Total
17789 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-45069 | 1 Total-soft | 1 Video Gallery | 2025-02-26 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Video Gallery by Total-Soft Video Gallery – Best WordPress YouTube Gallery Plugin allows SQL Injection.This issue affects Video Gallery – Best WordPress YouTube Gallery Plugin: from n/a through 2.1.3. | |||||
| CVE-2023-35911 | 1 Creative-solutions | 1 Contact Form Generator | 2025-02-26 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Creative Solutions Contact Form Generator : Creative form builder for WordPress allows SQL Injection.This issue affects Contact Form Generator : Creative form builder for WordPress: from n/a through 2.6.0. | |||||
| CVE-2024-0610 | 1 Papaki | 1 Piraeus Bank Woocommerce Payment Gateway | 2025-02-26 | N/A | 9.8 CRITICAL |
| The Piraeus Bank WooCommerce Payment Gateway plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'MerchantReference' parameter in all versions up to, and including, 1.6.5.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | |||||
| CVE-2024-5356 | 1 Anji-plus | 1 Aj-report | 2025-02-26 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability, which was classified as critical, was found in anji-plus AJ-Report up to 1.4.1. Affected is an unknown function of the file /dataSet/testTransform;swagger-ui. The manipulation of the argument dynSentence leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-266268. | |||||
| CVE-2025-1726 | 2025-02-26 | N/A | 4.3 MEDIUM | ||
| There is a SQL injection issue in Esri ArcGIS Monitor versions 2023.0 through 2024.x on Windows and Linux that allows a remote, authenticated attacker with low privileges to improperly read limited database schema information by passing crafted queries. While it is possible to enumerate some internal database identifiers, the impact to the confidentiality vector is "LOW' because any sensitive data returned in a response is encrypted. There is no evidence of impact to the integrity or availability vectors. This issue is addressed in ArcGIS Monitor 2024.1. | |||||
| CVE-2023-27041 | 1 School Registration And Fee System Project | 1 School Registration And Fee System | 2025-02-26 | N/A | 9.8 CRITICAL |
| School Registration and Fee System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at/bilal final/edit_user.php. | |||||
| CVE-2024-12030 | 1 Pluginus | 1 Wordpress Meta Data And Taxonomies Filter | 2025-02-26 | N/A | 6.5 MEDIUM |
| The MDTF – Meta Data and Taxonomies Filter plugin for WordPress is vulnerable to SQL Injection via the 'key' attribute of the 'mdf_value' shortcode in all versions up to, and including, 1.3.3.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | |||||
| CVE-2023-27709 | 1 Dedecms | 1 Dedecms | 2025-02-26 | N/A | 7.2 HIGH |
| SQL injection vulnerability found in DedeCMS v.5.7.106 allows a remote attacker to execute arbitrary code via the rank_* parameter in the /dedestory_catalog.php endpoint. | |||||
| CVE-2023-27707 | 1 Dedecms | 1 Dedecms | 2025-02-26 | N/A | 7.2 HIGH |
| SQL injection vulnerability found in DedeCMS v.5.7.106 allows a remote attacker to execute arbitrary code via the rank_* parameter in the /dede/group_store.php endpoint. | |||||
| CVE-2023-27569 | 1 Prestashop | 1 Eo Tags | 2025-02-26 | N/A | 9.8 CRITICAL |
| The eo_tags package before 1.3.0 for PrestaShop allows SQL injection via an HTTP User-Agent or Referer header. | |||||
| CVE-2023-27250 | 1 Online Book Store Project Project | 1 Online Book Store Project | 2025-02-26 | N/A | 9.8 CRITICAL |
| Online Book Store Project v1.0 is vulnerable to SQL Injection via /bookstore/bookPerPub.php. | |||||
| CVE-2024-29001 | 1 Solarwinds | 1 Solarwinds Platform | 2025-02-26 | N/A | 7.5 HIGH |
| A SolarWinds Platform SWQL Injection Vulnerability was identified in the user interface. This vulnerability requires authentication and user interaction to be exploited. | |||||
| CVE-2024-28996 | 1 Solarwinds | 1 Solarwinds Platform | 2025-02-26 | N/A | 7.5 HIGH |
| The SolarWinds Platform was determined to be affected by a SWQL Injection Vulnerability. Attack complexity is high for this vulnerability. | |||||
| CVE-2023-50395 | 1 Solarwinds | 1 Solarwinds Platform | 2025-02-26 | N/A | 8.0 HIGH |
| SQL Injection Remote Code Execution Vulnerability was found using an update statement in the SolarWinds Platform. This vulnerability requires user authentication to be exploited | |||||
| CVE-2023-35188 | 1 Solarwinds | 1 Solarwinds Platform | 2025-02-26 | N/A | 8.0 HIGH |
| SQL Injection Remote Code Execution Vulnerability was found using a create statement in the SolarWinds Platform. This vulnerability requires user authentication to be exploited. | |||||
| CVE-2023-27570 | 1 Prestashop | 1 Eo Tags | 2025-02-26 | N/A | 9.8 CRITICAL |
| The eo_tags package before 1.4.19 for PrestaShop allows SQL injection via a crafted _ga cookie. | |||||
| CVE-2023-1466 | 1 Oretnom23 | 1 Student Study Center Desk Management System | 2025-02-26 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in SourceCodester Student Study Center Desk Management System 1.0. It has been rated as critical. This issue affects the function view_student of the file admin/?page=students/view_student. The manipulation of the argument id with the input 3' AND (SELECT 2100 FROM (SELECT(SLEEP(5)))FWlC) AND 'butz'='butz leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-223325 was assigned to this vulnerability. | |||||
| CVE-2024-2351 | 1 Codeastro | 1 Ecommerce Website | 2025-02-26 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability classified as critical was found in CodeAstro Ecommerce Site 1.0. Affected by this vulnerability is an unknown functionality of the file action.php of the component Search. The manipulation of the argument cat_id/brand_id/keyword leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256303. | |||||
| CVE-2024-2333 | 1 Codeastro | 1 Membership Management System | 2025-02-26 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability classified as critical has been found in CodeAstro Membership Management System 1.0. Affected is an unknown function of the file /add_members.php. The manipulation of the argument fullname leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256284. | |||||
| CVE-2023-1152 | 1 Utarit | 1 Persolus | 2025-02-26 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Utarit Information Technologies Persolus allows SQL Injection. This issue affects Persolus: before 2.03.93. | |||||