Export limit exceeded: 363638 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 19727 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (19727 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-5052 | 1 Sefrengo | 1 Sefrengo | 2025-04-20 | N/A |
| SQL injection vulnerability in Sefrengo before 1.6.5 beta2. | ||||
| CVE-2017-17983 | 1 Muslim Matrimonial Script Project | 1 Muslim Matrimonial Script | 2025-04-20 | N/A |
| PHP Scripts Mall Muslim Matrimonial Script has SQL injection via the view-profile.php mem_id parameter. | ||||
| CVE-2017-17917 | 1 Rubyonrails | 1 Rails | 2025-04-20 | 8.1 High |
| SQL injection vulnerability in the 'where' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'id' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted input | ||||
| CVE-2017-15960 | 1 Yourarticlesdirectory | 1 Article Directory Script | 2025-04-20 | N/A |
| Article Directory Script 3.0 allows SQL Injection via the id parameter to author.php or category.php. | ||||
| CVE-2017-15961 | 1 Iproject Management System Project | 1 Iproject Management System | 2025-04-20 | N/A |
| iProject Management System 1.0 allows SQL Injection via the ID parameter to index.php. | ||||
| CVE-2017-11414 | 1 Fiyo | 1 Fiyo Cms | 2025-04-20 | N/A |
| Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_comment/sys_comment.php via $_POST['comment'], $_POST['name'], $_POST['web'], $_POST['email'], $_POST['status'], $_POST['id'], and $_REQUEST['id']. | ||||
| CVE-2017-15963 | 1 Itechscripts | 1 Gigs Script | 2025-04-20 | N/A |
| iTech Gigs Script 1.21 allows SQL Injection via the browse-scategory.php sc parameter or the service-provider.php ser parameter. | ||||
| CVE-2017-12567 | 1 Quest | 3 K1000 As A Service, Kace Asset Management Appliance, Kace Systems Management Appliance | 2025-04-20 | N/A |
| SQL injection exists in Quest KACE Asset Management Appliance 6.4.120822 through 7.2, Systems Management Appliance 6.4.120822 through 7.2.101, and K1000 as a Service 7.0 through 7.2. | ||||
| CVE-2017-15968 | 1 Contractorscripts | 1 Mybuildersite | 2025-04-20 | N/A |
| MyBuilder Clone 1.0 allows SQL Injection via the phpsqlsearch_genxml.php subcategory parameter. | ||||
| CVE-2017-12585 | 1 Slims | 1 Akasia | 2025-04-20 | N/A |
| SLiMS 8 Akasia through 8.3.1 has SQL injection in admin/AJAX_lookup_handler.php (tableName and tableFields parameters), admin/AJAX_check_id.php, and admin/AJAX_vocabolary_control.php. It can be exploited by remote authenticated librarian users. | ||||
| CVE-2016-10134 | 1 Zabbix | 1 Zabbix | 2025-04-20 | N/A |
| SQL injection vulnerability in Zabbix before 2.2.14 and 3.0 before 3.0.4 allows remote attackers to execute arbitrary SQL commands via the toggle_ids array parameter in latest.php. | ||||
| CVE-2024-31507 | 2 Online Graduate Tracer System Project, Tamparongj03 | 2 Online Graduate Tracer System, Online Graduate Tracer System | 2025-04-18 | 8.6 High |
| Sourcecodester Online Graduate Tracer System v1.0 is vulnerable to SQL Injection via the "request" parameter in admin/fetch_gendercs.php. | ||||
| CVE-2023-45503 | 1 Macs Cms Project | 1 Macs Cms | 2025-04-18 | 5.3 Medium |
| SQL Injection vulnerability in Macrob7 Macs CMS 1.1.4f, allows remote attackers to execute arbitrary code, cause a denial of service (DoS), escalate privileges, and obtain sensitive information via crafted payload to resetPassword, forgotPasswordProcess, saveUser, saveRole, deleteUser, deleteRole, deleteComment, deleteUser, allowComment, saveRole, forgotPasswordProcess, resetPassword, saveUser, addComment, saveRole, and saveUser endpoints. | ||||
| CVE-2024-50717 | 1 Smarts-srl | 1 Smart Agent | 2025-04-18 | 9.8 Critical |
| SQL injection vulnerability in Smart Agent v.1.1.0 allows a remote attacker to execute arbitrary code via the client parameter in the /recuperaLog.php component. | ||||
| CVE-2024-34220 | 2 Oretnom23, Sourcecodester | 2 Human Resource Management System, Human Resource Management System | 2025-04-18 | 7.5 High |
| Sourcecodester Human Resource Management System 1.0 is vulnerable to SQL Injection via the 'leave' parameter. | ||||
| CVE-2024-34222 | 2 Oretnom23, Sourcecodester | 2 Human Resource Management System, Human Resource Management System | 2025-04-18 | 5.9 Medium |
| Sourcecodester Human Resource Management System 1.0 is vulnerable to SQL Injection via the searccountry parameter. | ||||
| CVE-2022-20518 | 1 Google | 1 Android | 2025-04-18 | 5.5 Medium |
| In query of MmsSmsProvider.java, there is a possible access to restricted tables due to SQL injection. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-224770203 | ||||
| CVE-2022-20517 | 1 Google | 1 Android | 2025-04-18 | 5.5 Medium |
| In getMessagesByPhoneNumber of MmsSmsProvider.java, there is a possible access to restricted tables due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-224769956 | ||||
| CVE-2024-57095 | 1 Go-admin | 1 Go-cms | 2025-04-18 | 6.8 Medium |
| SQL injection vulnerability in Go-CMS v.1.1.10 allows a remote attacker to execute arbitrary code via a crafted payload. | ||||
| CVE-2025-0950 | 1 Angeljudesuarez | 1 Tailoring Management System | 2025-04-18 | 6.3 Medium |
| A vulnerability was found in itsourcecode Tailoring Management System 1.0 and classified as critical. This issue affects some unknown processing of the file staffview.php. The manipulation of the argument staffid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||