Total
12999 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-5008 | 1 Imsurajghosh | 1 Student Information System | 2024-10-09 | 9.8 Critical |
| Student Information System v1.0 is vulnerable to an unauthenticated SQL Injection vulnerability on the 'regno' parameter of index.php page, allowing an external attacker to dump all the contents of the database contents and bypass the login control. | ||||
| CVE-2023-38916 | 1 Mohammad-ajazuddin | 1 Evotingsystem-php | 2024-10-08 | 8.8 High |
| SQL Injection vulnerability in eVotingSystem-PHP v.1.0 allows a remote attacker to execute arbitrary code and obtain sensitive information via the user input fields. | ||||
| CVE-2023-39850 | 1 Schoolmate Project | 1 Schoolmate | 2024-10-08 | 9.8 Critical |
| Schoolmate v1.3 was discovered to contain multiple SQL injection vulnerabilities via the $courseid and $teacherid parameters at DeleteFunctions.php. | ||||
| CVE-2023-33663 | 1 Ai-dev | 1 Aicustomfee | 2024-10-08 | 9.8 Critical |
| In the module “Customization fields fee for your store” (aicustomfee) from ai-dev module for PrestaShop, an attacker can perform SQL injection up to 0.2.0. Release 0.2.1 fixed this security issue. | ||||
| CVE-2024-9574 | 1 Soplanning | 1 Soplanning | 2024-10-08 | 9.8 Critical |
| SQL injection vulnerability in SOPlanning <1.45, via /soplanning/www/user_groupes.php in the by parameter, which could allow a remote user to submit a specially crafted query, allowing an attacker to retrieve all the information stored in the DB. | ||||
| CVE-2024-9573 | 1 Soplanning | 1 Soplanning | 2024-10-08 | 6.3 Medium |
| SQL injection vulnerability in SOPlanning <1.45, through /soplanning/www/groupe_list.php, in the by parameter, which could allow a remote user to send a specially crafted query and extract all the information stored on the server. | ||||
| CVE-2021-1636 | 1 Microsoft | 1 Sql Server | 2024-10-08 | 8.8 High |
| Microsoft SQL Elevation of Privilege Vulnerability | ||||
| CVE-2024-43699 | 1 Deltaww | 1 Diaenergie | 2024-10-08 | 9.8 Critical |
| Delta Electronics DIAEnergie is vulnerable to an SQL injection in the script AM_RegReport.aspx. An unauthenticated attacker may be able to exploit this issue to obtain records contained in the targeted product. | ||||
| CVE-2024-42417 | 1 Deltaww | 1 Diaenergie | 2024-10-08 | 8.8 High |
| Delta Electronics DIAEnergie is vulnerable to an SQL injection in the script Handler_CFG.ashx. An authenticated attacker may be able to exploit this issue to cause delay in the targeted product. | ||||
| CVE-2023-40921 | 1 Common-services | 1 Soliberte | 2024-10-08 | 9.8 Critical |
| SQL Injection vulnerability in functions/point_list.php in Common Services soliberte before v4.3.03 allows attackers to obtain sensitive information via the lat and lng parameters. | ||||
| CVE-2023-31943 | 1 Online Travel Agency System Project | 1 Online Travel Agency System | 2024-10-08 | 7.2 High |
| SQL injection vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via the ticket_id parameter at ticket_detail.php. | ||||
| CVE-2023-31944 | 1 Online Travel Agency System Project | 1 Online Travel Agency System | 2024-10-08 | 7.2 High |
| SQL injection vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via the emp_id parameter at employee_edit.php. | ||||
| CVE-2023-31945 | 1 Online Travel Agency System Project | 1 Online Travel Agency System | 2024-10-08 | 7.2 High |
| SQL injection vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via the id parameter at daily_expenditure_edit.php. | ||||
| CVE-2023-38838 | 1 Kiduswb | 1 Minimati | 2024-10-08 | 7.5 High |
| SQL injection vulnerability in Kidus Minimati v.1.0.0 allows a remote attacker to obtain sensitive information via the edit.php component. | ||||
| CVE-2023-38905 | 1 Jeecg | 1 Jeecg Boot | 2024-10-08 | 5.5 Medium |
| SQL injection vulnerability in Jeecg-boot v.3.5.0 and before allows a local attacker to cause a denial of service via the Benchmark, PG_Sleep, DBMS_Lock.Sleep, Waitfor, DECODE, and DBMS_PIPE.RECEIVE_MESSAGE functions. | ||||
| CVE-2024-9460 | 2 Codezips, Online Shopping Portal Project | 2 Online Shopping Portal, Online Shopping Portal | 2024-10-08 | 7.3 High |
| A vulnerability was found in Codezips Online Shopping Portal 1.0. It has been classified as critical. Affected is an unknown function of the file index.php. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2020-35012 | 1 Pixelite | 1 Events Manager | 2024-10-08 | 7.2 High |
| The Events Manager WordPress plugin before 5.9.8 does not sanitise and escape a parameter before using it in a SQL statement, leading to an SQL Injection | ||||
| CVE-2024-9429 | 1 Code-projects | 1 Restaurant Reservation System | 2024-10-07 | 6.3 Medium |
| A vulnerability has been found in code-projects Restaurant Reservation System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /filter2.php. The manipulation of the argument from/to leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory only mentions the parameter "from" to be affected. But it must be assumed that parameter "to" is affected as well. | ||||
| CVE-2023-38839 | 1 Kidus | 1 Minimati | 2024-10-07 | 7.5 High |
| SQL injection vulnerability in Kidus Minimati v.1.0.0 allows a remote attacker to obtain sensitive information via theID parameter in the fulldelete.php component. | ||||
| CVE-2023-38890 | 1 Phpgurukul | 1 Online Shopping Portal | 2024-10-07 | 8.8 High |
| Online Shopping Portal Project 3.1 allows remote attackers to execute arbitrary SQL commands/queries via the login form, leading to unauthorized access and potential data manipulation. This vulnerability arises due to insufficient validation of user-supplied input in the username field, enabling SQL Injection attacks. | ||||