Search Results (19721 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-54921 1 Lopalopa 1 E-learning Management System 2025-04-14 9.8 Critical
A SQL Injection was found in /student_signup.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the username, firstname, lastname, and class_id parameters.
CVE-2024-54923 1 Lopalopa 1 E-learning Management System 2025-04-14 9.8 Critical
A SQL Injection vulnerability was found in /admin/edit_teacher.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the department parameter.
CVE-2024-54924 1 Lopalopa 1 E-learning Management System 2025-04-14 9.8 Critical
A SQL Injection was found in /admin/edit_content.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the title and content parameters.
CVE-2022-4161 1 Contest-gallery 1 Contest Gallery 2025-04-14 6.5 Medium
The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cg_copy_start POST parameter before concatenating it to an SQL query in copy-gallery-images.php. This may allow malicious users with at least author privilege to leak sensitive information from the site's database.
CVE-2024-54925 1 Lopalopa 1 E-learning Management System 2025-04-14 9.8 Critical
A SQL Injection was found in /remove_sent_message.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the id parameter.
CVE-2024-53505 2 B3log, Siyuan 2 Siyuan, Siyuan 2025-04-14 9.8 Critical
A SQL injection vulnerability has been identified in Siyuan 3.1.11 via the id parameter at /getAssetContent.
CVE-2024-53506 2 B3log, Siyuan 2 Siyuan, Siyuan 2025-04-14 9.8 Critical
A SQL injection vulnerability has been identified in Siyuan 3.1.11 via the ids array parameter in /batchGetBlockAttrs.
CVE-2024-53507 2 B3log, Siyuan 2 Siyuan, Siyuan 2025-04-14 9.8 Critical
A SQL injection vulnerability was discovered in Siyuan 3.1.11 in /getHistoryItems.
CVE-2025-30372 1 Emlog 1 Emlog 2025-04-14 9.8 Critical
Emlog is an open source website building system. Emlog Pro versions pro-2.5.7 and pro-2.5.8 contain an SQL injection vulnerability. `search_controller.php` does not use addslashes after urldecode, allowing the preceeding addslashes to be bypassed by URL double encoding. This could result in potential leakage of sensitive information from the user database. Version pro-2.5.9 fixes the issue.
CVE-2024-53504 2 B3log, Siyuan 2 Siyuan, Siyuan 2025-04-14 9.8 Critical
A SQL injection vulnerability has been identified in Siyuan 3.1.11 via the notebook parameter in /searchHistory.
CVE-2024-31545 2 Oretnom23, Sourcecodester 2 Computer Laboratory Management System, Computer Laboratory Management System 2025-04-14 9.4 Critical
Computer Laboratory Management System v1.0 is vulnerable to SQL Injection via the "id" parameter of /admin/?page=user/manage_user&id=6.
CVE-2024-31547 1 Oretnom23 1 Computer Laboratory Management System 2025-04-14 9.1 Critical
Computer Laboratory Management System v1.0 is vulnerable to SQL Injection via the "id" parameter of /admin/item/view_item.php.
CVE-2024-31546 2 Oretnom23, Sourcecodester 2 Computer Laboratory Management System, Computer Laboratory Management System 2025-04-14 9.8 Critical
Computer Laboratory Management System v1.0 is vulnerable to SQL Injection via the "id" parameter of /admin/damage/view_damage.php.
CVE-2023-49989 2 Phpgurukul, Pratham-jaiswal 2 Hotel Booking Management System, Hotel Booking Management System 2025-04-14 9.8 Critical
Hotel Booking Management v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at update.php.
CVE-2023-49988 2 Phpgurukul, Pratham-jaiswal 2 Hotel Booking Management System, Hotel Booking Management System 2025-04-14 7.5 High
Hotel Booking Management v1.0 was discovered to contain a SQL injection vulnerability via the npss parameter at rooms.php.
CVE-2014-5440 1 Mpexsolutions 1 Mx-smartimer 2025-04-12 N/A
SQL injection vulnerability in Login.aspx in MPEX Business Solutions MX-SmartTimer before 13.19.18 allows remote attackers to execute arbitrary SQL commands via the ct100%24CPHContent%24password parameter.
CVE-2015-2199 1 Wonderplugin 1 Audio Player 2025-04-12 N/A
Multiple SQL injection vulnerabilities in the WonderPlugin Audio Player plugin before 2.1 for WordPress allow (1) remote authenticated users to execute arbitrary SQL commands via the item[id] parameter in a wonderplugin_audio_save_item action to wp-admin/admin-ajax.php or remote administrators to execute arbitrary SQL commands via the itemid parameter in the (2) wonderplugin_audio_show_item, (3) wonderplugin_audio_show_items, or (4) wonderplugin_audio_edit_item page to wp-admin/admin.php.
CVE-2015-3346 1 Wikiwiki Project 1 Wikiwiki 2025-04-12 N/A
SQL injection vulnerability in the WikiWiki module before 6.x-1.2 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2015-5023 1 Ibm 1 Curam Social Program Management 2025-04-12 N/A
SQL injection vulnerability in IBM Curam Social Program Management 6.1 before 6.1.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
CVE-2014-8306 1 C97 1 Cart Engine 2025-04-12 N/A
SQL injection vulnerability in the sql_query function in cart.php in C97net Cart Engine before 4.0 allows remote attackers to execute arbitrary SQL commands via the item_id variable, as demonstrated by the (1) item_id[0] or (2) item_id[] parameter.