Search Results (37332 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-22452 1 Phpmyadmin 1 Phpmyadmin 2025-04-01 9.8 Critical
SQL Injection vulnerability in function getTableCreationQuery in CreateAddField.php in phpMyAdmin 5.x before 5.2.0 via the tbl_storage_engine or tbl_collation parameters to tbl_create.php.
CVE-2022-41142 1 Centreon 1 Centreon 2025-04-01 8.8 High
This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of requests to configure poller resources. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to escalate privileges to the level of an administrator. Was ZDI-CAN-18304.
CVE-2022-42396 1 Pdf-xchange 1 Pdf-xchange Editor 2025-04-01 7.8 High
This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XPS files. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18278.
CVE-2024-3852 2 Mozilla, Redhat 7 Firefox, Thunderbird, Enterprise Linux and 4 more 2025-04-01 7.5 High
GetBoundName could return the wrong version of an object when JIT optimizations were applied. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10.
CVE-2023-22579 1 Sequelizejs 1 Sequelize 2025-04-01 9.9 Critical
Due to improper parameter filtering in the sequalize js library, can a attacker peform injection.
CVE-2024-51065 1 Phpgurukul 1 Beauty Parlour Management System 2025-03-31 9.8 Critical
Phpgurukul Beauty Parlour Management System v1.1 is vulnerable to SQL Injection in admin/index.php via the the username parameter.
CVE-2024-51064 1 Phpgurukul 1 Teachers Record Management System 2025-03-31 9.8 Critical
Phpgurukul Teachers Record Management System v2.1 is vulnerable to SQL Injection via the tid parameter to admin/queries.php.
CVE-2024-51063 1 Phpgurukul 1 Teachers Record Management System 2025-03-31 9.1 Critical
Phpgurukul Teachers Record Management System v2.1 is vulnerable to SQL Injection in add-teacher.php via the mobile number or email parameter.
CVE-2024-46472 1 Codeastro 1 Membership Management System 2025-03-31 8.6 High
CodeAstro Membership Management System 1.0 is vulnerable to SQL Injection via the parameter 'email' in the Login Page.
CVE-2021-38360 1 Wp-publications Project 1 Wp-publications 2025-03-31 8.3 High
The wp-publications WordPress plugin is vulnerable to restrictive local file inclusion via the Q_FILE parameter found in the ~/bibtexbrowser.php file which allows attackers to include local zip files and achieve remote code execution, in versions up to and including 0.0.
CVE-2021-34648 1 Ninjaforms 1 Ninja Forms 2025-03-31 6.4 Medium
The Ninja Forms WordPress plugin is vulnerable to arbitrary email sending via the trigger_email_action function found in the ~/includes/Routes/Submissions.php file, in versions up to and including 3.5.7. This allows authenticated attackers to send arbitrary emails from the affected server via the /ninja-forms-submissions/email-action REST API which can be used to socially engineer victims.
CVE-2022-44297 1 Sscms 1 Siteserver Cms 2025-03-31 9.8 Critical
SiteServer CMS 7.1.3 has a SQL injection vulnerability the background.
CVE-2021-34647 1 Ninjaforms 1 Ninja Forms 2025-03-31 6.5 Medium
The Ninja Forms WordPress plugin is vulnerable to sensitive information disclosure via the bulk_export_submissions function found in the ~/includes/Routes/Submissions.php file, in versions up to and including 3.5.7. This allows authenticated attackers to export all Ninja Forms submissions data via the /ninja-forms-submissions/export REST API which can include personally identifiable information.
CVE-2021-39347 1 Paymentplugins 1 Stripe For Woocommerce 2025-03-31 4.3 Medium
The Stripe for WooCommerce WordPress plugin is missing a capability check on the save() function found in the ~/includes/admin/class-wc-stripe-admin-user-edit.php file that makes it possible for attackers to configure their account to use other site users unique STRIPE identifier and make purchases with their payment accounts. This affects versions 3.0.0 - 3.3.9.
CVE-2021-39321 1 Heateor 1 Sassy Social Share 2025-03-31 8.8 High
Version 3.3.23 of the Sassy Social Share WordPress plugin is vulnerable to PHP Object Injection via the wp_ajax_heateor_sss_import_config AJAX action due to deserialization of unvalidated user supplied inputs via the import_config function found in the ~/admin/class-sassy-social-share-admin.php file. This can be exploited by underprivileged authenticated users due to a missing capability check on the import_config function.
CVE-2021-39341 1 Optinmonster 1 Optinmonster 2025-03-31 8.2 High
The OptinMonster WordPress plugin is vulnerable to sensitive information disclosure and unauthorized setting updates due to insufficient authorization validation via the logged_in_or_has_api_key function in the ~/OMAPI/RestApi.php file that can used to exploit inject malicious web scripts on sites with the plugin installed. This affects versions up to, and including, 2.6.4.
CVE-2022-42418 1 Pdf-xchange 1 Pdf-xchange Editor 2025-03-31 7.8 High
This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TIF files. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18677.
CVE-2024-48280 1 Phpgurukul 2 User Registration \& Login And User Management System, User Registration And Login And User Management System 2025-03-31 7.6 High
A SQL Injection vulnerability was found in /search-result.php of PHPGurukul User Registration & Login and User Management System 3.2, which allows remote attackers to execute arbitrary SQL command via the fromdate parameter in a POST HTTP request.
CVE-2024-48282 1 Phpgurukul 2 User Registration \& Login And User Management System, User Registration And Login And User Management System 2025-03-31 7.6 High
A SQL Injection vulnerability was found in /password-recovery.php of PHPGurukul User Registration & Login and User Management System 3.2, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the femail parameter in a POST HTTP request.
CVE-2024-28557 1 Mayurik 1 Php Task Management System 2025-03-31 9.8 Critical
SQL Injection vulnerability in Sourcecodester php task management system v1.0, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via crafted payload to update-admin.php.