ReportizFlow
Filtered by vendor
Subscriptions
Total
18633 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-43350 | 1 Sanitization Management System Project | 1 Sanitization Management System | 2025-05-05 | 7.2 High |
| Sanitization Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /php-sms/classes/Master.php?f=delete_inquiry. | ||||
| CVE-2022-43052 | 1 Online Diagnostic Lab Management System Project | 1 Online Diagnostic Lab Management System | 2025-05-05 | 7.2 High |
| Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /odlms/classes/Users.php?f=delete. | ||||
| CVE-2022-43051 | 1 Online Diagnostic Lab Management System Project | 1 Online Diagnostic Lab Management System | 2025-05-05 | 7.2 High |
| Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /odlms/classes/Users.php?f=delete_test. | ||||
| CVE-2022-43049 | 1 Canteen Management System Project | 1 Canteen Management System | 2025-05-05 | 7.2 High |
| Canteen Management System Project v1.0 was discovered to contain a SQL injection vulnerability via the component /youthappam/add-food.php. | ||||
| CVE-2022-42990 | 1 Oretnom23 | 1 Food Ordering Management System | 2025-05-05 | 7.2 High |
| Food Ordering Management System v1.0 was discovered to contain a SQL injection vulnerability via the component /foms/all-orders.php?status=Cancelled%20by%20Customer. | ||||
| CVE-2020-20122 | 1 Wuzhicms | 1 Wuzhicms | 2025-05-05 | 9.8 Critical |
| Wuzhi CMS v4.1 contains a SQL injection vulnerability in the checktitle() function in /coreframe/app/content/admin/content.php. | ||||
| CVE-2022-27431 | 1 Wuzhicms | 1 Wuzhicms | 2025-05-05 | 9.8 Critical |
| Wuzhicms v4.1.0 was discovered to contain a SQL injection vulnerability via the groupid parameter at /coreframe/app/member/admin/group.php. | ||||
| CVE-2018-11528 | 1 Wuzhicms | 1 Wuzhicms | 2025-05-05 | N/A |
| WUZHI CMS 4.1.0 has SQL Injection via an api/sms_check.php?param= URI. | ||||
| CVE-2024-25288 | 2 Slims, Slims Project | 2 Senayan Library Management System, Slims | 2025-05-05 | 4.9 Medium |
| SLIMS (Senayan Library Management Systems) 9 Bulian v9.6.1 is vulnerable to SQL Injection via pop-scope-vocabolary.php. | ||||
| CVE-2022-21720 | 1 Glpi-project | 1 Glpi | 2025-05-05 | 4.9 Medium |
| GLPI is a free asset and IT management software package. Prior to version 9.5.7, an entity administrator is capable of retrieving normally inaccessible data via SQL injection. Version 9.5.7 contains a patch for this issue. As a workaround, disabling the `Entities` update right prevents exploitation of this vulnerability. | ||||
| CVE-2021-38324 | 1 Smartypantsplugins | 1 Sp Rental Manager | 2025-05-05 | 8.2 High |
| The SP Rental Manager WordPress plugin is vulnerable to SQL Injection via the orderby parameter found in the ~/user/shortcodes.php file which allows attackers to retrieve information contained in a site's database, in versions up to and including 1.5.3. | ||||
| CVE-2023-27167 | 1 Supremainc | 1 Biostar 2 | 2025-05-05 | 6.5 Medium |
| Suprema BioStar 2 v2.8.16 was discovered to contain a SQL injection vulnerability via the values parameter at /users/absence?search_month=1. | ||||
| CVE-2022-46908 | 1 Sqlite | 1 Sqlite | 2025-05-05 | 7.3 High |
| SQLite through 3.40.0, when relying on --safe for execution of an untrusted CLI script, does not properly implement the azProhibitedFunctions protection mechanism, and instead allows UDF functions such as WRITEFILE. | ||||
| CVE-2022-43126 | 1 Online Diagnostic Lab Management System Project | 1 Online Diagnostic Lab Management System | 2025-05-05 | 7.2 High |
| Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/tests/manage_test.php. | ||||
| CVE-2022-43125 | 1 Online Diagnostic Lab Management System Project | 1 Online Diagnostic Lab Management System | 2025-05-05 | 7.2 High |
| Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /appointments/manage_appointment.php. | ||||
| CVE-2022-43124 | 1 Online Diagnostic Lab Management System Project | 1 Online Diagnostic Lab Management System | 2025-05-05 | 7.2 High |
| Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/?page=user/manage_user. | ||||
| CVE-2022-43086 | 1 Codeastro | 1 Restaurant Pos System | 2025-05-05 | 4.9 Medium |
| Restaurant POS System v1.0 was discovered to contain a SQL injection vulnerability via update_customer.php. | ||||
| CVE-2025-0410 | 1 Liujianview | 1 Gymxmjpa | 2025-05-05 | 6.3 Medium |
| A vulnerability classified as critical was found in liujianview gymxmjpa 1.0. This vulnerability affects the function MenberDaoInpl of the file src/main/java/com/liujian/gymxmjpa/controller/MenberConntroller.java. The manipulation of the argument hyname leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-0409 | 1 Liujianview | 1 Gymxmjpa | 2025-05-05 | 6.3 Medium |
| A vulnerability classified as critical has been found in liujianview gymxmjpa 1.0. This affects the function MembertypeDaoImpl of the file src/main/java/com/liujian/gymxmjpa/controller/MembertypeController.java. The manipulation of the argument typeName leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-0408 | 1 Liujianview | 1 Gymxmjpa | 2025-05-05 | 6.3 Medium |
| A vulnerability was found in liujianview gymxmjpa 1.0. It has been rated as critical. Affected by this issue is the function LoosDaoImpl of the file src/main/java/com/liujian/gymxmjpa/controller/LoosController.java. The manipulation of the argument loosName leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||