Total
16044 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-9894 | 2 Blood Bank System Project, Code-projects | 2 Blood Bank System, Blood Bank System | 2024-10-16 | 6.3 Medium |
| A vulnerability, which was classified as critical, was found in code-projects Blood Bank System 1.0. Affected is an unknown function of the file reset.php. The manipulation of the argument useremail leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-46532 | 1 Kancloud | 1 Openhis | 2024-10-16 | 9.8 Critical |
| SQL Injection vulnerability in OpenHIS v.1.0 allows an attacker to execute arbitrary code via the refund function in the PayController.class.php component. | ||||
| CVE-2016-15040 | 1 Kentothemes | 1 Kento-post-view-counter | 2024-10-16 | 9.8 Critical |
| The Kento Post View Counter plugin for WordPress is vulnerable to SQL Injection via the 'kento_pvc_geo' parameter in versions up to, and including, 2.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | ||||
| CVE-2024-9201 | 2 Seur, Seur Oficial Project | 2 Seur, Seur Oficial | 2024-10-16 | 9.4 Critical |
| The SEUR plugin, in its versions prior to 2.5.11, is vulnerable to time-based SQL injection through the use of the ‘id_order’ parameter of the ‘/modules/seur/ajax/saveCodFee.php’ endpoint. | ||||
| CVE-2024-47849 | 2 Mediawiki, Wikimedia | 2 Cargo, Mediawiki-cargo | 2024-10-16 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in The Wikimedia Foundation Mediawiki - Cargo allows SQL Injection.This issue affects Mediawiki - Cargo: from 3.6.X before 3.6.1. | ||||
| CVE-2024-48253 | 1 Magicbug | 1 Cloudlog | 2024-10-16 | 7.3 High |
| Cloudlog 2.6.15 allows Oqrs.php delete_oqrs_line id SQL injection. | ||||
| CVE-2024-48255 | 1 Magicbug | 1 Cloudlog | 2024-10-16 | 7.3 High |
| Cloudlog 2.6.15 allows Oqrs.php get_station_info station_id SQL injection. | ||||
| CVE-2024-48257 | 1 Wavelog | 1 Wavelog | 2024-10-16 | 7.3 High |
| Wavelog 1.8.5 allows Oqrs_model.php get_worked_modes station_id SQL injectioin. | ||||
| CVE-2024-9976 | 1 Code-projects | 1 Pharmacy Management System | 2024-10-16 | 6.3 Medium |
| A vulnerability classified as critical has been found in code-projects Pharmacy Management System 1.0. This affects an unknown part of the file /php/manage_customer.php?action=search. The manipulation of the argument text leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-8630 | 1 Alisonic | 2 Sibylla, Sibylla Firmware | 2024-10-16 | 9.4 Critical |
| Alisonic Sibylla devices are vulnerable to SQL injection attacks, which could allow complete access to the database. | ||||
| CVE-2024-9974 | 2 Oretnom23, Sourcecodester | 2 Online Eyewear Shop, Online Eyewear Shop | 2024-10-15 | 6.3 Medium |
| A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file classes/Master.php?f=add_to_card of the component POST Request Handler. The manipulation of the argument product_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-9973 | 2 Oretnom23, Sourcecodester | 2 Online Eyewear Shop, Online Eyewear Shop | 2024-10-15 | 6.3 Medium |
| A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/?page=reports of the component Report Viewing Page. The manipulation of the argument date leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-9813 | 1 Codezips | 1 Pharmacy Management System | 2024-10-15 | 7.3 High |
| A vulnerability, which was classified as critical, has been found in Codezips Pharmacy Management System 1.0. This issue affects some unknown processing of the file product/register.php. The manipulation of the argument category leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-9812 | 1 Code-projects | 1 Crud Operation System | 2024-10-15 | 7.3 High |
| A vulnerability classified as critical was found in code-projects Crud Operation System 1.0. This vulnerability affects unknown code of the file delete.php. The manipulation of the argument sid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-9811 | 2 Code-projects, Restaurant Reservation System Project | 2 Restaurant Reservation System, Restaurant Reservation System | 2024-10-15 | 7.3 High |
| A vulnerability classified as critical has been found in code-projects Restaurant Reservation System 1.0. This affects an unknown part of the file filter3.php. The manipulation of the argument company leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-9809 | 2 Online Eyewear Shop Project, Oretnom23 | 2 Online Eyewear Shop, Online Eyewear Shop | 2024-10-15 | 6.3 Medium |
| A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. It has been declared as critical. Affected by this vulnerability is the function delete_product of the file /classes/Master.php?f=delete_product. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-9808 | 2 Online Eyewear Shop Project, Oretnom23 | 2 Online Eyewear Shop, Online Eyewear Shop | 2024-10-15 | 6.3 Medium |
| A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/?page=products/view_product. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-9804 | 1 Code-projects | 1 Blood Bank System | 2024-10-15 | 4.7 Medium |
| A vulnerability was found in code-projects Blood Bank System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/campsdetails.php. The manipulation of the argument hospital leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | ||||
| CVE-2024-9797 | 1 Code-projects | 1 Blood Bank System | 2024-10-15 | 7.3 High |
| A vulnerability, which was classified as critical, was found in code-projects Blood Bank System 1.0. Affected is an unknown function of the file register.php. The manipulation of the argument user leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-9796 | 2 Internet-formation, Wp-advanced-search Project | 2 Wp-advanced-search, Wp-advanced-search | 2024-10-15 | 5.9 Medium |
| The WP-Advanced-Search WordPress plugin before 3.3.9.2 does not sanitize and escape the t parameter before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks | ||||