Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by CWE-89
Total 14524 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2025-46546 2025-04-25 N/A 3.5 LOW
In Sherpa Orchestrator 141851, multiple time-based blind SQL injections can be performed by an authenticated user. This affects api/gui/asset/list, /api/gui/files/export/csv/, /api/gui/files/list, /api/gui/process/export/csv, /api/gui/process/export/xlsx, /api/gui/process/listAll, /api/gui/processVersion/export/csv/, /api/gui/processVersion/export/xlsx/, /api/gui/processVersion/list/, /api/gui/robot/list/, /api/gui/task/export/csv/, /api/gui/task/export/xlsx/, and /api/gui/task/list/.
CVE-2022-44291 1 Webtareas Project 1 Webtareas 2025-04-24 N/A 9.8 CRITICAL
webTareas 2.4p5 was discovered to contain a SQL injection vulnerability via the id parameter in phasesets.php.
CVE-2022-44290 1 Webtareas Project 1 Webtareas 2025-04-24 N/A 9.8 CRITICAL
webTareas 2.4p5 was discovered to contain a SQL injection vulnerability via the id parameter in deleteapprovalstages.php.
CVE-2022-44277 1 Sanitization Management System Project 1 Sanitization Management System 2025-04-24 N/A 7.2 HIGH
Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/classes/Master.php?f=delete_product.
CVE-2022-45328 1 Church Management System Project 1 Church Management System 2025-04-24 N/A 7.2 HIGH
Church Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/edit_members.php.
CVE-2022-44348 1 Sanitization Management System Project 1 Sanitization Management System 2025-04-24 N/A 7.2 HIGH
Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/orders/update_status.php?id=.
CVE-2022-44347 1 Sanitization Management System Project 1 Sanitization Management System 2025-04-24 N/A 7.2 HIGH
Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/?page=inquiries/view_inquiry&id=.
CVE-2022-44345 1 Sanitization Management System Project 1 Sanitization Management System 2025-04-24 N/A 7.2 HIGH
Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/?page=quotes/view_quote&id=.
CVE-2022-44296 1 Sanitization Management System Project 1 Sanitization Management System 2025-04-24 N/A 7.2 HIGH
Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/quotes/manage_remark.php?id=.
CVE-2022-44295 1 Sanitization Management System Project 1 Sanitization Management System 2025-04-24 N/A 7.2 HIGH
Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/orders/assign_team.php?id=.
CVE-2022-44294 1 Sanitization Management System Project 1 Sanitization Management System 2025-04-24 N/A 7.2 HIGH
Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/?page=services/manage_service&id=.
CVE-2022-44151 1 Sanitization Management System Project 1 Sanitization Management System 2025-04-24 N/A 9.8 CRITICAL
Simple Inventory Management System v1.0 is vulnerable to SQL Injection via /ims/login.php.
CVE-2022-30528 1 Isic.lk Project 1 Isic.lk 2025-04-24 N/A 9.8 CRITICAL
SQL Injection vulnerability in asith-eranga ISIC tour booking through version published on Feb 13th 2018, allows attackers to execute arbitrary commands via the username parameter to /system/user/modules/mod_users/controller.php.
CVE-2024-54927 1 Lopalopa 1 E-learning Management System 2025-04-24 N/A 7.2 HIGH
Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_users.php.
CVE-2024-54928 1 Lopalopa 1 E-learning Management System 2025-04-24 N/A 7.2 HIGH
kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_teacher.php,
CVE-2025-46248 2025-04-24 N/A 9.3 CRITICAL
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in M A Vinoth Kumar Frontend Dashboard allows SQL Injection. This issue affects Frontend Dashboard: from n/a through 2.2.5.
CVE-2025-44135 2025-04-24 N/A 6.5 MEDIUM
A vulnerability was found in code-projects Online Class and Exam Scheduling System 1.0 in /Scheduling/pages/profile_update.php. Manipulating the parameter username will cause SQL injection attacks.
CVE-2025-44134 2025-04-24 N/A 6.5 MEDIUM
A vulnerability was found in Code-Projects Online Class and Exam Scheduling System 1.0 in the file /Scheduling/pages/class_save.php. Manipulation of parameter class will lead to SQL injection attacks.
CVE-2025-39377 2025-04-24 N/A 8.5 HIGH
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in weDevs Appsero Helper allows SQL Injection. This issue affects Appsero Helper: from n/a through 1.3.4.
CVE-2024-54934 1 Lopalopa 1 E-learning Management System 2025-04-24 N/A 9.8 CRITICAL
Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_class.php.