Total
12970 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-43966 | 1 Starkdigital | 1 Wp Testimonial Widget | 2024-11-08 | 7.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Stark Digital WP Testimonial Widget.This issue affects WP Testimonial Widget: from n/a through 3.1. | ||||
| CVE-2021-40129 | 1 Cisco | 1 Common Services Platform Collector | 2024-11-07 | 4.9 Medium |
| A vulnerability in the configuration dashboard of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to submit a SQL query through the CSPC configuration dashboard. This vulnerability is due to insufficient input validation of uploaded files. An attacker could exploit this vulnerability by uploading a file containing a SQL query to the configuration dashboard. A successful exploit could allow the attacker to read restricted information from the CSPC SQL database. | ||||
| CVE-2024-24014 | 1 Xxyopen | 1 Novel-plus | 2024-11-07 | 9.8 Critical |
| A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass crafted offset, limit, and sort parameters to perform SQL injection via /novel/author/list | ||||
| CVE-2023-6677 | 1 Oduyo | 1 Online Collection | 2024-11-07 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Oduyo Financial Technology Online Collection allows SQL Injection.This issue affects Online Collection: before v.1.0.2. | ||||
| CVE-2023-37627 | 1 Code-projects | 1 Online Restaurant Management System | 2024-11-07 | 9.8 Critical |
| Code-projects Online Restaurant Management System 1.0 is vulnerable to SQL Injection. Through SQL injection, an attacker can bypass the admin panel and view order records, add items, delete items etc. | ||||
| CVE-2023-37628 | 1 Simple Online Piggery Management System Project | 1 Simple Online Piggery Management System | 2024-11-07 | 9.8 Critical |
| Online Piggery Management System 1.0 is vulnerable to SQL Injection. | ||||
| CVE-2023-41015 | 2024-11-07 | 5.5 Medium | ||
| code-projects.org Online Job Portal 1.0 is vulnerable to SQL Injection via /Employer/DeleteJob.php?JobId=1. | ||||
| CVE-2024-10335 | 2 Sadat, Sourcecodester | 2 Garbage Collection Management System, Garbage Collection Management System | 2024-11-07 | 7.3 High |
| A vulnerability was found in SourceCodester Garbage Collection Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file login.php. The manipulation of the argument username/password leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory only mentions the parameter "username" to be affected. But it must be assumed that the parameter "password" is affected as well. | ||||
| CVE-2024-10336 | 2 Clothes Recommendation System Project, Sourcecodehero | 2 Clothes Recommendation System, Clothes Recommendation System | 2024-11-07 | 7.3 High |
| A vulnerability was found in SourceCodeHero Clothes Recommendation System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/index.php of the component Admin Login Page. The manipulation of the argument t1 leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-22719 | 1 Formtools | 1 Form Tools | 2024-11-07 | 8.1 High |
| SQL Injection vulnerability in Form Tools 3.1.1 allows attackers to run arbitrary SQL commands via the 'keyword' when searching for a client. | ||||
| CVE-2023-3396 | 1 Retro Cellphone Online Store Project | 1 Retro Cellphone Online Store | 2024-11-07 | 6.3 Medium |
| A vulnerability was found in Campcodes Retro Cellphone Online Store 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/index.php. The manipulation of the argument username/password leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-232351. | ||||
| CVE-2024-8924 | 1 Servicenow | 1 Servicenow | 2024-11-07 | 7.5 High |
| ServiceNow has addressed a blind SQL injection vulnerability that was identified in the Now Platform. This vulnerability could enable an unauthenticated user to extract unauthorized information. ServiceNow deployed an update to hosted instances, and ServiceNow provided the update to our partners and self-hosted customers. Further, the vulnerability is addressed in the listed patches and hot fixes. | ||||
| CVE-2024-10805 | 2 Anisha, Code-projects | 2 University Event Management System, University Event Management System | 2024-11-07 | 6.3 Medium |
| A vulnerability was found in code-projects University Event Management System 1.0. It has been classified as critical. This affects an unknown part of the file doedit.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory mentions a confusing product name to be affected. Other parameters might be affected as well. | ||||
| CVE-2023-2852 | 1 Softmedyazilim | 1 Selfpatron | 2024-11-07 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Softmed SelfPatron allows SQL Injection.This issue affects SelfPatron : before 2.0. | ||||
| CVE-2023-2046 | 1 Yontemizleme | 1 Vehicle Tracking System | 2024-11-07 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Yontem Informatics Vehicle Tracking System allows SQL Injection.This issue affects Vehicle Tracking System: before 8. | ||||
| CVE-2023-37196 | 1 Schneider-electric | 1 Struxureware Data Center Expert | 2024-11-07 | 8.8 High |
| A CWE-89: Improper Neutralization of Special Elements vulnerability used in an SQL Command ('SQL Injection') vulnerability exists that could allow a user already authenticated on DCE to access unauthorized content, change, or delete content, or perform unauthorized actions when tampering with the alert settings of endpoints on DCE. | ||||
| CVE-2023-37197 | 1 Schneider-electric | 1 Struxureware Data Center Expert | 2024-11-07 | 8.8 High |
| A CWE-89: Improper Neutralization of Special Elements vulnerability used in an SQL Command ('SQL Injection') vulnerability exists that could allow a user already authenticated on DCE to access unauthorized content, change, or delete content, or perform unauthorized actions when tampering with the mass configuration settings of endpoints on DCE. | ||||
| CVE-2024-35548 | 2024-11-07 | 5.4 Medium | ||
| A SQL injection vulnerability in Mybatis plus versions below 3.5.6 allows remote attackers to obtain database information via a Boolean blind injection. NOTE: the vendor's position is that this can only occur in a misconfigured application; the documentation discusses how to develop applications that avoid SQL injection. | ||||
| CVE-2024-36485 | 1 Zohocorp | 1 Manageengine Adaudit Plus | 2024-11-07 | 8.3 High |
| Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to SQL Injection in Technician reports option. | ||||
| CVE-2024-24099 | 2024-11-07 | 5.4 Medium | ||
| Code-projects Scholars Tracking System 1.0 is vulnerable to SQL Injection under Employment Status Information Update. | ||||