Total
12999 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-35066 | 1 Infodrom | 1 E-invoice Approval System | 2024-10-23 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Infodrom Software E-Invoice Approval System allows SQL Injection.This issue affects E-Invoice Approval System: before v.20230701. | ||||
| CVE-2024-42005 | 2 Djangoproject, Redhat | 4 Django, Ansible Automation Platform, Satellite and 1 more | 2024-10-23 | 9.8 Critical |
| An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. QuerySet.values() and values_list() methods on models with a JSONField are subject to SQL injection in column aliases via a crafted JSON object key as a passed *arg. | ||||
| CVE-2024-25210 | 1 Rems | 1 Simple Expense Tracker App | 2024-10-23 | 9.8 Critical |
| Simple Expense Tracker v1.0 was discovered to contain a SQL injection vulnerability via the expense parameter at /endpoint/delete_expense.php. | ||||
| CVE-2024-25211 | 1 Rems | 1 Simple Expense Tracker App | 2024-10-23 | 9.8 Critical |
| Simple Expense Tracker v1.0 was discovered to contain a SQL injection vulnerability via the category parameter at /endpoint/delete_category.php. | ||||
| CVE-2024-25209 | 1 Rems | 1 Barangay Population Monitoring System | 2024-10-23 | 9.8 Critical |
| Barangay Population Monitoring System 1.0 was discovered to contain a SQL injection vulnerability via the resident parameter at /endpoint/delete-resident.php. | ||||
| CVE-2024-25217 | 1 Oretnom23 | 1 Online Medicine Ordering System | 2024-10-23 | 9.8 Critical |
| Online Medicine Ordering System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /omos/?p=products/view_product. | ||||
| CVE-2024-25223 | 1 Code-projects | 1 Simple Admin Panel | 2024-10-23 | 9.8 Critical |
| Simple Admin Panel App v1.0 was discovered to contain a SQL injection vulnerability via the orderID parameter at /adminView/viewEachOrder.php. | ||||
| CVE-2024-22625 | 1 Campcodes | 1 Supplier Management System | 2024-10-23 | 7.2 High |
| Complete Supplier Management System v1.0 is vulnerable to SQL Injection via /Supply_Management_System/admin/edit_category.php?id=. | ||||
| CVE-2023-25196 | 1 Apache | 1 Fineract | 2024-10-23 | 4.3 Medium |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Software Foundation Apache Fineract. Authorized users may be able to change or add data in certain components. This issue affects Apache Fineract: from 1.4 through 1.8.2. | ||||
| CVE-2023-25197 | 1 Apache | 1 Fineract | 2024-10-23 | 6.3 Medium |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Software Foundation apache fineract. Authorized users may be able to exploit this for limited impact on components. This issue affects apache fineract: from 1.4 through 1.8.2. | ||||
| CVE-2024-47223 | 1 Mitel | 1 Micollab | 2024-10-23 | 9.4 Critical |
| A vulnerability in the AWV (Audio, Web and Video Conferencing) component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated attacker to conduct a SQL injection attack due to insufficient sanitization of user input. A successful exploit could allow an attacker to access non-sensitive user provisioning information and execute arbitrary SQL database commands. | ||||
| CVE-2024-48597 | 1 Online Clinic Management System Project | 1 Online Clinic Management System | 2024-10-23 | 8.1 High |
| Online Clinic Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /success/editp.php?action=edit. | ||||
| CVE-2024-35286 | 1 Mitel | 1 Micollab Nupoint Messanger | 2024-10-23 | 9.8 Critical |
| A vulnerability in NuPoint Messenger (NPM) of Mitel MiCollab through 9.8.0.33 allows an unauthenticated attacker to conduct a SQL injection attack due to insufficient sanitization of user input. A successful exploit could allow an attacker to access sensitive information and execute arbitrary database and management operations. | ||||
| CVE-2024-39753 | 1 Trendmicro | 1 Apex One | 2024-10-23 | 7.5 High |
| An modOSCE SQL Injection vulnerability in Trend Micro Apex One could allow a remote attacker to execute arbitrary code on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | ||||
| CVE-2023-26859 | 1 Brevo | 1 Brevo | 2024-10-23 | 9.8 Critical |
| SQL injection vulnerability found in PrestaShop sendinblue v.4.0.15 and before allow a remote attacker to gain privileges via the ajaxOrderTracking.php component. | ||||
| CVE-2024-10169 | 2 Code-projects, Fabianros | 2 Hospital Management System, Hospital Management System | 2024-10-23 | 6.3 Medium |
| A vulnerability classified as critical was found in code-projects Hospital Management System 1.0. This vulnerability affects unknown code of the file change-password.php. The manipulation of the argument cpass leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-10196 | 1 Code-projects | 1 Pharmacy Management System | 2024-10-23 | 6.3 Medium |
| A vulnerability was found in code-projects Pharmacy Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /add_new_invoice.php. The manipulation of the argument text leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2022-26120 | 1 Fortinet | 1 Fortiadc | 2024-10-22 | 5.4 Medium |
| Multiple improper neutralization of special elements used in an SQL Command ('SQL Injection') vulnerabilities [CWE-89] in FortiADC management interface 7.0.0 through 7.0.1, 5.0.0 through 6.2.2 may allow an authenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests. | ||||
| CVE-2023-34991 | 1 Fortinet | 1 Fortiwlm | 2024-10-22 | 9.3 Critical |
| A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 and 8.4.0 through 8.4.2 and 8.3.0 through 8.3.2 and 8.2.2 allows attacker to execute unauthorized code or commands via a crafted http request. | ||||
| CVE-2022-33875 | 1 Fortinet | 1 Fortiadc | 2024-10-22 | 5.1 Medium |
| An improper neutralization of special elements used in an SQL Command ('SQL Injection') vulnerability in Fortinet FortiADC version 7.1.0, version 7.0.0 through 7.0.2 and version 6.2.4 and below allows an authenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests. | ||||