Search Results (19785 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-52724 1 Zzcms 1 Zzcms 2025-04-21 9.8 Critical
ZZCMS 2023 was discovered to contain a SQL injection vulnerability in /q/show.php.
CVE-2022-41272 1 Sap 1 Netweaver Process Integration 2025-04-21 9.9 Critical
An unauthenticated attacker over the network can attach to an open interface exposed through JNDI by the User Defined Search (UDS) of SAP NetWeaver Process Integration (PI) - version 7.50 and make use of an open naming and directory API to access services which can be used to perform unauthorized operations affecting users and data across the entire system. This allows the attacker to have full read access to user data, make limited modifications to user data, and degrade the performance of the system, leading to a high impact on confidentiality and a limited impact on the availability and integrity of the application.
CVE-2024-50713 1 Smarts-srl 1 Smart Agent 2025-04-21 9.8 Critical
SmartAgent v1.1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /tests/interface.php.
CVE-2024-50716 1 Smarts-srl 1 Smart Agent 2025-04-21 9.8 Critical
SQL injection vulnerability in Smart Agent v.1.1.0 allows a remote attacker to execute arbitrary code via the id parameter in the /sendPushManually.php component.
CVE-2022-46127 1 Helmet Store Showroom Site Project 1 Helmet Store Showroom Site 2025-04-21 7.2 High
Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/classes/Master.php?f=delete_product.
CVE-2021-31650 1 Online Grading System Project 1 Online Grading System 2025-04-21 9.8 Critical
A SQL injection vulnerability in Sourcecodester Online Grading System 1.0 allows remote attackers to execute arbitrary SQL commands via the uname parameter.
CVE-2022-24281 1 Siemens 1 Sinec Network Management System 2025-04-21 7.2 High
A vulnerability has been identified in SINEC NMS (All versions < V1.0.3), SINEMA Server V14 (All versions). A privileged authenticated attacker could execute arbitrary commands in the local database by sending specially crafted requests to the webserver of the affected application.
CVE-2016-8341 1 Ecava 1 Integraxor 2025-04-20 N/A
An issue was discovered in Ecava IntegraXor Version 5.0.413.0. The Ecava IntegraXor web server has parameters that are vulnerable to SQL injection. If the queries are not sanitized, the host's database could be subject to read, write, and delete commands.
CVE-2017-15971 1 Softdatepro 1 Same Date Pro 2025-04-20 9.8 Critical
Same Sex Dating Software Pro 1.0 allows SQL Injection via the viewprofile.php profid parameter, the viewmessage.php sender_id parameter, or the /admin Email field, a related issue to CVE-2017-15972.
CVE-2017-15970 1 Phpcityportal 1 Phpcityportal 2025-04-20 N/A
PHP CityPortal 2.0 allows SQL Injection via the nid parameter to index.php in a page=news action, or the cat parameter.
CVE-2017-17917 1 Rubyonrails 1 Rails 2025-04-20 8.1 High
SQL injection vulnerability in the 'where' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'id' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted input
CVE-2017-15959 1 Adultscriptpro 1 Adultscriptpro 2025-04-20 N/A
Adult Script Pro 2.2.4 allows SQL Injection via the PATH_INFO to a /download URI, a different vulnerability than CVE-2007-6576.
CVE-2016-9087 1 Exponentcms 1 Exponent Cms 2025-04-20 N/A
SQL injection vulnerability in framework/modules/filedownloads/controllers/filedownloadController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the fileid parameter.
CVE-2017-15958 1 Domainzaar 1 D-park Pro 2025-04-20 N/A
D-Park Pro Domain Parking Script 1.0 allows SQL Injection via the username to admin/loginform.php.
CVE-2017-15946 1 Selfget 1 Tag Meta 2025-04-20 N/A
In the com_tag component 1.7.6 for Joomla!, a SQL injection vulnerability is located in the `tag` parameter to index.php. The request method to execute is GET.
CVE-2017-15933 1 Eyesofnetwork 1 Eyesofnetwork 2025-04-20 N/A
SQL injection vulnerability vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to execute arbitrary SQL commands via the host parameter to module/capacity_per_device/index.php.
CVE-2017-15965 1 Nswd 1 Ns Download Shop 2025-04-20 N/A
The NS Download Shop (aka com_ns_downloadshop) component 2.2.6 for Joomla! allows SQL Injection via the id parameter in an invoice.create action.
CVE-2017-15919 1 Accesspressthemes 1 Ultimate-form-builder-lite 2025-04-20 N/A
The ultimate-form-builder-lite plugin before 1.3.7 for WordPress has SQL Injection, with resultant PHP Object Injection, via wp-admin/admin-ajax.php.
CVE-2017-5347 1 Metalgenix 1 Genixcms 2025-04-20 N/A
SQL injection vulnerability in inc/mod/newsletter/options.php in GeniXCMS 0.0.8 allows remote authenticated administrators to execute arbitrary SQL commands via the recipient parameter to gxadmin/index.php.
CVE-2016-7400 1 Exponentcms 1 Exponent Cms 2025-04-20 N/A
Multiple SQL injection vulnerabilities in Exponent CMS before 2.4.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in an activate_address address controller action, (2) title parameter in a show blog controller action, or (3) content_id parameter in a showComments expComment controller action.