ReportizFlow
Filtered by vendor
Subscriptions
Total
18633 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-55496 | 1 1000projects | 1 Bookstore Management System | 2025-05-02 | 9.1 Critical |
| A vulnerability has been found in the 1000projects Bookstore Management System PHP MySQL Project 1.0. This issue affects some unknown functionality of add_company.php. Actions on the delete parameter result in SQL injection. | ||||
| CVE-2024-48580 | 2 Mayurik, Php | 2 Best Courier Management System, Best Courier Management System | 2025-05-02 | 9.8 Critical |
| SQL Injection vulnerability in Best courier management system in php v.1.0 allows a remote attacker to execute arbitrary code via the email parameter of the login request. | ||||
| CVE-2024-48259 | 1 Magicbug | 1 Cloudlog | 2025-05-02 | 7.3 High |
| Cloudlog 2.6.15 allows Oqrs.php request_form SQL injection via station_id or callsign. | ||||
| CVE-2024-24407 | 1 Mayurik | 1 Best Courier Management System | 2025-05-02 | 5.3 Medium |
| SQL Injection vulnerability in Best Courier management system v.1.0 allows a remote attacker to obtain sensitive information via print_pdets.php component. | ||||
| CVE-2024-22983 | 1 Projectworlds | 2 Visitor Management System, Visitor Management System In Php | 2025-05-02 | 8.1 High |
| SQL injection vulnerability in Projectworlds Visitor Management System in PHP v.1.0 allows a remote attacker to escalate privileges via the name parameter in the myform.php endpoint. | ||||
| CVE-2025-25992 | 1 Feminer Wms Project | 1 Feminer Wms | 2025-05-02 | 5.1 Medium |
| SQL Injection vulnerability in FeMiner wms 1.0 allows a remote attacker to obtain sensitive information via the inquire_inout_item.php component. | ||||
| CVE-2025-25993 | 1 Feminer Wms Project | 1 Feminer Wms | 2025-05-02 | 5.1 Medium |
| SQL Injection vulnerability in FeMiner wms wms 1.0 allows a remote attacker to obtain sensitive information via the parameter "itemid." | ||||
| CVE-2025-25994 | 1 Feminer Wms Project | 1 Feminer Wms | 2025-05-02 | 7.5 High |
| SQL Injection vulnerability in FeMiner wms wms 1.0 allows a remote attacker to obtain sensitive information via the parameters date1, date2, id. | ||||
| CVE-2022-41259 | 1 Sap | 1 Sql Anywhere | 2025-05-02 | 6.5 Medium |
| SAP SQL Anywhere - version 17.0, allows an authenticated attacker to prevent legitimate users from accessing a SQL Anywhere database server by crashing the server with some queries that use an ARRAY constructor. | ||||
| CVE-2024-45757 | 2025-05-02 | 7.2 High | ||
| An issue was discovered in Centreon centreon-bam 24.04, 23.10, 23.04, and 22.10. SQL injection can occur in the user-settings form. Exploitation is only accessible to authenticated users with high-privileged access. | ||||
| CVE-2022-43227 | 1 Online Diagnostic Lab Management System Project | 1 Online Diagnostic Lab Management System | 2025-05-02 | 7.2 High |
| Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /odlms/admin/?page=appointments/view_appointment. | ||||
| CVE-2022-3494 | 1 Really-simple-plugins | 1 Complianz | 2025-05-01 | 8.8 High |
| The Complianz WordPress plugin before 6.3.4, and Complianz Premium WordPress plugin before 6.3.6 allow a translators to inject arbitrary SQL through an unsanitized translation. SQL can be injected through an infected translation file, or by a user with a translator role through translation plugins such as Loco Translate or WPML. | ||||
| CVE-2022-3481 | 1 Opmc | 1 Woocommerce Dropshipping | 2025-05-01 | 9.8 Critical |
| The WooCommerce Dropshipping WordPress plugin before 4.4 does not properly sanitise and escape a parameter before using it in a SQL statement via a REST endpoint available to unauthenticated users, leading to a SQL injection | ||||
| CVE-2022-41671 | 1 Schneider-electric | 2 Ecostruxure Operator Terminal Expert, Pro-face Blue | 2025-05-01 | 7 High |
| A CWE-89: Improper Neutralization of Special Elements used in SQL Command (‘SQL Injection’) vulnerability exists that allows adversaries with local user privileges to craft a malicious SQL query and execute as part of project migration which could result in execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1 or prior), Pro-face BLUE(V3.3 Hotfix1 or prior). | ||||
| CVE-2024-37376 | 1 Ivanti | 1 Endpoint Manager | 2025-05-01 | 7.2 High |
| SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | ||||
| CVE-2024-34784 | 1 Ivanti | 1 Endpoint Manager | 2025-05-01 | 7.2 High |
| SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | ||||
| CVE-2024-34782 | 1 Ivanti | 1 Endpoint Manager | 2025-05-01 | 7.2 High |
| SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | ||||
| CVE-2024-34781 | 1 Ivanti | 1 Endpoint Manager | 2025-05-01 | 7.2 High |
| SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | ||||
| CVE-2020-12507 | 1 Badgermeter | 1 Moni\ | 2025-05-01 | 8.8 High |
| In s::can moni::tools before version 4.2 an authenticated attacker could get full access to the database through SQL injection. This may result in loss of confidentiality, loss of integrity and DoS. | ||||
| CVE-2025-26200 | 1 Slims | 1 Senayan Library Management System | 2025-05-01 | 7.2 High |
| SQL injection in SLIMS v.9.6.1 allows a remote attacker to escalate privileges via the month parameter in the visitor_report_day.php component. | ||||