Export limit exceeded: 359923 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 359923 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 19508 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (19508 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-25509 | 1 Xooscripts | 1 Xoodigital | 2026-04-15 | 8.2 High |
| XooDigital Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'p' parameter. Attackers can send GET requests to results.php with malicious 'p' values to extract sensitive database information. | ||||
| CVE-2019-25530 | 1 Hotel-booking-script | 1 Uhotelbooking System | 2026-04-15 | 8.2 High |
| uHotelBooking System contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the system_page GET parameter. Attackers can send crafted requests to index.php with malicious system_page values using time-based blind SQL injection techniques to extract sensitive database information. | ||||
| CVE-2019-25537 | 1 Netartmedia | 1 Event Portal | 2026-04-15 | 8.2 High |
| Netartmedia Event Portal 2.0 contains a time-based blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the Email parameter. Attackers can send POST requests to loginaction.php with malicious SQL payloads in the Email field to extract sensitive database information. | ||||
| CVE-2019-25481 | 1 Iscripts | 1 Reservelogic | 2026-04-15 | 8.2 High |
| iScripts ReserveLogic contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the jqSearchDestination parameter. Attackers can send POST requests to the search endpoint with crafted SQL payloads to extract sensitive database information. | ||||
| CVE-2019-25473 | 1 Softwebinternational | 1 Clinic Pro | 2026-04-15 | 7.1 High |
| Clinic Pro contains a SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the month parameter. Attackers can send POST requests to the monthly_expense_overview endpoint with crafted month values using boolean-based blind, time-based blind, or error-based SQL injection techniques to extract sensitive database information. | ||||
| CVE-2019-25535 | 1 Netartmedia | 1 Php Dating Site | 2026-04-15 | 8.2 High |
| Netartmedia PHP Dating Site contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the Email parameter. Attackers can send POST requests to loginaction.php with time-based SQL injection payloads in the Email field to extract sensitive database information. | ||||
| CVE-2026-25076 | 1 Anchore | 1 Anchore | 2026-04-15 | 7.3 High |
| Anchore Enterprise versions before 5.25.1 contain an SQL injection vulnerability in the GraphQL Reports API. An authenticated attacker that is able to access the GraphQL API could execute arbitrary SQL instructions resulting in modifications to the data contained in the Anchore Enterprise database. | ||||
| CVE-2019-25533 | 1 Netartmedia | 1 Php Business Directory | 2026-04-15 | 8.2 High |
| Netartmedia PHP Business Directory 4.2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the Email parameter. Attackers can send POST requests to the loginaction.php endpoint with crafted SQL payloads in the Email field to extract sensitive database information or bypass authentication. | ||||
| CVE-2019-25532 | 1 Netartmedia | 1 Jobs Portal | 2026-04-15 | 8.2 High |
| Netartmedia Jobs Portal 6.1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the Email parameter. Attackers can send POST requests to loginaction.php with crafted SQL payloads in the Email field to extract sensitive database information or bypass authentication. | ||||
| CVE-2018-25192 | 1 Sourceforge | 1 Gps Tracking System | 2026-04-15 | 8.2 High |
| GPS Tracking System 2.12 contains an SQL injection vulnerability that allows unauthenticated attackers to bypass authentication by injecting SQL code through the username parameter. Attackers can submit crafted POST requests to the login.php endpoint with SQL injection payloads in the username field to gain unauthorized access without valid credentials. | ||||
| CVE-2018-25182 | 1 Snowhall | 1 Silurus Classifieds Script | 2026-04-15 | 8.2 High |
| Silurus Classifieds Script 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the ID parameter. Attackers can send GET requests to wcategory.php with crafted SQL payloads in the ID parameter to extract database table names and sensitive information from the database. | ||||
| CVE-2018-25180 | 1 Salzertechnologies | 1 Maitra | 2026-04-15 | 7.1 High |
| Maitra 1.7.2 contains an sql injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the mailid parameter in outmail and inmail modules. Attackers can also download the SQLite database file directly from the application directory to extract sensitive mail tracking data and credentials. | ||||
| CVE-2018-25175 | 1 Alienor | 1 Alienor Web Libre | 2026-04-15 | 8.2 High |
| Alienor Web Libre 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the identifiant parameter. Attackers can submit crafted POST requests to index.php with SQL injection payloads in the identifiant field to extract sensitive database information including usernames, databases, and version details. | ||||
| CVE-2018-25167 | 1 Net-billetterie | 1 Billetterie | 2026-04-15 | 8.2 High |
| Net-Billetterie 2.9 contains an SQL injection vulnerability in the login parameter of login.inc.php that allows unauthenticated attackers to execute arbitrary SQL queries. Attackers can submit malicious SQL code through the login POST parameter to extract database information including usernames, passwords, and system credentials. | ||||
| CVE-2018-25189 | 1 Sourceforge | 1 Data Center Audit | 2026-04-15 | 8.2 High |
| Data Center Audit 2.6.2 contains an SQL injection vulnerability in the username parameter of dca_login.php that allows unauthenticated attackers to execute arbitrary SQL queries. Attackers can submit crafted SQL payloads through POST requests to extract sensitive database information including usernames, database names, and version details. | ||||
| CVE-2018-25163 | 1 Bitzoom | 1 Bitzoom | 2026-04-15 | 8.2 High |
| BitZoom 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the rollno and username parameters in forgot.php and login.php. Attackers can submit crafted POST requests with SQL UNION statements to extract database schema information and table contents from the application database. | ||||
| CVE-2018-25196 | 1 Serverzilla | 1 Serverzilla | 2026-04-15 | 8.2 High |
| ServerZilla 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the email parameter. Attackers can send POST requests to reset.php with malicious email values containing SQL operators to bypass authentication and extract sensitive database information. | ||||
| CVE-2018-25197 | 1 Playjoom | 1 Playjoom | 2026-04-15 | 8.2 High |
| PlayJoom 0.10.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the catid parameter. Attackers can send GET requests to index.php with option=com_playjoom&view=genre&catid=[SQL] to extract sensitive database information including usernames, databases, and version details. | ||||
| CVE-2018-25173 | 1 Sms | 1 Rmedia Sms | 2026-04-15 | 8.2 High |
| Rmedia SMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the gid parameter. Attackers can send GET requests to editgrp.php with malicious gid values using EXTRACTVALUE and CONCAT functions to retrieve schema names and sensitive database data. | ||||
| CVE-2018-25161 | 1 Warrantytrack | 1 Warranty Tracking System | 2026-04-15 | 8.2 High |
| Warranty Tracking System 11.06.3 contains an SQL injection vulnerability that allows attackers to execute arbitrary SQL queries by injecting malicious code through the txtCustomerCode, txtCustomerName, and txtPhone POST parameters in SearchCustomer.php. Attackers can submit crafted SQL statements using UNION SELECT to extract sensitive database information including usernames, database names, and version details. | ||||