackers to access database information. | |||||
| CVE-2022-45529 | 1 Aerocms Project | 1 Aerocms | 2025-04-25 | N/A | 4.9 MEDIUM |
| AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the post_category_id parameter at \admin\includes\edit_post.php. This vulnerability allows attackers to access database information. | |||||
| CVE-2022-45331 | 1 Aerocms Project | 1 Aerocms | 2025-04-25 | N/A | 7.5 HIGH |
| AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the p_id parameter at \post.php. This vulnerability allows attackers to access database information. | |||||
| CVE-2022-45330 | 1 Aerocms Project | 1 Aerocms | 2025-04-25 | N/A | 7.5 HIGH |
| AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the Category parameter at \category.php. This vulnerability allows attackers to access database information. | |||||
| CVE-2022-44139 | 1 Apartment Visitors Management System Project | 1 Apartment Visitors Management System | 2025-04-25 | N/A | 9.8 CRITICAL |
| Apartment Visitor Management System v1.0 is vulnerable to SQL Injection via /avms/index.php. | |||||
| CVE-2022-44120 | 1 Dedebiz | 1 Dedecmsv6 | 2025-04-25 | N/A | 9.8 CRITICAL |
| dedecmdv6 6.1.9 is vulnerable to SQL Injection. via sys_sql_query.php. | |||||
| CVE-2022-45278 | 1 Jizhicms | 1 Jizhicms | 2025-04-25 | N/A | 8.8 HIGH |
| Jizhicms v2.3.3 was discovered to contain a SQL injection vulnerability via the /index.php/admins/Fields/get_fields.html component. | |||||
| CVE-2022-44399 | 1 Poultry Farm Management System Project | 1 Poultry Farm Management System | 2025-04-25 | N/A | 9.8 CRITICAL |
| Poultry Farm Management System v1.0 contains a SQL injection vulnerability via the del parameter at /Redcock-Farm/farm/category.php. | |||||
| CVE-2022-44278 | 1 Sanitization Management System Project | 1 Sanitization Management System | 2025-04-25 | N/A | 7.2 HIGH |
| Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/?page=user/manage_user&id=. | |||||
| CVE-2022-44140 | 1 Jizhicms | 1 Jizhicms | 2025-04-25 | N/A | 8.8 HIGH |
| Jizhicms v2.3.3 was discovered to contain a SQL injection vulnerability via the /Member/memberedit.html component. | |||||
| CVE-2022-36193 | 1 Lahirudanushka | 1 School Management System | 2025-04-25 | N/A | 9.8 CRITICAL |
| SQL injection in School Management System 1.0 allows remote attackers to modify or delete data, causing persistent changes to the application's content or behavior by using malicious SQL queries. | |||||
| CVE-2024-25469 | 1 Crmeb | 1 Crmeb Java | 2025-04-25 | N/A | 7.5 HIGH |
| SQL Injection vulnerability in CRMEB crmeb_java v.1.3.4 and before allows a remote attacker to obtain sensitive information via the latitude and longitude parameters in the api/front/store/list component. | |||||
| CVE-2025-25775 | 2025-04-25 | N/A | 9.8 CRITICAL | ||
| Codeastro Bus Ticket Booking System v1.0 is vulnerable to SQL injection via the kodetiket parameter in /BusTicket-CI/tiket/cekorder. | |||||
| CVE-2022-3848 | 1 Wp User Merger Project | 1 Wp User Merger | 2025-04-25 | N/A | 8.8 HIGH |
| The WP User Merger WordPress plugin before 1.5.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as admin | |||||
| CVE-2025-29529 | 2025-04-25 | N/A | 6.5 MEDIUM | ||
| ITC Systems Multiplan/Matrix OneCard platform v3.7.4.1002 was discovered to contain a SQL injection vulnerability via the component Forgotpassword.aspx. | |||||
| CVE-2025-28076 | 2025-04-25 | N/A | 6.5 MEDIUM | ||
| Multiple SQL injection vulnerabilities in EasyVirt DCScope <= 8.6.4 and CO2Scope <= 1.3.4 allows remote authenticated attackers to execute arbitrary SQL commands via the (1) timeago, (2) user, (3) filter, (4) target, (5) p1, (6) p2, (7) p3, (8) p4, (9) p5, (10) p6, (11) p7, (12) p8, (13) p9, (14) p10, (15) p11, (16) p12, (17) p13, (18) p14, (19) p15, (20) p16, (21) p17, (22) p18, (23) p19, or (24) p20 parameter to /api/management/updateihmsettings; the (25) ID, (26) NAME, (27) CPUTHREADNB, (28) RAMCAP, or (29) DISKCAP parameter to /api/capaplan/savetemplates. | |||||
| CVE-2022-42109 | 1 Online-shopping-system-advanced Project | 1 Online-shopping-system-advanced | 2025-04-25 | N/A | 9.8 CRITICAL |
| Online-shopping-system-advanced 1.0 was discovered to contain a SQL injection vulnerability via the p parameter at /shopping/product.php. | |||||
| CVE-2022-45329 | 1 Aerocms Project | 1 Aerocms | 2025-04-25 | N/A | 7.5 HIGH |
| AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the Search parameter. This vulnerability allows attackers to access database information. | |||||
| CVE-2022-3768 | 1 Wpsmartcontracts | 1 Wpsmartcontracts | 2025-04-25 | N/A | 8.8 HIGH |
| The WPSmartContracts WordPress plugin before 1.3.12 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as author | |||||
| CVE-2022-3751 | 1 Owncast Project | 1 Owncast | 2025-04-25 | N/A | 9.8 CRITICAL |
| SQL Injection in GitHub repository owncast/owncast prior to 0.0.13. | |||||