Total
17697 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-55065 | 2026-01-02 | N/A | 7.5 HIGH | ||
| CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | |||||
| CVE-2025-15169 | 1 Biggidroid | 1 Simple Php Cms | 2026-01-02 | 5.8 MEDIUM | 4.7 MEDIUM |
| A weakness has been identified in BiggiDroid Simple PHP CMS 1.0. Affected by this issue is some unknown functionality of the file /admin/editsite.php. Executing manipulation of the argument ID can lead to sql injection. The attack may be performed from remote. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-15353 | 1 Angeljudesuarez | 1 Society Management System | 2026-01-02 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was detected in itsourcecode Society Management System 1.0. Impacted is the function edit_admin_query of the file /admin/edit_admin_query.php. Performing manipulation of the argument Username results in sql injection. It is possible to initiate the attack remotely. The exploit is now public and may be used. | |||||
| CVE-2025-15243 | 1 Carmelo | 1 Simple Stock System | 2026-01-02 | 7.5 HIGH | 7.3 HIGH |
| A flaw has been found in code-projects Simple Stock System 1.0. This affects an unknown function of the file /market/login.php. Executing manipulation of the argument Username can lead to sql injection. The attack can be launched remotely. The exploit has been published and may be used. | |||||
| CVE-2025-15209 | 1 Fabian | 1 Refugee Food Management System | 2026-01-02 | 6.5 MEDIUM | 6.3 MEDIUM |
| A weakness has been identified in code-projects Refugee Food Management System 1.0. This affects an unknown part of the file /home/editfood.php. This manipulation of the argument a/b/c/d causes sql injection. The attack may be initiated remotely. The exploit has been made available to the public and could be exploited. | |||||
| CVE-2025-15210 | 1 Fabian | 1 Refugee Food Management System | 2025-12-31 | 6.5 MEDIUM | 6.3 MEDIUM |
| A security vulnerability has been detected in code-projects Refugee Food Management System 1.0. This vulnerability affects unknown code of the file /home/editrefugee.php. Such manipulation of the argument a/b/c/sex/d/e/nationality_nid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. | |||||
| CVE-2025-15211 | 1 Fabian | 1 Refugee Food Management System | 2025-12-31 | 6.5 MEDIUM | 6.3 MEDIUM |
| A flaw has been found in code-projects Refugee Food Management System 1.0. Impacted is an unknown function of the file /home/refugee.php. Executing manipulation of the argument refNo/Fname/Lname/sex/age/contact/nationality_nid can lead to sql injection. The attack can be executed remotely. The exploit has been published and may be used. | |||||
| CVE-2025-15212 | 1 Fabian | 1 Refugee Food Management System | 2025-12-31 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was detected in code-projects Refugee Food Management System 1.0. This issue affects some unknown processing of the file /home/regfood.php. Performing manipulation of the argument a results in sql injection. Remote exploitation of the attack is possible. The exploit is now public and may be used. | |||||
| CVE-2025-15354 | 1 Angeljudesuarez | 1 Society Management System | 2025-12-31 | 7.5 HIGH | 7.3 HIGH |
| A flaw has been found in itsourcecode Society Management System 1.0. The affected element is an unknown function of the file /admin/add_admin.php. Executing manipulation of the argument Username can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published and may be used. | |||||
| CVE-2024-44065 | 1 Magicbug | 1 Cloudlog | 2025-12-31 | N/A | 9.8 CRITICAL |
| Time-based blind SQL Injection vulnerability in Cloudlog v2.6.15 at the endpoint /index.php/logbookadvanced/search in the qsoresults parameter. | |||||
| CVE-2025-46268 | 1 Advantech | 1 Webaccess\/scada | 2025-12-31 | N/A | 6.3 MEDIUM |
| Advantech WebAccess/SCADA is vulnerable to SQL injection, which may allow an attacker to execute arbitrary SQL commands. | |||||
| CVE-2025-63948 | 1 Craigtaub | 1 Phpmsadmin | 2025-12-31 | N/A | 5.4 MEDIUM |
| A SQL Injection vulnerability exists in phpMsAdmin version 2.2 in the database_mode.php file. An attacker can execute arbitrary SQL commands via the dbname parameter, potentially leading to information disclosure or database manipulation. | |||||
| CVE-2023-53917 | 1 Powerstonegh | 1 Affiliate Me | 2025-12-31 | N/A | 6.5 MEDIUM |
| Affiliate Me version 5.0.1 contains a SQL injection vulnerability in the admin.php endpoint that allows authenticated administrators to manipulate database queries. Attackers can exploit the 'id' parameter with crafted union-based queries to extract sensitive user information including usernames and password hashes. | |||||
| CVE-2024-58308 | 1 Opensolution | 1 Quick Cms | 2025-12-31 | N/A | 9.8 CRITICAL |
| Quick.CMS 6.7 contains a SQL injection vulnerability that allows unauthenticated attackers to bypass login authentication by manipulating the login form. Attackers can inject specific SQL payloads like ' or '1'='1 to gain unauthorized administrative access to the system. | |||||
| CVE-2025-64519 | 1 Torrentpier | 1 Torrentpier | 2025-12-31 | N/A | 8.8 HIGH |
| TorrentPier is an open source BitTorrent Public/Private tracker engine, written in php. In versions up to and including 2.8.8, an authenticated SQL injection vulnerability exists in the moderator control panel (`modcp.php`). Users with moderator permissions can exploit this vulnerability by supplying a malicious `topic_id` (`t`) parameter. This allows an authenticated moderator to execute arbitrary SQL queries, leading to the potential disclosure, modification, or deletion of any data in the database. Although it requires moderator privileges, it is still severe. A malicious or compromised moderator account can leverage this vulnerability to read, modify, or delete data. A patch is available at commit 6a0f6499d89fa5d6e2afa8ee53802a1ad11ece80. | |||||
| CVE-2021-47720 | 1 Orangescrum | 1 Orangescrum | 2025-12-31 | N/A | 7.1 HIGH |
| Orangescrum 1.8.0 contains an authenticated SQL injection vulnerability that allows authorized users to manipulate database queries through multiple vulnerable parameters. Attackers can inject malicious SQL code into parameters like old_project_id, project_id, uuid, and uniqid to potentially extract or modify database information. | |||||
| CVE-2025-30774 | 1 Ays-pro | 1 Quiz Maker | 2025-12-31 | N/A | 8.2 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ays Pro Quiz Maker allows SQL Injection. This issue affects Quiz Maker: from n/a through 6.6.8.7. | |||||
| CVE-2025-64280 | 1 Centralsquare | 1 Community Development | 2025-12-31 | N/A | 9.8 CRITICAL |
| A SQL Injection Vulnerability in CentralSquare Community Development 19.5.7 allows attackers to inject SQL via the permit_no field. | |||||
| CVE-2025-56385 | 1 Wellsky | 1 Harmony | 2025-12-31 | N/A | 9.8 CRITICAL |
| A SQL injection vulnerability exists in the login functionality of WellSky Harmony version 4.1.0.2.83 within the 'xmHarmony.asp' endpoint. User-supplied input to the 'TXTUSERID' parameter is not properly sanitized before being incorporated into a SQL query. Successful authentication may lead to authentication bypass, data leakage, or full system compromise of backend database contents. | |||||
| CVE-2025-15004 | 1 Dedecms | 1 Dedecms | 2025-12-31 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was identified in DedeCMS up to 5.7.118. This impacts an unknown function of the file /freelist_main.php. The manipulation of the argument orderby leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. | |||||