Total
18847 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-0651 | 1 Veronalabs | 1 Wp Statistics | 2025-01-31 | 9.8 Critical |
| The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the current_page_type parameter found in the ~/includes/class-wp-statistics-hits.php file which allows attackers without authentication to inject arbitrary SQL queries to obtain sensitive information, in versions up to and including 13.1.5. | ||||
| CVE-2022-25149 | 1 Veronalabs | 1 Wp Statistics | 2025-01-31 | 9.8 Critical |
| The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the IP parameter found in the ~/includes/class-wp-statistics-hits.php file which allows attackers without authentication to inject arbitrary SQL queries to obtain sensitive information, in versions up to and including 13.1.5. | ||||
| CVE-2023-30849 | 1 Pimcore | 1 Pimcore | 2025-01-31 | 8.8 High |
| Pimcore is an open source data and experience management platform. Prior to version 10.5.21, A SQL injection vulnerability exists in the translation export API. Users should update to version 10.5.21 to receive a patch or, as a workaround, or apply the patch manually. | ||||
| CVE-2023-26781 | 1 Chshcms | 1 Mccms | 2025-01-31 | 9.8 Critical |
| SQL injection vulnerability in mccms 2.6 allows remote attackers to run arbitrary SQL commands via Author Center ->Reader Comments ->Search. | ||||
| CVE-2024-35278 | 1 Fortinet | 1 Fortiportal | 2025-01-31 | 4.1 Medium |
| A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiPortal versions 7.2.4 through 7.2.0 and 7.0.0 through 7.2.8 may allow an authenticated attacker to view the SQL query being run server-side when submitting an HTTP request, via including special elements in said request. | ||||
| CVE-2025-24793 | 2025-01-31 | 7 High | ||
| The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Snowflake discovered and remediated a vulnerability in the Snowflake Connector for Python. A function from the snowflake.connector.pandas_tools module is vulnerable to SQL injection. This vulnerability affects versions 2.2.5 through 3.13.0. Snowflake fixed the issue in version 3.13.1. | ||||
| CVE-2024-35275 | 1 Fortinet | 4 Fortianalyzer, Fortianalyzer Cloud, Fortimanager and 1 more | 2025-01-31 | 6.5 Medium |
| A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiAnalyzer version 7.4.0 through 7.4.2, FortiManager version 7.4.0 through 7.4.2 allows attacker to escalation of privilege via specially crafted http requests. | ||||
| CVE-2023-33361 | 1 Piwigo | 1 Piwigo | 2025-01-31 | 9.8 Critical |
| Piwigo 13.6.0 is vulnerable to SQL Injection via /admin/permalinks.php. | ||||
| CVE-2023-33338 | 1 Phpgurukul | 1 Old Age Home Management System | 2025-01-31 | 9.8 Critical |
| Old Age Home Management 1.0 is vulnerable to SQL Injection via the username parameter. | ||||
| CVE-2023-30149 | 2 Ebewe, Prestashop | 2 City Autocomplete, Prestashop | 2025-01-31 | 9.8 Critical |
| SQL injection vulnerability in the City Autocomplete (cityautocomplete) module from ebewe.net for PrestaShop, prior to version 1.8.12 (for PrestaShop version 1.5/1.6) or prior to 2.0.3 (for PrestaShop version 1.7), allows remote attackers to execute arbitrary SQL commands via the type, input_name. or q parameter in the autocompletion.php front controller. | ||||
| CVE-2023-31615 | 1 Openlinksw | 1 Virtuoso | 2025-01-31 | 7.5 High |
| An issue in the chash_array component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | ||||
| CVE-2023-31614 | 1 Openlinksw | 1 Virtuoso | 2025-01-31 | 7.5 High |
| An issue in the mp_box_deserialize_string function in openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement. | ||||
| CVE-2023-29630 | 1 Joommasters | 1 Jms Drop Mega Menu | 2025-01-31 | 9.8 Critical |
| PrestaShop jmsmegamenu 1.1.x and 2.0.x is vulnerable to SQL Injection via ajax_jmsmegamenu.php. | ||||
| CVE-2023-29629 | 1 Jmsthemelayout Project | 1 Jmsthemelayout | 2025-01-31 | 9.8 Critical |
| PrestaShop jmsthemelayout 2.5.5 is vulnerable to SQL Injection via ajax_jmsvermegamenu.php. | ||||
| CVE-2024-3423 | 1 Argie | 1 Online Courseware | 2025-01-31 | 6.3 Medium |
| A vulnerability was found in SourceCodester Online Courseware 1.0. It has been rated as critical. This issue affects some unknown processing of the file admin/activateteach.php. The manipulation of the argument selector leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259595. | ||||
| CVE-2023-30204 | 1 Judging Management System Project | 1 Judging Management System | 2025-01-30 | 9.8 Critical |
| Judging Management System v1.0 was discovered to contain a SQL injection vulnerability via the judge_id parameter at /php-jms/edit_judge.php. | ||||
| CVE-2023-30850 | 1 Pimcore | 1 Pimcore | 2025-01-30 | 8.8 High |
| Pimcore is an open source data and experience management platform. Prior to version 10.5.21, a SQL Injection vulnerability exists in the admin translations API. Users should update to version 10.5.21 to receive a patch or, as a workaround, or apply the patch manually. | ||||
| CVE-2023-30848 | 1 Pimcore | 1 Pimcore | 2025-01-30 | 8.8 High |
| Pimcore is an open source data and experience management platform. Prior to version 10.5.21, the admin search find API has a SQL injection vulnerability. Users should upgrade to version 10.5.21 to receive a patch or, as a workaround, apply the patch manually. | ||||
| CVE-2023-2410 | 1 Oretnom23 | 1 Ac Repair And Services System | 2025-01-30 | 6.3 Medium |
| A vulnerability has been found in SourceCodester AC Repair and Services System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/bookings/view_booking.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227704. | ||||
| CVE-2023-2420 | 1 Mlecms | 1 Mlecms | 2025-01-30 | 6.3 Medium |
| A vulnerability was found in MLECMS 3.0. It has been rated as critical. This issue affects the function get_url in the library /upload/inc/lib/admin of the file upload\inc\include\common.func.php. The manipulation of the argument $_SERVER['REQUEST_URI'] leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227717 was assigned to this vulnerability. | ||||