Total
12999 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-48604 | 1 Sciencelogic | 1 Sl1 | 2024-10-10 | 8.8 High |
| A SQL injection vulnerability exists in the “logging export” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database. | ||||
| CVE-2024-38348 | 2 Code-projects, Health Care Hospital Management System Project | 2 Health Care Hospital Management System, Health Care Hospital Management System | 2024-10-10 | 6.5 Medium |
| CodeProjects Health Care hospital Management System v1.0 was discovered to contain a SQL injection vulnerability in the Staff Info module via the searvalu parameter. | ||||
| CVE-2023-39292 | 1 Mitel | 3 Mivoice Office 400, Mivoice Office 400 Smb Controller, Mivoice Office 400 Smb Controller Firmware | 2024-10-09 | 9.8 Critical |
| A SQL Injection vulnerability has been identified in the MiVoice Office 400 SMB Controller through 1.2.5.23 which could allow a malicious actor to access sensitive information and execute arbitrary database and management operations. | ||||
| CVE-2022-48599 | 1 Sciencelogic | 1 Sl1 | 2024-10-09 | 8.8 High |
| A SQL injection vulnerability exists in the “reporter events type” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database. | ||||
| CVE-2022-48600 | 1 Sciencelogic | 1 Sl1 | 2024-10-09 | 8.8 High |
| A SQL injection vulnerability exists in the “notes view” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database. | ||||
| CVE-2022-48601 | 1 Sciencelogic | 1 Sl1 | 2024-10-09 | 8.8 High |
| A SQL injection vulnerability exists in the “network print report” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database. | ||||
| CVE-2023-36311 | 1 Phpjabbers | 1 Document Creator | 2024-10-09 | 9.8 Critical |
| There is a SQL injection (SQLi) vulnerability in the "column" parameter of index.php in PHPJabbers Document Creator v1.0. | ||||
| CVE-2023-37069 | 1 Online Hospital Management System Project | 1 Online Hospital Management System | 2024-10-09 | 9.8 Critical |
| Code-Projects Online Hospital Management System V1.0 is vulnerable to SQL Injection (SQLI) attacks, which allow an attacker to manipulate the SQL queries executed by the application. The application fails to properly validate user-supplied input in the login id and password fields during the login process, enabling an attacker to inject malicious SQL code. | ||||
| CVE-2020-24950 | 1 Thedaylightstudio | 1 Fuel Cms | 2024-10-09 | 8.8 High |
| SQL Injection vulnerability in file Base_module_model.php in Daylight Studio FUEL-CMS version 1.4.9, allows remote attackers to execute arbitrary code via the col parameter to function list_items. | ||||
| CVE-2023-39805 | 1 Idreamsoft | 1 Icms | 2024-10-09 | 9.8 Critical |
| iCMS v7.0.16 was discovered to contain a SQL injection vulnerability via the where parameter at admincp.php. | ||||
| CVE-2023-39806 | 1 Idreamsoft | 1 Icms | 2024-10-09 | 9.8 Critical |
| iCMS v7.0.16 was discovered to contain a SQL injection vulnerability via the bakupdata function. | ||||
| CVE-2023-3864 | 2 Microsoft, Snowsoftware | 2 Windows, Snow License Manager | 2024-10-09 | 7.2 High |
| Blind SQL injection in a service running in Snow Software license manager from version 8.0.0 up to and including 9.30.1 on Windows allows a logged in user with high privileges to inject SQL commands via the web portal. | ||||
| CVE-2023-4188 | 2 Instantcms, Instantsoft | 2 Instantcms, Instantcms | 2024-10-09 | 9.1 Critical |
| SQL Injection in GitHub repository instantsoft/icms2 prior to 2.16.1-git. | ||||
| CVE-2024-5984 | 1 Itsourcecode | 1 Online Book Store Project | 2024-10-09 | 7.3 High |
| A vulnerability was found in itsourcecode Online Bookstore 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file book.php. The manipulation of the argument bookisbn leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-268460. | ||||
| CVE-2021-29378 | 1 Pearadmin | 1 Pear Admin Think | 2024-10-09 | 8.8 High |
| SQL Injection in pear-admin-think version 2.1.2, allows attackers to execute arbitrary code and escalate privileges via crafted GET request to Crud.php. | ||||
| CVE-2020-36034 | 1 School Faculty Scheduling System Project | 1 School Faculty Scheduling System | 2024-10-09 | 9.8 Critical |
| SQL Injection vulnerability in oretnom23 School Faculty Scheduling System version 1.0, allows remote attacker to execute arbitrary code, escalate privilieges, and gain sensitive information via crafted payload to id parameter in manage_user.php. | ||||
| CVE-2020-36136 | 1 Cskaza | 1 Cszcms | 2024-10-09 | 7.5 High |
| SQL Injection vulnerability in cskaza cszcms version 1.2.9, allows attackers to gain sensitive information via pm_sendmail parameter in csz_model.php. | ||||
| CVE-2023-37847 | 1 Novel-plus | 1 Novel-plus | 2024-10-09 | 9.8 Critical |
| novel-plus v3.6.2 was discovered to contain a SQL injection vulnerability. | ||||
| CVE-2024-0566 | 1 Storeapps | 1 Smart Manager | 2024-10-09 | 7.2 High |
| The Smart Manager WordPress plugin before 8.28.0 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin. | ||||
| CVE-2023-6647 | 1 Amttgroup | 1 Hibos | 2024-10-09 | 7.3 High |
| A vulnerability, which was classified as critical, has been found in AMTT HiBOS 1.0. Affected by this issue is some unknown functionality. The manipulation of the argument Type leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-247340. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||