Export limit exceeded: 19721 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (19721 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-54921 1 Lopalopa 1 E-learning Management System 2025-04-14 9.8 Critical
A SQL Injection was found in /student_signup.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the username, firstname, lastname, and class_id parameters.
CVE-2024-54923 1 Lopalopa 1 E-learning Management System 2025-04-14 9.8 Critical
A SQL Injection vulnerability was found in /admin/edit_teacher.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the department parameter.
CVE-2024-54924 1 Lopalopa 1 E-learning Management System 2025-04-14 9.8 Critical
A SQL Injection was found in /admin/edit_content.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the title and content parameters.
CVE-2022-4161 1 Contest-gallery 1 Contest Gallery 2025-04-14 6.5 Medium
The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cg_copy_start POST parameter before concatenating it to an SQL query in copy-gallery-images.php. This may allow malicious users with at least author privilege to leak sensitive information from the site's database.
CVE-2024-54925 1 Lopalopa 1 E-learning Management System 2025-04-14 9.8 Critical
A SQL Injection was found in /remove_sent_message.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the id parameter.
CVE-2024-53505 2 B3log, Siyuan 2 Siyuan, Siyuan 2025-04-14 9.8 Critical
A SQL injection vulnerability has been identified in Siyuan 3.1.11 via the id parameter at /getAssetContent.
CVE-2024-53506 2 B3log, Siyuan 2 Siyuan, Siyuan 2025-04-14 9.8 Critical
A SQL injection vulnerability has been identified in Siyuan 3.1.11 via the ids array parameter in /batchGetBlockAttrs.
CVE-2024-53507 2 B3log, Siyuan 2 Siyuan, Siyuan 2025-04-14 9.8 Critical
A SQL injection vulnerability was discovered in Siyuan 3.1.11 in /getHistoryItems.
CVE-2025-30372 1 Emlog 1 Emlog 2025-04-14 9.8 Critical
Emlog is an open source website building system. Emlog Pro versions pro-2.5.7 and pro-2.5.8 contain an SQL injection vulnerability. `search_controller.php` does not use addslashes after urldecode, allowing the preceeding addslashes to be bypassed by URL double encoding. This could result in potential leakage of sensitive information from the user database. Version pro-2.5.9 fixes the issue.
CVE-2024-53504 2 B3log, Siyuan 2 Siyuan, Siyuan 2025-04-14 9.8 Critical
A SQL injection vulnerability has been identified in Siyuan 3.1.11 via the notebook parameter in /searchHistory.
CVE-2024-31545 2 Oretnom23, Sourcecodester 2 Computer Laboratory Management System, Computer Laboratory Management System 2025-04-14 9.4 Critical
Computer Laboratory Management System v1.0 is vulnerable to SQL Injection via the "id" parameter of /admin/?page=user/manage_user&id=6.
CVE-2024-31547 1 Oretnom23 1 Computer Laboratory Management System 2025-04-14 9.1 Critical
Computer Laboratory Management System v1.0 is vulnerable to SQL Injection via the "id" parameter of /admin/item/view_item.php.
CVE-2024-31546 2 Oretnom23, Sourcecodester 2 Computer Laboratory Management System, Computer Laboratory Management System 2025-04-14 9.8 Critical
Computer Laboratory Management System v1.0 is vulnerable to SQL Injection via the "id" parameter of /admin/damage/view_damage.php.
CVE-2023-49989 2 Phpgurukul, Pratham-jaiswal 2 Hotel Booking Management System, Hotel Booking Management System 2025-04-14 9.8 Critical
Hotel Booking Management v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at update.php.
CVE-2023-49988 2 Phpgurukul, Pratham-jaiswal 2 Hotel Booking Management System, Hotel Booking Management System 2025-04-14 7.5 High
Hotel Booking Management v1.0 was discovered to contain a SQL injection vulnerability via the npss parameter at rooms.php.
CVE-2013-2046 1 Owncloud 1 Owncloud Server 2025-04-12 N/A
SQL injection vulnerability in lib/bookmarks.php in ownCloud Server 4.5.x before 4.5.11 and 5.x before 5.0.6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
CVE-2014-2839 1 Dev4press 1 Gd Star Rating 2025-04-12 N/A
SQL injection vulnerability in the GD Star Rating plugin 19.22 for WordPress allows remote administrators to execute arbitrary SQL commands via the s parameter in the gd-star-rating-stats page to wp-admin/admin.php.
CVE-2014-1608 2 Debian, Mantisbt 2 Debian Linux, Mantisbt 2025-04-12 N/A
SQL injection vulnerability in the mci_file_get function in api/soap/mc_file_api.php in MantisBT before 1.2.16 allows remote attackers to execute arbitrary SQL commands via a crafted envelope tag in a mc_issue_attachment_get SOAP request.
CVE-2014-1609 2 Debian, Mantisbt 2 Debian Linux, Mantisbt 2025-04-12 N/A
Multiple SQL injection vulnerabilities in MantisBT before 1.2.16 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to the (1) mc_project_get_attachments function in api/soap/mc_project_api.php; the (2) news_get_limited_rows function in core/news_api.php; the (3) summary_print_by_enum, (4) summary_print_by_age, (5) summary_print_by_developer, (6) summary_print_by_reporter, or (7) summary_print_by_category function in core/summary_api.php; the (8) create_bug_enum_summary or (9) enum_bug_group function in plugins/MantisGraph/core/graph_api.php; (10) bug_graph_bycategory.php or (11) bug_graph_bystatus.php in plugins/MantisGraph/pages/; or (12) proj_doc_page.php, related to use of the db_query function, a different vulnerability than CVE-2014-1608.
CVE-2015-7448 1 Ibm 13 Change And Configuration Management Database, Maximo Asset Management, Maximo Asset Management Essentials and 10 more 2025-04-12 N/A
SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 IFIX003, and 7.6.0 before 7.6.0.3 IFIX001; Maximo Asset Management 7.5.0 before 7.5.0.9 IFIX003, 7.5.1, and 7.6.0 before 7.6.0.3 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.