Search Results (37405 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-40827 1 Codeigniter 1 Codeigniter 2025-04-09 9.8 Critical
B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php where() function. Note: Multiple third parties have disputed this as not a valid vulnerability.
CVE-2022-3923 1 Activecampaign 1 Activecampaign For Woocommerce 2025-04-09 4.3 Medium
The ActiveCampaign for WooCommerce WordPress plugin before 1.9.8 does not have authorisation check when cleaning up its error logs via an AJAX action, which could allow any authenticated users, such as subscriber to call it and remove error logs.
CVE-2024-53473 1 Wegia 1 Wegia 2025-04-09 7.5 High
WeGIA 3.2.0 before 3998672 does not verify permission to change a password.
CVE-2025-22140 1 Wegia 1 Wegia 2025-04-09 8.8 High
WeGIA is a web manager for charitable institutions. A SQL Injection vulnerability was identified in the /html/funcionario/dependente_listar_um.php endpoint, specifically in the id_dependente parameter. This vulnerability allows attackers to execute arbitrary SQL commands, compromising the confidentiality, integrity, and availability of the database. This vulnerability is fixed in 3.2.8.
CVE-2025-22141 1 Wegia 1 Wegia 2025-04-09 8.8 High
WeGIA is a web manager for charitable institutions. A SQL Injection vulnerability was identified in the /dao/verificar_recursos_cargo.php endpoint, specifically in the cargo parameter. This vulnerability allows attackers to execute arbitrary SQL commands, compromising the confidentiality, integrity, and availability of the database. This vulnerability is fixed in 3.2.8.
CVE-2022-38492 1 Easyvista 1 Service Manager 2025-04-09 7.7 High
An issue was discovered in EasyVista 2020.2.125.3 and 2022.1.109.0.03. One parameter allows SQL injection. Version 2022.1.110.1.02 fixes the vulnerability.
CVE-2022-38490 1 Easyvista 1 Service Manager 2025-04-09 9.6 Critical
An issue was discovered in EasyVista 2020.2.125.3 and 2022.1.109.0.03. Some parameters allow SQL injection. Version 2022.1.110.1.02 corrects this issue.
CVE-2023-39993 1 Wpmet 1 Elements Kit Elementor Addons 2025-04-09 4.3 Medium
Missing Authorization vulnerability in Wpmet Elements kit Elementor addons.This issue affects Elements kit Elementor addons: from n/a through 2.9.0.
CVE-2022-4855 1 Lead Management System Project 1 Lead Management System 2025-04-09 7.3 High
A vulnerability, which was classified as critical, was found in SourceCodester Lead Management System 1.0. Affected is an unknown function of the file login.php. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-217020.
CVE-2022-4864 1 Froxlor 1 Froxlor 2025-04-09 5.4 Medium
Argument Injection in GitHub repository froxlor/froxlor prior to 2.0.0-beta1.
CVE-2023-0091 1 Redhat 4 Keycloak, Red Hat Single Sign On, Rhosemc and 1 more 2025-04-09 3.8 Low
A flaw was found in Keycloak, where it did not properly check client tokens for possible revocation in its client credential flow. This flaw allows an attacker to access or modify potentially sensitive information.
CVE-2022-47866 1 Lead Management System Project 1 Lead Management System 2025-04-09 9.8 Critical
Lead management system v1.0 is vulnerable to SQL Injection via the id parameter in removeBrand.php.
CVE-2022-47865 1 Lead Management System Project 1 Lead Management System 2025-04-09 9.8 Critical
Lead Management System v1.0 is vulnerable to SQL Injection via the id parameter in removeOrder.php.
CVE-2022-47864 1 Lead Management System Project 1 Lead Management System 2025-04-09 9.8 Critical
Lead Management System v1.0 is vulnerable to SQL Injection via the id parameter in removeCategories.php.
CVE-2022-47862 1 Lead Management System Project 1 Lead Management System 2025-04-09 9.8 Critical
Lead Management System v1.0 is vulnerable to SQL Injection via the customer_id parameter in ajax_represent.php.
CVE-2022-47861 1 Lead Management System Project 1 Lead Management System 2025-04-09 9.8 Critical
Lead Management System v1.0 is vulnerable to SQL Injection via the id parameter in removeLead.php.
CVE-2022-47860 1 Lead Management System Project 1 Lead Management System 2025-04-09 9.8 Critical
Lead Management System v1.0 is vulnerable to SQL Injection via the id parameter in removeProduct.php.
CVE-2022-47859 1 Lead Management System Project 1 Lead Management System 2025-04-09 9.8 Critical
Lead Management System v1.0 is vulnerable to SQL Injection via the user_id parameter in changePassword.php.
CVE-2022-47790 1 Dynamic Transaction Queuing System Project 1 Dynamic Transaction Queuing System 2025-04-09 9.8 Critical
Sourcecodester Dynamic Transaction Queuing System v1.0 is vulnerable to SQL Injection via /queuing/index.php?page=display&id=.
CVE-2025-22211 1 Webdesigner-profi 1 Joomshopping 2025-04-09 3.4 Low
A SQL injection vulnerability in the JoomShopping component versions 1.0.0-1.4.3 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands in the country management area in backend.