ReportizFlow
Filtered by vendor
Subscriptions
Total
18749 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-40486 | 2 Kashipara, Lopalopa | 2 Live Membership System, Live Membership System | 2025-04-28 | 9.8 Critical |
| A SQL injection vulnerability in "/index.php" of Kashipara Live Membership System v1.0 allows remote attackers to execute arbitrary SQL commands and bypass Login via the email or password Login parameters. | ||||
| CVE-2024-42994 | 1 Vtiger | 1 Vtiger Crm | 2025-04-28 | 7.2 High |
| VTiger CRM <= 8.1.0 does not properly sanitize user input before using it in a SQL statement, leading to a SQL Injection in the "CompanyDetails" operation of the "MailManager" module. | ||||
| CVE-2022-45535 | 1 Aerocms Project | 1 Aerocms | 2025-04-26 | 4.9 Medium |
| AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the edit parameter at \admin\categories.php. This vulnerability allows attackers to access database information. | ||||
| CVE-2022-45529 | 1 Aerocms Project | 1 Aerocms | 2025-04-26 | 4.9 Medium |
| AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the post_category_id parameter at \admin\includes\edit_post.php. This vulnerability allows attackers to access database information. | ||||
| CVE-2022-45331 | 1 Aerocms Project | 1 Aerocms | 2025-04-26 | 7.5 High |
| AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the p_id parameter at \post.php. This vulnerability allows attackers to access database information. | ||||
| CVE-2022-45330 | 1 Aerocms Project | 1 Aerocms | 2025-04-26 | 7.5 High |
| AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the Category parameter at \category.php. This vulnerability allows attackers to access database information. | ||||
| CVE-2022-44139 | 1 Apartment Visitors Management System Project | 1 Apartment Visitors Management System | 2025-04-26 | 9.8 Critical |
| Apartment Visitor Management System v1.0 is vulnerable to SQL Injection via /avms/index.php. | ||||
| CVE-2022-44120 | 1 Dedebiz | 1 Dedecmsv6 | 2025-04-26 | 9.8 Critical |
| dedecmdv6 6.1.9 is vulnerable to SQL Injection. via sys_sql_query.php. | ||||
| CVE-2022-36787 | 1 Webvendome Project | 1 Webvendome | 2025-04-25 | 9.8 Critical |
| webvendome - webvendome SQL Injection. SQL Injection in the Parameter " DocNumber" Request : Get Request : /webvendome/showfiles.aspx?jobnumber=nullDoc Number=HERE. | ||||
| CVE-2022-45278 | 1 Jizhicms | 1 Jizhicms | 2025-04-25 | 8.8 High |
| Jizhicms v2.3.3 was discovered to contain a SQL injection vulnerability via the /index.php/admins/Fields/get_fields.html component. | ||||
| CVE-2022-44399 | 1 Poultry Farm Management System Project | 1 Poultry Farm Management System | 2025-04-25 | 9.8 Critical |
| Poultry Farm Management System v1.0 contains a SQL injection vulnerability via the del parameter at /Redcock-Farm/farm/category.php. | ||||
| CVE-2022-44278 | 1 Sanitization Management System Project | 1 Sanitization Management System | 2025-04-25 | 7.2 High |
| Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/?page=user/manage_user&id=. | ||||
| CVE-2022-44140 | 1 Jizhicms | 1 Jizhicms | 2025-04-25 | 8.8 High |
| Jizhicms v2.3.3 was discovered to contain a SQL injection vulnerability via the /Member/memberedit.html component. | ||||
| CVE-2022-36193 | 1 Lahirudanushka | 1 School Management System | 2025-04-25 | 9.8 Critical |
| SQL injection in School Management System 1.0 allows remote attackers to modify or delete data, causing persistent changes to the application's content or behavior by using malicious SQL queries. | ||||
| CVE-2024-25469 | 1 Crmeb | 1 Crmeb Java | 2025-04-25 | 7.5 High |
| SQL Injection vulnerability in CRMEB crmeb_java v.1.3.4 and before allows a remote attacker to obtain sensitive information via the latitude and longitude parameters in the api/front/store/list component. | ||||
| CVE-2022-3848 | 1 Wp User Merger Project | 1 Wp User Merger | 2025-04-25 | 8.8 High |
| The WP User Merger WordPress plugin before 1.5.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as admin | ||||
| CVE-2022-42109 | 1 Online-shopping-system-advanced Project | 1 Online-shopping-system-advanced | 2025-04-25 | 9.8 Critical |
| Online-shopping-system-advanced 1.0 was discovered to contain a SQL injection vulnerability via the p parameter at /shopping/product.php. | ||||
| CVE-2022-45329 | 1 Aerocms Project | 1 Aerocms | 2025-04-25 | 7.5 High |
| AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the Search parameter. This vulnerability allows attackers to access database information. | ||||
| CVE-2022-3768 | 1 Wpsmartcontracts | 1 Wpsmartcontracts | 2025-04-25 | 8.8 High |
| The WPSmartContracts WordPress plugin before 1.3.12 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as author | ||||
| CVE-2022-3751 | 1 Owncast Project | 1 Owncast | 2025-04-25 | 9.8 Critical |
| SQL Injection in GitHub repository owncast/owncast prior to 0.0.13. | ||||