ReportizFlow
Filtered by vendor
Subscriptions
Total
16949 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-9021 | 2 Oretnom23, Sourcecodester | 2 Online Bank Management System, Online Bank Management System | 2025-08-21 | 7.3 High |
| A vulnerability was determined in SourceCodester Online Bank Management System up to 1.0. This vulnerability affects unknown code of the file /bank/transfer.php. The manipulation of the argument email leads to sql injection. The attack can be initiated remotely. | ||||
| CVE-2025-9022 | 2 Oretnom23, Sourcecodester | 2 Online Bank Management System, Online Bank Management System | 2025-08-21 | 7.3 High |
| A vulnerability was identified in SourceCodester Online Bank Management System up to 1.0. This issue affects some unknown processing of the file /bank/statements.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remotely. | ||||
| CVE-2025-9024 | 1 Phpgurukul | 1 Beauty Parlour Management System | 2025-08-21 | 7.3 High |
| A vulnerability was found in PHPGurukul Beauty Parlour Management System 1.1. Affected by this vulnerability is an unknown functionality of the file /book-appointment.php. The manipulation of the argument Message leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-9025 | 2 Code-projects, Fabian | 2 Simple Cafe Ordering System, Simple Cafe Ordering System | 2025-08-21 | 6.3 Medium |
| A vulnerability was determined in code-projects Simple Cafe Ordering System 1.0. Affected by this issue is some unknown functionality of the file /portal.php. The manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-40735 | 1 Siemens | 2 Sinec-nms, Sinec Nms | 2025-08-21 | 8.8 High |
| A vulnerability has been identified in SINEC NMS (All versions < V4.0). The affected devices are vulnerable to SQL injection. This could allow an unauthenticated remote attacker to execute arbitrary SQL queries on the server database. | ||||
| CVE-2025-8973 | 2 Oretnom23, Sourcecodester | 2 Cashier Queuing System, Cashier Queuing System | 2025-08-21 | 7.3 High |
| A vulnerability has been found in SourceCodester Cashier Queuing System 1.0. Affected is an unknown function of the file /Actions.php. The manipulation of the argument Username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-8990 | 2 Anisha, Code-projects | 2 Online Medicine Guide, Online Medicine Guide | 2025-08-21 | 7.3 High |
| A vulnerability was determined in code-projects Online Medicine Guide 1.0. Affected is an unknown function of the file /browsemdcn.php. The manipulation of the argument Search leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-9011 | 1 Phpgurukul | 1 Online Shopping Portal Project | 2025-08-21 | 7.3 High |
| A vulnerability was determined in PHPGurukul Online Shopping Portal Project 2.0. Affected by this issue is some unknown functionality of the file /shopping/signup.php. The manipulation of the argument emailid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-9012 | 1 Phpgurukul | 1 Online Shopping Portal Project | 2025-08-21 | 7.3 High |
| A vulnerability was identified in PHPGurukul Online Shopping Portal Project 2.0. This affects an unknown part of the file shopping/bill-ship-addresses.php. The manipulation of the argument billingpincode leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-9013 | 1 Phpgurukul | 1 Online Shopping Portal Project | 2025-08-21 | 7.3 High |
| A vulnerability has been found in PHPGurukul Online Shopping Portal Project 2.0. This vulnerability affects unknown code of the file /shopping/password-recovery.php. The manipulation of the argument emailid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-50567 | 1 Saurus | 1 Saurus Cms | 2025-08-21 | 10 Critical |
| Saurus CMS Community Edition 4.7.1 contains a vulnerability in the custom DB::prepare() function, which uses preg_replace() with the deprecated /e (eval) modifier to interpolate SQL query parameters. This leads to injection of user-controlled SQL statements, potentially leading to arbitrary PHP code execution. | ||||
| CVE-2025-9150 | 1 Surbowl | 1 Dormitory-management-php | 2025-08-21 | 7.3 High |
| A vulnerability was identified in Surbowl dormitory-management-php up to 9f1d9d1f528cabffc66fda3652c56ff327fda317. Affected is an unknown function of the file /admin/violation_add.php?id=2. Such manipulation of the argument ID leads to sql injection. The attack may be performed from a remote location. The exploit is publicly available and might be used. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed. This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2025-54048 | 1 Wordpress | 1 Wordpress | 2025-08-21 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in miniOrange Custom API for WP allows SQL Injection. This issue affects Custom API for WP: from n/a through 4.2.2. | ||||
| CVE-2025-8914 | 1 Wellchoose | 1 Organization Portal System | 2025-08-21 | 6.5 Medium |
| Organization Portal System developed by WellChoose has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents. | ||||
| CVE-2025-54726 | 2025-08-20 | 9.3 Critical | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Miguel Useche JS Archive List allows SQL Injection. This issue affects JS Archive List: from n/a through n/a. | ||||
| CVE-2025-9148 | 2025-08-20 | 6.3 Medium | ||
| A vulnerability was found in CodePhiliaX Chat2DB up to 0.3.7. This affects an unknown function of the file ai/chat2db/server/web/api/controller/data/source/DataSourceController.java of the component JDBC Connection Handler. The manipulation results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-5765 | 1 A17lab | 1 Wpstickybar | 2025-08-20 | 9.8 Critical |
| The WpStickyBar WordPress plugin through 2.1.0 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection | ||||
| CVE-2022-21661 | 3 Debian, Fedoraproject, Wordpress | 3 Debian Linux, Fedora, Wordpress | 2025-08-19 | 8 High |
| WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Due to improper sanitization in WP_Query, there can be cases where SQL injection is possible through plugins or themes that use it in a certain way. This has been patched in WordPress version 5.8.3. Older affected versions are also fixed via security release, that go back till 3.7.37. We strongly recommend that you keep auto-updates enabled. There are no known workarounds for this vulnerability. | ||||
| CVE-2025-6230 | 1 Lenovo | 2 Commercial Vantage, Vantage | 2025-08-19 | 5.3 Medium |
| A SQL injection vulnerability was reported in Lenovo Vantage that could allow a local attacker to modify the local SQLite database and execute limited SQLite commands. | ||||
| CVE-2025-32829 | 1 Siemens | 1 Telecontrol Server Basic | 2025-08-19 | 8.8 High |
| A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'LockProjectCrossCommunications' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on. | ||||