Total
15956 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-8382 | 1 Campcodes | 1 Online Hotel Reservation System | 2025-08-06 | 6.3 Medium |
| A vulnerability, which was classified as critical, was found in Campcodes Online Hotel Reservation System 1.0. Affected is an unknown function of the file /admin/edit_room.php. The manipulation of the argument room_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-50867 | 1 Vishalmathur | 1 Cloudclassroom | 2025-08-06 | 6.5 Medium |
| A SQL Injection vulnerability exists in the takeassessment2.php endpoint of the CloudClassroom-PHP-Project 1.0, where the Q5 POST parameter is directly embedded in SQL statements without sanitization. | ||||
| CVE-2024-45955 | 1 Rocketsoftware | 1 Zena | 2025-08-06 | 7.3 High |
| Rocket Software Rocket Zena 4.4.1.26 is vulnerable to SQL Injection via the filter parameter. | ||||
| CVE-2025-45346 | 1 Bacula | 1 Bacula-web | 2025-08-06 | 8.1 High |
| SQL Injection vulnerability in Bacula-web before v.9.7.1 allows a remote attacker to execute arbitrary code via a crafted HTTP GET request. | ||||
| CVE-2024-43018 | 1 Piwigo | 1 Piwigo | 2025-08-06 | 6.4 Medium |
| Piwigo 13.8.0 and below is vulnerable to SQL Injection in the parameters max_level and min_register. These parameters are used in ws_user_gerList function from file include\ws_functions\pwg.users.php and this same function is called by ws.php file at some point can be used for searching users in advanced way in /admin.php?page=user_list. | ||||
| CVE-2024-34327 | 1 Sielox | 1 Anyware | 2025-08-06 | 6.5 Medium |
| Sielox AnyWare v2.1.2 was discovered to contain a SQL injection vulnerability via the email address field of the password reset form. | ||||
| CVE-2015-0842 | 1 Debian | 1 Yubiserver | 2025-08-06 | 9.8 Critical |
| yubiserver before 0.6 is prone to SQL injection issues, potentially leading to an authentication bypass. | ||||
| CVE-2013-10044 | 1 Openemr | 1 Openemr | 2025-08-06 | N/A |
| An authenticated SQL injection vulnerability exists in OpenEMR ≤ 4.1.1 Patch 14 that allows a low-privileged attacker to extract administrator credentials and subsequently escalate privileges. Once elevated, the attacker can exploit an unrestricted file upload flaw to achieve remote code execution, resulting in full compromise of the application and its host system. | ||||
| CVE-2025-8164 | 2 Code-projects, Fabian | 2 Public Chat Room, Public Chat Room | 2025-08-05 | 6.3 Medium |
| A vulnerability has been found in code-projects Public Chat Room 1.0 and classified as critical. This vulnerability affects unknown code of the file send_message.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-8165 | 2 Carmelo, Code-projects | 2 Food Ordering Review System, Food Review System | 2025-08-05 | 6.3 Medium |
| A vulnerability was found in code-projects Food Review System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/approve_reservation.php. The manipulation of the argument occasion leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-8166 | 2 Carmelo, Code-projects | 2 Church Donation System, Church Donation System | 2025-08-05 | 7.3 High |
| A vulnerability was found in code-projects Church Donation System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/index.php of the component HTTP POST Request Handler. The manipulation of the argument Username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-8232 | 2 Code-projects, Fabian | 2 Online Ordering System, Online Ordering System | 2025-08-05 | 7.3 High |
| A vulnerability, which was classified as critical, was found in code-projects Online Ordering System 1.0. Affected is an unknown function of the file /admin/delete_user.php. The manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-8233 | 2 Code-projects, Fabian | 2 Online Ordering System, Online Ordering System | 2025-08-05 | 7.3 High |
| A vulnerability has been found in code-projects Online Ordering System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/user.php. The manipulation of the argument un leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-8234 | 2 Code-projects, Fabian | 2 Online Ordering System, Online Ordering System | 2025-08-05 | 7.3 High |
| A vulnerability was found in code-projects Online Ordering System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/delete_member.php. The manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-8235 | 2 Code-projects, Fabian | 2 Online Ordering System, Online Ordering System | 2025-08-05 | 7.3 High |
| A vulnerability was found in code-projects Online Ordering System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/product.php. The manipulation of the argument Name leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-8236 | 2 Code-projects, Fabian | 2 Online Ordering System, Online Ordering System | 2025-08-05 | 7.3 High |
| A vulnerability was found in code-projects Online Ordering System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/edit_product.php. The manipulation of the argument Name leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-8237 | 1 Code-projects | 1 Exam Form Submission | 2025-08-05 | 7.3 High |
| A vulnerability was found in code-projects Exam Form Submission 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/update_s1.php. The manipulation of the argument credits leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-8238 | 1 Code-projects | 1 Exam Form Submission | 2025-08-05 | 7.3 High |
| A vulnerability classified as critical has been found in code-projects Exam Form Submission 1.0. Affected is an unknown function of the file /admin/update_s2.php. The manipulation of the argument credits leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-8239 | 1 Code-projects | 1 Exam Form Submission | 2025-08-05 | 7.3 High |
| A vulnerability classified as critical was found in code-projects Exam Form Submission 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/. The manipulation of the argument email leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-8240 | 1 Code-projects | 1 Exam Form Submission | 2025-08-05 | 7.3 High |
| A vulnerability, which was classified as critical, has been found in code-projects Exam Form Submission 1.0. Affected by this issue is some unknown functionality of the file /user/dashboard.php. The manipulation of the argument phone leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||