Search Results (37538 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-36874 2 Razormist, Sourcecodester 2 Basic Library System, Basic Library System 2026-04-15 2.7 Low
Sourcecodester Basic Library System v1.0 is vulnerable to SQL Injection in /librarysystem/load_student.php.
CVE-2026-36946 2 Oretnom23, Sourcecodester 2 Computer And Mobile Repair Shop Management System, Computer And Mobile Repair Shop Management System 2026-04-15 2.7 Low
Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerable to SQL injection in the file /rsms/admin/inquiries/view_details.php.
CVE-2026-36947 2 Oretnom23, Sourcecodester 2 Computer And Mobile Repair Shop Management System, Computer And Mobile Repair Shop Management System 2026-04-15 2.7 Low
Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerable to SQL Injection in the file /rsms/admin/services/view_service.php.
CVE-2026-36922 2 Oretnom23, Sourcecodester 2 Cab Management System, Cab Management System 2026-04-15 2.7 Low
Sourcecodester Cab Management System v1.0 is vulnerable to SQL injection in the file /cms/admin/categories/view_category.php.
CVE-2026-36923 2 Oretnom23, Sourcecodester 2 Cab Management System, Cab Management System 2026-04-15 2.7 Low
Sourcecodester Cab Management System 1.0 is vulnerable to SQL Injection in the file /cms/admin/bookings/view_booking.php.
CVE-2019-25635 1 Zeeways 2 Matrimony Cms, Zeeways Matrimony Cms 2026-04-15 8.2 High
Zeeways Matrimony CMS contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries through the profile_list endpoint. Attackers can inject SQL code via the up_cast, s_mother, and s_religion parameters to extract sensitive database information using time-based or error-based techniques.
CVE-2019-16738 3 Debian, Fedoraproject, Mediawiki 3 Debian Linux, Fedora, Mediawiki 2026-04-15 5.3 Medium
In MediaWiki through 1.33.0, Special:Redirect allows information disclosure of suppressed usernames via a User ID Lookup.
CVE-2018-11802 1 Apache 1 Solr 2026-04-15 4.3 Medium
In Apache Solr, the cluster can be partitioned into multiple collections and only a subset of nodes actually host any given collection. However, if a node receives a request for a collection it does not host, it proxies the request to a relevant node and serves the request. Solr bypasses all authorization settings for such requests. This affects all Solr versions prior to 7.7 that use the default authorization mechanism of Solr (RuleBasedAuthorizationPlugin).
CVE-2025-15445 2 Restaurant Cafeteria, Wordpress 2 Restaurant Cafeteria, Wordpress 2026-04-15 5.4 Medium
The Restaurant Cafeteria WordPress theme through 0.4.6 exposes insecure admin-ajax actions without nonce or capability checks, allowing any logged-in user, like subscriber, to perform privileged operations. An attacker can install and activate a from a user-supplied URL, leading to arbitrary PHP code execution, and also import demo content that rewrites site configuration, including Restaurant Cafeteria WordPress theme through 0.4.6_mods, pages, menus, and front page settings.
CVE-2025-15441 2 10web, Wordpress 2 Form Maker, Wordpress 2026-04-15 6.8 Medium
The Form Maker by 10Web WordPress plugin before 1.15.38 does not properly prepare SQL queries when the "MySQL Mapping" feature is in use, which could make SQL Injection attacks possible in certain contexts.
CVE-2026-3830 2 Wbw, Wordpress 2 Product Filter For Woocommerce, Wordpress 2026-04-15 8.6 High
The Product Filter for WooCommerce by WBW WordPress plugin before 3.1.3 does not sanitize and escape a parameter before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks
CVE-2025-15473 2 Timetics, Wordpress 2 Timetics, Wordpress 2026-04-15 4.3 Medium
The Timetics WordPress plugin before 1.0.52 does not have authorization in a REST endpoint, allowing unauthenticated users to arbitrarily change a booking's payment status and post status for the "timetics-booking" custom post type.
CVE-2018-25257 1 Adianti 1 Adianti Framework 2026-04-15 7.1 High
Adianti Framework 5.5.0 and 5.6.0 contains an SQL injection vulnerability that allows authenticated users to manipulate database queries by injecting SQL code through the name field in SystemProfileForm. Attackers can submit crafted SQL statements in the profile edit endpoint to modify user credentials and gain administrative access.
CVE-2019-25639 1 Matri4web 1 Matrimony Website Script 2026-04-15 8.2 High
Matrimony Website Script M-Plus contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries by injecting SQL code through various POST parameters. Attackers can inject malicious SQL payloads into parameters like txtGender, religion, Fage, and cboCountry across simplesearch_results.php, advsearch_results.php, specialcase_results.php, locational_results.php, and registration2.php to extract sensitive database information or execute arbitrary SQL commands.
CVE-2019-25641 1 Netartmedia 1 Vlog System 2026-04-15 8.2 High
Netartmedia Vlog System contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the email parameter. Attackers can send POST requests to index.php with malicious email values in the forgotten_password module to extract sensitive database information.
CVE-2023-54359 2 Adivaha, Wordpress 2 Wordpress Adivaha Travel Plugin, Wordpress 2026-04-15 8.2 High
WordPress adivaha Travel Plugin 2.3 contains a time-based blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'pid' GET parameter. Attackers can send requests to the /mobile-app/v3/ endpoint with crafted 'pid' values using XOR-based payloads to extract sensitive database information or cause denial of service.
CVE-2019-25638 1 Meeplace 1 Meeplace Business Review Script 2026-04-15 7.1 High
Meeplace Business Review Script contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to the addclick.php endpoint with crafted SQL payloads in the 'id' parameter to extract sensitive database information or cause denial of service.
CVE-2019-25473 1 Softwebinternational 1 Clinic Pro 2026-04-15 7.1 High
Clinic Pro contains a SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the month parameter. Attackers can send POST requests to the monthly_expense_overview endpoint with crafted month values using boolean-based blind, time-based blind, or error-based SQL injection techniques to extract sensitive database information.
CVE-2019-25530 1 Hotel-booking-script 1 Uhotelbooking System 2026-04-15 8.2 High
uHotelBooking System contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the system_page GET parameter. Attackers can send crafted requests to index.php with malicious system_page values using time-based blind SQL injection techniques to extract sensitive database information.
CVE-2019-25532 1 Netartmedia 1 Jobs Portal 2026-04-15 8.2 High
Netartmedia Jobs Portal 6.1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the Email parameter. Attackers can send POST requests to loginaction.php with crafted SQL payloads in the Email field to extract sensitive database information or bypass authentication.