ReportizFlow
Filtered by vendor
Subscriptions
Total
18749 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-45019 | 1 Slims | 1 Senayan Library Management System | 2025-04-24 | 7.5 High |
| SLiMS 9 Bulian v9.5.0 was discovered to contain a SQL injection vulnerability via the keywords parameter. | ||||
| CVE-2022-44945 | 1 Rukovoditel | 1 Rukovoditel | 2025-04-24 | 9.8 Critical |
| Rukovoditel v3.2.1 was discovered to contain a SQL injection vulnerability via the heading_field_id parameter. | ||||
| CVE-2025-3690 | 1 Phpgurukul | 1 Men Salon Management System | 2025-04-24 | 7.3 High |
| A vulnerability was found in PHPGurukul Men Salon Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/edit-services.php. The manipulation of the argument cost leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-3684 | 1 Xianqi | 1 Kindergarten Management System | 2025-04-24 | 6.3 Medium |
| A vulnerability was found in Xianqi Kindergarten Management System 2.0 Bulid 20190808. It has been rated as critical. This issue affects some unknown processing of the file stu_list.php of the component Child Management. The manipulation of the argument sex leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | ||||
| CVE-2024-55238 | 1 Open-metadata | 1 Openmetadata | 2025-04-24 | 7.1 High |
| OpenMetadata <=1.4.1 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the WorkflowDAO interface. The workflowtype and status parameters can be used to build a SQL query. | ||||
| CVE-2025-0881 | 1 Codezips | 1 Gym Management System | 2025-04-24 | 6.3 Medium |
| A vulnerability was found in Codezips Gym Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /dashboard/admin/saveroutine.php. The manipulation of the argument rname leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-32841 | 1 Ivanti | 1 Endpoint Manager | 2025-04-24 | 7.2 High |
| SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | ||||
| CVE-2024-32839 | 1 Ivanti | 2 Endpoint Manager, Epm | 2025-04-24 | 7.2 High |
| SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | ||||
| CVE-2024-50330 | 1 Ivanti | 1 Endpoint Manager | 2025-04-24 | 9.8 Critical |
| SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote unauthenticated attacker to achieve remote code execution. | ||||
| CVE-2024-32844 | 1 Ivanti | 2 Endpoint Manager, Epm | 2025-04-24 | 7.2 High |
| SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | ||||
| CVE-2022-3710 | 1 Sophos | 2 Xg Firewall, Xg Firewall Firmware | 2025-04-24 | 2.7 Low |
| A post-auth read-only SQL injection vulnerability allows API clients to read non-sensitive configuration database contents in the API controller of Sophos Firewall releases older than version 19.5 GA. | ||||
| CVE-2020-25638 | 5 Debian, Hibernate, Oracle and 2 more | 15 Debian Linux, Hibernate Orm, Communications Cloud Native Core Console and 12 more | 2025-04-23 | 7.4 High |
| A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity. | ||||
| CVE-2024-34780 | 1 Ivanti | 1 Endpoint Manager | 2025-04-23 | 7.2 High |
| SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | ||||
| CVE-2022-21643 | 1 Useful Simple Open-source Cms Project | 1 Useful Simple Open-source Cms | 2025-04-23 | 10 Critical |
| USOC is an open source CMS with a focus on simplicity. In affected versions USOC allows for SQL injection via register.php. In particular usernames, email addresses, and passwords provided by the user were not sanitized and were used directly to construct a sql statement. Users are advised to upgrade as soon as possible. There are not workarounds for this issue. | ||||
| CVE-2022-21644 | 1 Useful Simple Open-source Cms Project | 1 Useful Simple Open-source Cms | 2025-04-23 | 9.1 Critical |
| USOC is an open source CMS with a focus on simplicity. In affected versions USOC allows for SQL injection via usersearch.php. In search terms provided by the user were not sanitized and were used directly to construct a sql statement. The only users permitted to search are site admins. Users are advised to upgrade as soon as possible. There are not workarounds for this issue. | ||||
| CVE-2022-21664 | 3 Debian, Fedoraproject, Wordpress | 3 Debian Linux, Fedora, Wordpress | 2025-04-23 | 7.4 High |
| WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Due to lack of proper sanitization in one of the classes, there's potential for unintended SQL queries to be executed. This has been patched in WordPress version 5.8.3. Older affected versions are also fixed via security release, that go back till 4.1.34. We strongly recommend that you keep auto-updates enabled. There are no known workarounds for this issue. | ||||
| CVE-2022-21666 | 1 Useful Simple Open-source Cms Project | 1 Useful Simple Open-source Cms | 2025-04-23 | 7.2 High |
| Useful Simple Open-Source CMS (USOC) is a content management system (CMS) for programmers. Versions prior to Pb2.4Bfx3 allowed Sql injection in usersearch.php only for users with administrative privileges. Users should replace the file `admin/pages/useredit.php` with a newer version. USOC version Pb2.4Bfx3 contains a fixed version of `admin/pages/useredit.php`. | ||||
| CVE-2021-43863 | 1 Nextcloud | 1 Nextcloud | 2025-04-23 | 7.5 High |
| The Nextcloud Android app is the Android client for Nextcloud, a self-hosted productivity platform. The Nextcloud Android app uses content providers to manage its data. Prior to version 3.18.1, the providers `FileContentProvider` and `DiskLruImageCacheFileProvider` have security issues (an SQL injection, and an insufficient permission control, respectively) that allow malicious apps in the same device to access Nextcloud's data bypassing the permission control system. Users should upgrade to version 3.18.1 to receive a patch. There are no known workarounds aside from upgrading. | ||||
| CVE-2025-26852 | 1 Descor | 1 Infocad | 2025-04-23 | 10 Critical |
| DESCOR INFOCAD 3.5.1 and before and fixed in v.3.5.2.0 allows SQL Injection. | ||||
| CVE-2022-24752 | 1 Sylius | 1 Syliusgridbundle | 2025-04-23 | 9.8 Critical |
| SyliusGridBundle is a package of generic data grids for Symfony applications. Prior to versions 1.10.1 and 1.11-rc2, values added at the end of query sorting were passed directly to the database. The maintainers do not know if this could lead to direct SQL injections but took steps to remediate the vulnerability. The issue is fixed in versions 1.10.1 and 1.11-rc2. As a workaround, overwrite the`Sylius\Component\Grid\Sorting\Sorter.php` class and register it in the container. More information about this workaround is available in the GitHub Security Advisory. | ||||