ReportizFlow
Filtered by vendor
Subscriptions
Total
16991 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-4940 | 1 1000projects | 1 Daily College Class Work Report Book | 2025-06-12 | 7.3 High |
| A vulnerability, which was classified as critical, has been found in 1000 Projects Daily College Class Work Report Book 1.0. This issue affects some unknown processing of the file /admin_info.php. The manipulation of the argument batch leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-26086 | 1 Rsiqueue | 1 Management System | 2025-06-12 | 7.5 High |
| An unauthenticated blind SQL injection vulnerability exists in RSI Queue Management System v3.0 within the TaskID parameter of the get request handler. Attackers can remotely inject time-delayed SQL payloads to induce server response delays, enabling time-based inference and iterative extraction of sensitive database contents without authentication. | ||||
| CVE-2025-5857 | 1 Fabianros | 1 Patient Record Management System | 2025-06-12 | 6.3 Medium |
| A vulnerability was found in code-projects Patient Record Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /urinalysis_record.php. The manipulation of the argument itr_no leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-32888 | 1 Aws | 1 Amazon-redshift-jdbc-driver | 2025-06-12 | 10 Critical |
| The Amazon JDBC Driver for Redshift is a Type 4 JDBC driver that provides database connectivity through the standard JDBC application program interfaces (APIs) available in the Java Platform, Enterprise Editions. Prior to version 2.1.0.28, SQL injection is possible when using the non-default connection property `preferQueryMode=simple` in combination with application code which has a vulnerable SQL that negates a parameter value. There is no vulnerability in the driver when using the default, extended query mode. Note that `preferQueryMode` is not a supported parameter in Redshift JDBC driver, and is inherited code from Postgres JDBC driver. Users who do not override default settings to utilize this unsupported query mode are not affected. This issue is patched in driver version 2.1.0.28. As a workaround, do not use the connection property `preferQueryMode=simple`. (NOTE: Those who do not explicitly specify a query mode use the default of extended query mode and are not affected by this issue.) | ||||
| CVE-2024-27289 | 2 Jackc, Redhat | 3 Pgx, Advanced Cluster Security, Openshift | 2025-06-12 | 8.1 High |
| pgx is a PostgreSQL driver and toolkit for Go. Prior to version 4.18.2, SQL injection can occur when all of the following conditions are met: the non-default simple protocol is used; a placeholder for a numeric value must be immediately preceded by a minus; there must be a second placeholder for a string value after the first placeholder; both must be on the same line; and both parameter values must be user-controlled. The problem is resolved in v4.18.2. As a workaround, do not use the simple protocol or do not place a minus directly before a placeholder. | ||||
| CVE-2025-31920 | 2025-06-12 | 8.5 High | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AmentoTech WP Guppy allows SQL Injection. This issue affects WP Guppy: from n/a through 4.3.3. | ||||
| CVE-2025-31059 | 2025-06-12 | 9.3 Critical | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in woobewoo WBW Product Table PRO allows SQL Injection. This issue affects WBW Product Table PRO: from n/a through 2.1.3. | ||||
| CVE-2025-24767 | 2025-06-12 | 9.3 Critical | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in facturaone TicketBAI Facturas para WooCommerce allows Blind SQL Injection. This issue affects TicketBAI Facturas para WooCommerce: from n/a through 3.19. | ||||
| CVE-2025-48141 | 2025-06-12 | 9.3 Critical | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Alex Zaytseff Multi CryptoCurrency Payments allows SQL Injection. This issue affects Multi CryptoCurrency Payments: from n/a through 2.0.3. | ||||
| CVE-2025-48122 | 2025-06-12 | 9.3 Critical | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Holest Engineering Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light allows SQL Injection. This issue affects Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light: from n/a through 2.4.37. | ||||
| CVE-2025-47608 | 2025-06-12 | 9.3 Critical | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in sonalsinha21 Recover abandoned cart for WooCommerce allows SQL Injection. This issue affects Recover abandoned cart for WooCommerce: from n/a through 2.5. | ||||
| CVE-2025-31424 | 2025-06-12 | 9.3 Critical | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in kamleshyadav WP Lead Capturing Pages allows Blind SQL Injection. This issue affects WP Lead Capturing Pages: from n/a through 2.3. | ||||
| CVE-2025-32466 | 2025-06-12 | N/A | ||
| A SQL injection vulnerability in RSMediaGallery! component 1.7.4 - 2.1.7 for Joomla was discovered. The issue occurs within the dashboard component, where user-supplied input is not properly sanitized before being stored and rendered. An attacker can inject malicious JavaScript code into text fields or other input points, which is subsequently executed in the browser of any user who clicks on the crafted text in the dashboard. | ||||
| CVE-2024-25308 | 1 Code-projects | 1 Simple School Management System | 2025-06-12 | 8.8 High |
| Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'name' parameter at School/teacher_login.php. | ||||
| CVE-2024-24029 | 1 Jfinalcms Project | 1 Jfinalcms | 2025-06-12 | 9.8 Critical |
| JFinalCMS 5.0.0 is vulnerable to SQL injection via /admin/content/data. | ||||
| CVE-2024-24013 | 1 Xxyopen | 1 Novel-plus | 2025-06-12 | 9.8 Critical |
| A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass crafted offset, limit, and sort parameters to perform SQL injection via /novel/pay/list | ||||
| CVE-2023-5693 | 1 Martmbithi | 1 Internet Banking System | 2025-06-12 | 6.3 Medium |
| A vulnerability was found in CodeAstro Internet Banking System 1.0 and classified as critical. This issue affects some unknown processing of the file pages_reset_pwd.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-243131. | ||||
| CVE-2023-5783 | 1 Tongda2000 | 1 Tongda Office Anywhere | 2025-06-12 | 6.3 Medium |
| A vulnerability has been found in Tongda OA 2017 up to 11.9 and classified as critical. Affected by this vulnerability is an unknown functionality of the file general/system/approve_center/flow_sort/flow/delete.php. The manipulation of the argument id/sort_parent leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-243589 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-5827 | 1 Cti Monitoring And Early Warning System Project | 1 Cti Monitoring And Early Warning System | 2025-06-12 | 5.5 Medium |
| A vulnerability was found in Shanghai CTI Navigation CTI Monitoring and Early Warning System 2.2. It has been classified as critical. This affects an unknown part of the file /Web/SysManage/UserEdit.aspx. The manipulation of the argument ID leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-243717 was assigned to this vulnerability. | ||||
| CVE-2023-29047 | 1 Open-xchange | 1 Open-xchange Appsuite | 2025-06-12 | 5.3 Medium |
| Imageconverter API endpoints provided methods that were not sufficiently validating and sanitizing client input, allowing to inject arbitrary SQL statements. An attacker with access to the adjacent network and potentially API credentials, could read and modify database content which is accessible to the imageconverter SQL user account. None No publicly available exploits are known. | ||||