Total
16419 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-44294 | 1 Sanitization Management System Project | 1 Sanitization Management System | 2025-04-24 | 7.2 High |
| Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/?page=services/manage_service&id=. | ||||
| CVE-2022-44151 | 1 Sanitization Management System Project | 1 Sanitization Management System | 2025-04-24 | 9.8 Critical |
| Simple Inventory Management System v1.0 is vulnerable to SQL Injection via /ims/login.php. | ||||
| CVE-2022-30528 | 1 Isic.lk Project | 1 Isic.lk | 2025-04-24 | 9.8 Critical |
| SQL Injection vulnerability in asith-eranga ISIC tour booking through version published on Feb 13th 2018, allows attackers to execute arbitrary commands via the username parameter to /system/user/modules/mod_users/controller.php. | ||||
| CVE-2024-54927 | 1 Lopalopa | 1 E-learning Management System | 2025-04-24 | 7.2 High |
| Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_users.php. | ||||
| CVE-2024-54928 | 1 Lopalopa | 1 E-learning Management System | 2025-04-24 | 7.2 High |
| kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_teacher.php, | ||||
| CVE-2024-54934 | 1 Lopalopa | 1 E-learning Management System | 2025-04-24 | 9.8 Critical |
| Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_class.php. | ||||
| CVE-2023-51052 | 1 S-cms | 1 S-cms | 2025-04-24 | 9.8 Critical |
| S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_formauth parameter at /admin/ajax.php. | ||||
| CVE-2024-54932 | 1 Lopalopa | 1 E-learning Management System | 2025-04-24 | 9.8 Critical |
| Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_department.php. | ||||
| CVE-2024-54931 | 1 Lopalopa | 1 E-learning Management System | 2025-04-24 | 9.8 Critical |
| A SQL Injection was found in /admin/delete_event.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the id parameter. | ||||
| CVE-2024-52675 | 2 Oretnom23, Sourcecodester | 2 Sentiment Based Movie Rating System, Sentiment Based Movie Rating System | 2025-04-24 | 9.8 Critical |
| SourceCodester Sentiment Based Movie Rating System 1.0 is vulnerable to SQL Injection in /msrps/movies.php. | ||||
| CVE-2024-32847 | 1 Ivanti | 1 Endpoint Manager | 2025-04-24 | 7.2 High |
| SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | ||||
| CVE-2023-7022 | 1 Tongda2000 | 1 Office Anywhere | 2025-04-24 | 6.3 Medium |
| A vulnerability was found in Tongda OA 2017 up to 11.9. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file general/work_plan/manage/delete_all.php. The manipulation of the argument DELETE_STR leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-248569 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2022-45019 | 1 Slims | 1 Senayan Library Management System | 2025-04-24 | 7.5 High |
| SLiMS 9 Bulian v9.5.0 was discovered to contain a SQL injection vulnerability via the keywords parameter. | ||||
| CVE-2022-44945 | 1 Rukovoditel | 1 Rukovoditel | 2025-04-24 | 9.8 Critical |
| Rukovoditel v3.2.1 was discovered to contain a SQL injection vulnerability via the heading_field_id parameter. | ||||
| CVE-2025-3690 | 1 Phpgurukul | 1 Men Salon Management System | 2025-04-24 | 7.3 High |
| A vulnerability was found in PHPGurukul Men Salon Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/edit-services.php. The manipulation of the argument cost leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-3684 | 1 Xianqi | 1 Kindergarten Management System | 2025-04-24 | 6.3 Medium |
| A vulnerability was found in Xianqi Kindergarten Management System 2.0 Bulid 20190808. It has been rated as critical. This issue affects some unknown processing of the file stu_list.php of the component Child Management. The manipulation of the argument sex leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | ||||
| CVE-2024-55238 | 1 Open-metadata | 1 Openmetadata | 2025-04-24 | 7.1 High |
| OpenMetadata <=1.4.1 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the WorkflowDAO interface. The workflowtype and status parameters can be used to build a SQL query. | ||||
| CVE-2025-0881 | 1 Codezips | 1 Gym Management System | 2025-04-23 | 6.3 Medium |
| A vulnerability was found in Codezips Gym Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /dashboard/admin/saveroutine.php. The manipulation of the argument rname leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-32841 | 1 Ivanti | 1 Endpoint Manager | 2025-04-23 | 7.2 High |
| SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | ||||
| CVE-2024-32839 | 1 Ivanti | 2 Endpoint Manager, Epm | 2025-04-23 | 7.2 High |
| SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | ||||