Total
17794 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-2998 | 1 Trend Micro | 1 Control Manager | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the ad hoc query module in Trend Micro Control Manager (TMCM) before 5.5.0.1823 and 6.0 before 6.0.0.1449 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2009-4936 | 1 Spirate | 1 Small Pirate | 2025-04-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Small Pirate (SPirate) 2.1 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to the default URI in an rss .xml action, or the id parameter to (2) pag1.php, (3) pag1-guest.php, (4) rss-comment_post.php (aka rss-coment_post.php), or (5) rss-pic-comment.php. | |||||
| CVE-2011-5071 | 1 Sitracker | 1 Support Incident Tracker | 2025-04-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Support Incident Tracker (aka SiT!) before 3.64 allow remote attackers to execute arbitrary SQL commands via the (1) exc[] parameter to report_marketing.php, (2) selected[] parameter to tasks.php, (3) sites[] parameter to billable_incidents.php, or (4) search_string parameter to search.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-4805 | 1 Will Kraft | 1 Ez-blog | 2025-04-11 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in EZ-Blog Beta 1, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via (1) the storyid parameter to public/view.php or (2) the kill parameter to admin/remove.php. | |||||
| CVE-2024-2585 | 1 Amss\+\+ Project | 1 Amss\+\+ | 2025-04-10 | N/A | 8.2 HIGH |
| Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/modules/book/main/select_send_2.php, in the 'sd_index' parameter. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB. | |||||
| CVE-2023-36813 | 1 Kanboard | 1 Kanboard | 2025-04-10 | N/A | 7.1 HIGH |
| Kanboard is project management software that focuses on the Kanban methodology. In versions prior to 1.2.31authenticated user is able to perform a SQL Injection, leading to a privilege escalation or loss of confidentiality. It appears that in some insert and update operations, the code improperly uses the PicoDB library to update/insert new information. Version 1.2.31 contains a fix for this issue. | |||||
| CVE-2022-4059 | 1 Blocksera | 1 Cryptocurrency Widgets Pack | 2025-04-10 | N/A | 9.8 CRITICAL |
| The Cryptocurrency Widgets Pack WordPress plugin before 2.0 does not sanitise and escape some parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection. | |||||
| CVE-2025-26605 | 1 Wegia | 1 Wegia | 2025-04-10 | N/A | 8.8 HIGH |
| WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQL Injection vulnerability was discovered in the WeGIA application, `deletar_cargo.php` endpoint. This vulnerability could allow an authorized attacker to execute arbitrary SQL queries, allowing access to sensitive information. This issue has been addressed in version 3.2.13 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2024-25910 | 1 Skymoonlabs | 1 Moveto | 2025-04-10 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Skymoonlabs MoveTo.This issue affects MoveTo: from n/a through 6.2. | |||||
| CVE-2024-5314 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2025-04-10 | N/A | 9.1 CRITICAL |
| Vulnerabilities in Dolibarr ERP - CRM that affect version 9.0.1 and allow SQL injection. These vulnerabilities could allow a remote attacker to send a specially crafted SQL query to the system and retrieve all the information stored in the database through the parameters sortorder y sortfield in /dolibarr/admin/dict.php. | |||||
| CVE-2024-5315 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2025-04-10 | N/A | 9.1 CRITICAL |
| Vulnerabilities in Dolibarr ERP - CRM that affect version 9.0.1 and allow SQL injection. These vulnerabilities could allow a remote attacker to send a specially crafted SQL query to the system and retrieve all the information stored in the database through the parameters viewstatut in /dolibarr/commande/list.php. | |||||
| CVE-2022-4360 | 1 Wp Rss By Publishers Project | 1 Wp Rss By Publishers | 2025-04-10 | N/A | 7.2 HIGH |
| The WP RSS By Publishers WordPress plugin through 0.1 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin | |||||
| CVE-2023-6191 | 1 Webpdks | 1 Webpdks | 2025-04-10 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Egehan Security WebPDKS allows SQL Injection.This issue affects WebPDKS: through 20240329. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-57631 | 1 Monetdb | 1 Monetdb | 2025-04-10 | N/A | 7.5 HIGH |
| An issue in the exp_ref component of MonetDB Server v11.49.1 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | |||||
| CVE-2024-57632 | 1 Monetdb | 1 Monetdb | 2025-04-10 | N/A | 7.5 HIGH |
| An issue in the is_column_unique component of MonetDB Server v11.49.1 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | |||||
| CVE-2024-57633 | 1 Monetdb | 1 Monetdb | 2025-04-10 | N/A | 7.5 HIGH |
| An issue in the exps_bind_column component of MonetDB Server v11.49.1 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | |||||
| CVE-2024-57634 | 1 Monetdb | 1 Monetdb | 2025-04-10 | N/A | 7.5 HIGH |
| An issue in the exp_copy component of MonetDB Server v11.49.1 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | |||||
| CVE-2024-57624 | 1 Monetdb | 1 Monetdb | 2025-04-10 | N/A | 7.5 HIGH |
| An issue in the exp_atom component of MonetDB Server v11.49.1 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | |||||
| CVE-2024-57625 | 1 Monetdb | 1 Monetdb | 2025-04-10 | N/A | 7.5 HIGH |
| An issue in the merge_table_prune_and_unionize component of MonetDB Server v11.49.1 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | |||||
| CVE-2024-57626 | 1 Monetdb | 1 Monetdb | 2025-04-10 | N/A | 7.5 HIGH |
| An issue in the mat_join2 component of MonetDB Server v11.49.1 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | |||||