Search Results (37564 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2012-1665 1 Oscmax 1 Oscmax 2025-04-12 N/A
Multiple SQL injection vulnerabilities in the admin panel in osCMax before 2.5.1 allow (1) remote attackers to execute arbitrary SQL commands via the username parameter in a process action to admin/login.php or (2) remote administrators to execute arbitrary SQL commands via the status parameter to admin/stats_monthly_sales.php or (3) country parameter in a process action to admin/create_account_process.php.
CVE-2016-7405 3 Adodb Project, Fedoraproject, Php 3 Adodb, Fedora, Php 2025-04-12 N/A
The qstr method in the PDO driver in the ADOdb Library for PHP before 5.x before 5.20.7 might allow remote attackers to conduct SQL injection attacks via vectors related to incorrect quoting.
CVE-2021-45467 1 Control-webpanel 1 Webpanel 2025-04-12 9.8 Critical
In CWP (aka Control Web Panel or CentOS Web Panel) before 0.9.8.1107, an unauthenticated attacker can use %00 bytes to cause /user/loader.php to register an arbitrary API key, as demonstrated by a /user/loader.php?api=1&scripts= .%00./.%00./api/account_new_create&acc=guadaapi URI. Any number of %00 instances can be used, e.g., .%00%00%00./.%00%00%00./api/account_new_create could also be used for the scripts parameter.
CVE-2022-24119 1 Ge 16 Inet 900, Inet 900 Firmware, Inet Ii 900 and 13 more 2025-04-12 9.8 Critical
Certain General Electric Renewable Energy products have a hidden feature for unauthenticated remote access to the device configuration shell. This affects iNET and iNET II before 8.3.0.
CVE-2022-44137 1 Sanitization Management System Project 1 Sanitization Management System 2025-04-11 7.2 High
SourceCodester Sanitization Management System 1.0 is vulnerable to SQL Injection.
CVE-2013-10005 1 Socks5 Project 1 Socks5 2025-04-11 7.5 High
The RemoteAddr and LocalAddr methods on the returned net.Conn may call themselves, leading to an infinite loop which will crash the program due to a stack overflow.
CVE-2025-25877 1 Angeljudesuarez 1 Simple Chatbox 2025-04-11 3.8 Low
A vulnerability was found in ITSourcecode Simple ChatBox up to 1.0. This vulnerability affects unknown code of the file /admin.php. The attack can use SQL injection to obtain sensitive data.
CVE-2025-1381 1 Code-projects 1 Real Estate Property Management System 2025-04-11 6.3 Medium
A vulnerability was found in code-projects Real Estate Property Management System 1.0. It has been classified as critical. This affects an unknown part of the file /ajax_city.php. The manipulation of the argument CityName leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-55073 1 Mealie 1 Mealie 2025-04-11 7.6 High
A Broken Object Level Authorization vulnerability in the component /api/users/{user-id} of hay-kot mealie v2.2.0 allows users to edit their own profile in order to give themselves more permissions or to change their household.
CVE-2025-25686 1 Sem-cms 1 Semcms 2025-04-11 9.8 Critical
semcms <=5.0 is vulnerable to SQL Injection in SEMCMS_Fuction.php.
CVE-2024-55070 1 Mealie 1 Mealie 2025-04-11 3.1 Low
A Broken Object Level Authorization vulnerability in the component /households/permissions of hay-kot mealie v2.2.0 allows group managers to edit their own permissions.
CVE-2025-2831 1 Mingyuefusu 1 Library Management System 2025-04-11 6.3 Medium
A vulnerability has been found in mingyuefusu 明月复苏 tushuguanlixitong 图书管理系统 up to d4836f6b49cd0ac79a4021b15ce99ff7229d4694 and classified as critical. This vulnerability affects the function getBookList of the file /admin/bookList?page=1&limit=10. The manipulation of the argument condition leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-2832 1 Mingyuefusu 1 Library Management System 2025-04-11 4.3 Medium
A vulnerability was found in mingyuefusu 明月复苏 tushuguanlixitong 图书管理系统 up to d4836f6b49cd0ac79a4021b15ce99ff7229d4694 and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-35354 1 Dino Physics School Assistant Project 1 Dino Physics School Assistant 2025-04-11 9.8 Critical
A vulnerability has been discovered in Diño Physics School Assistant version 2.3. The vulnerability impacts an unidentified code within the file /classes/Master.php?f=save_category. Manipulating the argument id can result in SQL injection.
CVE-2024-35355 1 Dino Physics School Assistant Project 1 Dino Physics School Assistant 2025-04-11 9.8 Critical
A vulnerability has been discovered in Diño Physics School Assistant version 2.3. The vulnerability impacts an unidentified code within the file /classes/Master.php?f=delete_category. Manipulating the argument id can result in SQL injection.
CVE-2024-35356 1 Dino Physics School Assistant Project 1 Dino Physics School Assistant 2025-04-11 6.3 Medium
A vulnerability has been discovered in Diño Physics School Assistant version 2.3. The vulnerability impacts an unidentified code within the file /classes/Master.php?f=save_item. Manipulating the argument id can result in SQL injection.
CVE-2024-35357 1 Dino Physics School Assistant Project 1 Dino Physics School Assistant 2025-04-11 5.3 Medium
A vulnerability has been discovered in Diño Physics School Assistant version 2.3. The vulnerability impacts an unidentified code within the file /classes/Master.php?f=delete_item. Manipulating the argument id can result in SQL injection.
CVE-2024-35350 1 Dino Physics School Assistant Project 1 Dino Physics School Assistant 2025-04-11 9.8 Critical
A vulnerability has been discovered in Diño Physics School Assistant version 2.3. The vulnerability impacts an unidentified code within the file /admin/?page=borrow/view_borrow. Manipulating the argument id can result in SQL injection.
CVE-2024-35358 1 Dino Physics School Assistant Project 1 Dino Physics School Assistant 2025-04-11 6.5 Medium
A vulnerability has been discovered in Diño Physics School Assistant version 2.3. The vulnerability impacts an unidentified code within the file /classes/Master.php?f=view_category. Manipulating the argument id can result in SQL injection.
CVE-2024-35353 1 Dino Physics School Assistant Project 1 Dino Physics School Assistant 2025-04-11 9.8 Critical
A vulnerability has been discovered in Diño Physics School Assistant version 2.3. The vulnerability impacts an unidentified code within the file /classes/Users.php?f=save. Manipulating the argument id can result in improper authorization.