| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php where() function. Note: Multiple third parties have disputed this as not a valid vulnerability. |
| The ActiveCampaign for WooCommerce WordPress plugin before 1.9.8 does not have authorisation check when cleaning up its error logs via an AJAX action, which could allow any authenticated users, such as subscriber to call it and remove error logs. |
| WeGIA 3.2.0 before 3998672 does not verify permission to change a password. |
| WeGIA is a web manager for charitable institutions. A SQL Injection vulnerability was identified in the /html/funcionario/dependente_listar_um.php endpoint, specifically in the id_dependente parameter. This vulnerability allows attackers to execute arbitrary SQL commands, compromising the confidentiality, integrity, and availability of the database. This vulnerability is fixed in 3.2.8. |
| WeGIA is a web manager for charitable institutions. A SQL Injection vulnerability was identified in the /dao/verificar_recursos_cargo.php endpoint, specifically in the cargo parameter. This vulnerability allows attackers to execute arbitrary SQL commands, compromising the confidentiality, integrity, and availability of the database. This vulnerability is fixed in 3.2.8. |
| An issue was discovered in EasyVista 2020.2.125.3 and 2022.1.109.0.03. One parameter allows SQL injection. Version 2022.1.110.1.02 fixes the vulnerability. |
| An issue was discovered in EasyVista 2020.2.125.3 and 2022.1.109.0.03. Some parameters allow SQL injection. Version 2022.1.110.1.02 corrects this issue. |
| Missing Authorization vulnerability in Wpmet Elements kit Elementor addons.This issue affects Elements kit Elementor addons: from n/a through 2.9.0. |
| A vulnerability, which was classified as critical, was found in SourceCodester Lead Management System 1.0. Affected is an unknown function of the file login.php. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-217020. |
| Argument Injection in GitHub repository froxlor/froxlor prior to 2.0.0-beta1. |
| A flaw was found in Keycloak, where it did not properly check client tokens for possible revocation in its client credential flow. This flaw allows an attacker to access or modify potentially sensitive information. |
| Lead management system v1.0 is vulnerable to SQL Injection via the id parameter in removeBrand.php. |
| Lead Management System v1.0 is vulnerable to SQL Injection via the id parameter in removeOrder.php. |
| Lead Management System v1.0 is vulnerable to SQL Injection via the id parameter in removeCategories.php. |
| Lead Management System v1.0 is vulnerable to SQL Injection via the customer_id parameter in ajax_represent.php. |
| Lead Management System v1.0 is vulnerable to SQL Injection via the id parameter in removeLead.php. |
| Lead Management System v1.0 is vulnerable to SQL Injection via the id parameter in removeProduct.php. |
| Lead Management System v1.0 is vulnerable to SQL Injection via the user_id parameter in changePassword.php. |
| Sourcecodester Dynamic Transaction Queuing System v1.0 is vulnerable to SQL Injection via /queuing/index.php?page=display&id=. |
| A SQL injection vulnerability in the JoomShopping component versions 1.0.0-1.4.3 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands in the country management area in backend. |