ReportizFlow
Filtered by vendor
Subscriptions
Total
16987 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-50864 | 1 Kashipara | 1 Travel Website | 2025-06-17 | 9.8 Critical |
| Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'hotelId' parameter of the hotelDetails.php resource does not validate the characters received and they are sent unfiltered to the database. | ||||
| CVE-2023-50863 | 1 Kashipara | 1 Travel Website | 2025-06-17 | 9.8 Critical |
| Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'hotelIDHidden' parameter of the generateReceipt.php resource does not validate the characters received and they are sent unfiltered to the database. | ||||
| CVE-2023-50862 | 1 Kashipara | 1 Travel Website | 2025-06-17 | 9.8 Critical |
| Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'hotelIDHidden' parameter of the booking.php resource does not validate the characters received and they are sent unfiltered to the database. | ||||
| CVE-2023-49666 | 1 Kashipara | 1 Billing System | 2025-06-17 | 9.8 Critical |
| Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'custmer_details' parameter of the submit_material_list.php resource does not validate the characters received and they are sent unfiltered to the database. | ||||
| CVE-2023-49665 | 1 Kashipara | 1 Billing Software | 2025-06-17 | 9.8 Critical |
| Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'quantity[]' parameter of the submit_delivery_list.php resource does not validate the characters received and they are sent unfiltered to the database. | ||||
| CVE-2023-49658 | 1 Kashipara | 1 Billing Software | 2025-06-17 | 9.8 Critical |
| Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'bank_details' parameter of the party_submit.php resource does not validate the characters received and they are sent unfiltered to the database. | ||||
| CVE-2023-49639 | 1 Kashipara | 1 Billing Software | 2025-06-17 | 9.8 Critical |
| Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'customer_details' parameter of the buyer_invoice_submit.php resource does not validate the characters received and they are sent unfiltered to the database. | ||||
| CVE-2023-49633 | 1 Kashipara | 1 Billing Software | 2025-06-17 | 9.8 Critical |
| Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'buyer_address' parameter of the buyer_detail_submit.php resource does not validate the characters received and they are sent unfiltered to the database. | ||||
| CVE-2023-49625 | 1 Kashipara | 1 Billing Software | 2025-06-17 | 9.8 Critical |
| Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'id' parameter of the partylist_edit_submit.php resource does not validate the characters received and they are sent unfiltered to the database. | ||||
| CVE-2023-49624 | 1 Kashipara | 1 Billing Software | 2025-06-17 | 9.8 Critical |
| Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'cancelid' parameter of the material_bill.php resource does not validate the characters received and they are sent unfiltered to the database. | ||||
| CVE-2023-49622 | 1 Kashipara | 1 Billing Software | 2025-06-17 | 9.8 Critical |
| Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'itemnameid' parameter of the material_bill.php?action=itemRelation resource does not validate the characters received and they are sent unfiltered to the database. | ||||
| CVE-2024-42564 | 2 Entab, Jerryhanjj | 2 Erp, Erp | 2025-06-17 | 7.6 High |
| ERP commit 44bd04 was discovered to contain a SQL injection vulnerability via the id parameter at /index.php/basedata/inventory/delete?action=delete. | ||||
| CVE-2024-32369 | 2 Hsc, Hsclabs | 2 Mailinspector, Mailinspector | 2025-06-17 | 4.3 Medium |
| SQL Injection vulnerability in HSC Cybersecurity HC Mailinspector 5.2.17-3 through 5.2.18 allows a remote attacker to obtain sensitive information via a crafted payload to the start and limit parameter in the mliWhiteList.php component. | ||||
| CVE-2024-25309 | 1 Code-projects | 1 Simple School Management System | 2025-06-17 | 8.8 High |
| Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'pass' parameter at School/teacher_login.php. | ||||
| CVE-2022-1807 | 1 Sophos | 1 Firewall | 2025-06-17 | 7.2 High |
| Multiple SQLi vulnerabilities in Webadmin allow for privilege escalation from admin to super-admin in Sophos Firewall older than version 18.5 MR4 and version 19.0 MR1. | ||||
| CVE-2024-42565 | 1 Jerryhanjj | 1 Erp | 2025-06-17 | 9.8 Critical |
| ERP commit 44bd04 was discovered to contain a SQL injection vulnerability via the id parameter at /index.php/basedata/contact/delete?action=delete. | ||||
| CVE-2025-45818 | 1 Slims | 1 Senayan Library Management System Bulian | 2025-06-17 | 6.5 Medium |
| Slims (Senayan Library Management Systems) 9 Bulian 9.6.1 is vulnerable to SQL Injection in admin/modules/master_file/item_status.php. | ||||
| CVE-2025-45819 | 1 Slims | 1 Senayan Library Management System Bulian | 2025-06-17 | 6.5 Medium |
| Slims (Senayan Library Management Systems) 9 Bulian 9.6.1 is vulnerable to SQL Injection in admin/modules/master_file/author.php. | ||||
| CVE-2025-45820 | 1 Slims | 1 Senayan Library Management System Bulian | 2025-06-17 | 6.5 Medium |
| Slims (Senayan Library Management Systems) 9 Bulian 9.6.1 is vulnerable to SQL Injection in admin/modules/bibliography/pop_author_edit.php. | ||||
| CVE-2024-28294 | 1 Limbas | 1 Limbas | 2025-06-17 | 6.5 Medium |
| Limbas up to v5.2.14 was discovered to contain a SQL injection vulnerability via the ftid parameter. | ||||