Search Results (19727 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2015-6028 1 Castlerock 1 Snmpc 2025-04-20 8.8 High
Castle Rock Computing SNMPc before 2015-12-17 has SQL injection via the sc parameter.
CVE-2015-5052 1 Sefrengo 1 Sefrengo 2025-04-20 N/A
SQL injection vulnerability in Sefrengo before 1.6.5 beta2.
CVE-2016-3694 1 Modified 1 Ecommerce Shopsoftware 2025-04-20 N/A
Multiple SQL injection vulnerabilities in modified eCommerce Shopsoftware 2.0.0.0 revision 9678, when the easybill-module is not installed, allow remote attackers to execute arbitrary SQL commands via the (1) orders_status or (2) customers_status parameter to api/easybill/easybillcsv.php.
CVE-2015-8355 1 Orion-soft 1 Bitrix 2025-04-20 N/A
Multiple SQL injection vulnerabilities in the orion.extfeedbackform module before 2.1.3 for Bitrix allow remote authenticated users to execute arbitrary SQL commands via the (1) order or (2) "by" parameter to admin/orion.extfeedbackform_efbf_forms.php.
CVE-2015-3616 1 Fortinet 7 Fortimanager 2000e, Fortimanager 200d, Fortimanager 3000f and 4 more 2025-04-20 N/A
SQL injection vulnerability in Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows remote attackers to execute arbitrary commands via unspecified parameters.
CVE-2016-10204 1 Zoneminder 1 Zoneminder 2025-04-20 N/A
SQL injection vulnerability in Zoneminder 1.30 and earlier allows remote attackers to execute arbitrary SQL commands via the limit parameter in a log query request to index.php.
CVE-2015-7670 1 Support Ticket System Project 1 Support Ticket System 2025-04-20 N/A
Multiple SQL injection vulnerabilities in includes/update.php in the Support Ticket System plugin before 1.2.1 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) user or (2) id parameter.
CVE-2016-4893 1 Setucocms Project 1 Setucocms 2025-04-20 N/A
SQL injection vulnerability in the SetsucoCMS all versions allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2016-10378 1 E107 1 E107 2025-04-20 N/A
e107 2.1.1 allows SQL injection by remote authenticated administrators via the pagelist parameter to e107_admin/menus.php, related to the menuSaveVisibility function.
CVE-2015-2146 1 Phpbugtracker Project 1 Phpbugtracker 2025-04-20 N/A
Multiple SQL injection vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to project.php, the (2) group_id parameter to group.php, the (3) status_id parameter to status.php, the (4) resolution_id parameter to resolution.php, the (5) severity_id parameter to severity.php, the (6) priority_id parameter to priority.php, the (7) os_id parameter to os.php, or the (8) site_id parameter to site.php.
CVE-2015-2147 1 Phpbugtracker Project 1 Phpbugtracker 2025-04-20 N/A
Multiple SQL injection vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote attackers to execute arbitrary SQL commands via unspecified parameters.
CVE-2024-31507 2 Online Graduate Tracer System Project, Tamparongj03 2 Online Graduate Tracer System, Online Graduate Tracer System 2025-04-18 8.6 High
Sourcecodester Online Graduate Tracer System v1.0 is vulnerable to SQL Injection via the "request" parameter in admin/fetch_gendercs.php.
CVE-2023-45503 1 Macs Cms Project 1 Macs Cms 2025-04-18 5.3 Medium
SQL Injection vulnerability in Macrob7 Macs CMS 1.1.4f, allows remote attackers to execute arbitrary code, cause a denial of service (DoS), escalate privileges, and obtain sensitive information via crafted payload to resetPassword, forgotPasswordProcess, saveUser, saveRole, deleteUser, deleteRole, deleteComment, deleteUser, allowComment, saveRole, forgotPasswordProcess, resetPassword, saveUser, addComment, saveRole, and saveUser endpoints.
CVE-2024-50717 1 Smarts-srl 1 Smart Agent 2025-04-18 9.8 Critical
SQL injection vulnerability in Smart Agent v.1.1.0 allows a remote attacker to execute arbitrary code via the client parameter in the /recuperaLog.php component.
CVE-2024-34220 2 Oretnom23, Sourcecodester 2 Human Resource Management System, Human Resource Management System 2025-04-18 7.5 High
Sourcecodester Human Resource Management System 1.0 is vulnerable to SQL Injection via the 'leave' parameter.
CVE-2024-34222 2 Oretnom23, Sourcecodester 2 Human Resource Management System, Human Resource Management System 2025-04-18 5.9 Medium
Sourcecodester Human Resource Management System 1.0 is vulnerable to SQL Injection via the searccountry parameter.
CVE-2022-20518 1 Google 1 Android 2025-04-18 5.5 Medium
In query of MmsSmsProvider.java, there is a possible access to restricted tables due to SQL injection. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-224770203
CVE-2022-20517 1 Google 1 Android 2025-04-18 5.5 Medium
In getMessagesByPhoneNumber of MmsSmsProvider.java, there is a possible access to restricted tables due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-224769956
CVE-2024-57095 1 Go-admin 1 Go-cms 2025-04-18 6.8 Medium
SQL injection vulnerability in Go-CMS v.1.1.10 allows a remote attacker to execute arbitrary code via a crafted payload.
CVE-2025-0950 1 Angeljudesuarez 1 Tailoring Management System 2025-04-18 6.3 Medium
A vulnerability was found in itsourcecode Tailoring Management System 1.0 and classified as critical. This issue affects some unknown processing of the file staffview.php. The manipulation of the argument staffid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.