ReportizFlow
Filtered by vendor
Subscriptions
Total
18633 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-5269 | 1 Powie | 1 Psys | 2025-04-09 | N/A |
| SQL injection vulnerability in index.php in pSys 0.7.0 alpha allows remote attackers to execute arbitrary SQL commands via the shownews parameter. | ||||
| CVE-2008-2917 | 1 Preprojects | 1 E-smart Cart | 2025-04-09 | N/A |
| SQL injection vulnerability in productsofcat.asp in E-SMART CART allows remote attackers to execute arbitrary SQL commands via the category_id parameter. | ||||
| CVE-2008-1053 | 1 Phpnuke | 1 Kose Yazilari Module | 2025-04-09 | N/A |
| Multiple SQL injection vulnerabilities in the Kose_Yazilari module for PHP-Nuke allow remote attackers to execute arbitrary SQL commands via the artid parameter in a (1) viewarticle or (2) printpage action to modules.php. | ||||
| CVE-2008-5190 | 1 Eshop100 | 1 Eshop100 | 2025-04-09 | N/A |
| SQL injection vulnerability in index.php in eSHOP100 allows remote attackers to execute arbitrary SQL commands via the SUB parameter. | ||||
| CVE-2009-4551 | 1 Intesync | 1 Miniweb | 2025-04-09 | N/A |
| SQL injection vulnerability in the Survey Pro module for Miniweb 2.0 allows remote attackers to execute arbitrary SQL commands via the campaign_id parameter in a results action to index.php. | ||||
| CVE-2008-5196 | 1 Php-fusion | 2 Php-fusion, The Kroax Module | 2025-04-09 | N/A |
| SQL injection vulnerability in kroax.php in the Kroax (the_kroax) 4.42 and earlier module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the category parameter. | ||||
| CVE-2009-4560 | 1 Worms-league | 1 Webleague | 2025-04-09 | N/A |
| SQL injection vulnerability in profile.php in WebLeague 2.2.0 allows remote attackers to execute arbitrary SQL commands via the name parameter. | ||||
| CVE-2008-5198 | 1 Vizzed | 1 Acmlmboard | 2025-04-09 | N/A |
| SQL injection vulnerability in memberlist.php in Acmlmboard 1.A2 allows remote attackers to execute arbitrary SQL commands via the pow parameter. | ||||
| CVE-2008-5200 | 2 Joomla, Mambo | 3 Com Xewebtv, Joomla, Mambo | 2025-04-09 | N/A |
| SQL injection vulnerability in the Xe webtv (com_xewebtv) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php. | ||||
| CVE-2008-5212 | 1 Aj Square | 1 Aj Auction | 2025-04-09 | N/A |
| SQL injection vulnerability in classifide_ad.php in AJ Auction 6.2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the item_id parameter. | ||||
| CVE-2008-5216 | 1 Aj Square | 1 Zeuscart | 2025-04-09 | N/A |
| SQL injection vulnerability in category_list.php in AJ Square ZeusCart 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the cid parameter. | ||||
| CVE-2022-41703 | 1 Apache | 1 Superset | 2025-04-09 | 5.4 Medium |
| A vulnerability in the SQL Alchemy connector of Apache Superset allows an authenticated user with read access to a specific database to add subqueries to the WHERE and HAVING fields referencing tables on the same database that the user should not have access to, despite the user having the feature flag "ALLOW_ADHOC_SUBQUERY" disabled (default value). This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0. | ||||
| CVE-2025-3170 | 1 Projectworlds | 1 Online Lawyer Management System | 2025-04-08 | 7.3 High |
| A vulnerability classified as critical has been found in Project Worlds Online Lawyer Management System 1.0. This affects an unknown part of the file /admin_user.php. The manipulation of the argument block_id/unblock_id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-30243 | 2025-04-08 | 8.5 High | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tomas WordPress Tooltips.This issue affects WordPress Tooltips: from n/a before 9.4.5. | ||||
| CVE-2025-3171 | 1 Projectworlds | 1 Online Lawyer Management System | 2025-04-08 | 7.3 High |
| A vulnerability classified as critical was found in Project Worlds Online Lawyer Management System 1.0. This vulnerability affects unknown code of the file /approve_lawyer.php. The manipulation of the argument unblock_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2016-15012 | 1 Salesforce | 1 Mobile Software Development Kit | 2025-04-08 | 5.5 Medium |
| ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in forcedotcom SalesforceMobileSDK-Windows up to 4.x. It has been rated as critical. This issue affects the function ComputeCountSql of the file SalesforceSDK/SmartStore/Store/QuerySpec.cs. The manipulation leads to sql injection. Upgrading to version 5.0.0 is able to address this issue. The patch is named 83b3e91e0c1e84873a6d3ca3c5887eb5b4f5a3d8. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217619. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2024-22611 | 1 Open-emr | 1 Openemr | 2025-04-08 | 9.8 Critical |
| OpenEMR 7.0.2 is vulnerable to SQL Injection via \openemr\library\classes\Pharmacy.class.php, \controllers\C_Pharmacy.class.php and \openemr\controller.php. | ||||
| CVE-2025-29647 | 1 Seacms | 1 Seacms | 2025-04-08 | 9.8 Critical |
| SeaCMS v13.3 has a SQL injection vulnerability in the component admin_tempvideo.php. | ||||
| CVE-2025-3318 | 1 Kennifrog | 1 Company Financial Management System | 2025-04-08 | 6.3 Medium |
| A vulnerability classified as critical was found in Kenj_Frog 肯尼基蛙 company-financial-management 公司财务管理系统 1.0. Affected by this vulnerability is the function page of the file src/main/java/com/controller/ShangpinleixingController.java. The manipulation of the argument sort leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. | ||||
| CVE-2025-3178 | 1 Projectworlds | 1 Doctor Appointment System | 2025-04-08 | 7.3 High |
| A vulnerability was found in projectworlds Online Doctor Appointment Booking System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /doctor/deleteappointment.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||