Total
16332 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-5827 | 1 Cti Monitoring And Early Warning System Project | 1 Cti Monitoring And Early Warning System | 2025-06-12 | 5.5 Medium |
| A vulnerability was found in Shanghai CTI Navigation CTI Monitoring and Early Warning System 2.2. It has been classified as critical. This affects an unknown part of the file /Web/SysManage/UserEdit.aspx. The manipulation of the argument ID leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-243717 was assigned to this vulnerability. | ||||
| CVE-2023-29047 | 1 Open-xchange | 1 Open-xchange Appsuite | 2025-06-12 | 5.3 Medium |
| Imageconverter API endpoints provided methods that were not sufficiently validating and sanitizing client input, allowing to inject arbitrary SQL statements. An attacker with access to the adjacent network and potentially API credentials, could read and modify database content which is accessible to the imageconverter SQL user account. None No publicly available exploits are known. | ||||
| CVE-2023-45341 | 1 Projectworlds | 1 Online Food Ordering System | 2025-06-12 | 9.8 Critical |
| Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The '*_price' parameter of the routers/menu-router.php resource does not validate the characters received and they are sent unfiltered to the database. | ||||
| CVE-2025-46052 | 1 Weberp | 1 Weberp | 2025-06-12 | 9.8 Critical |
| An error-based SQL Injection (SQLi) vulnerability in WebERP v4.15.2 allows attackers to execute arbitrary SQL command and extract sensitive data by injecting a crafted payload into the DEL form field in a POST request to /StockCounts.php | ||||
| CVE-2025-46053 | 1 Weberp | 1 Weberp | 2025-06-12 | 5.1 Medium |
| A SQL Injection vulnerability in WebERP v4.15.2 allows attackers to execute arbitrary SQL commands and extract sensitive data by injecting a crafted payload into the ReportID and ReplaceReportID parameters within a POST request to /reportwriter/admin/ReportCreator.php | ||||
| CVE-2025-4541 | 1 Lmxcms | 1 Lmxcms | 2025-06-12 | 6.3 Medium |
| A vulnerability classified as critical has been found in LmxCMS 1.41. Affected is the function manageZt of the file c\admin\ZtAction.class.php of the component POST Request Handler. The manipulation of the argument sortid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-25064 | 1 Synacor | 1 Zimbra Collaboration Suite | 2025-06-11 | 8.8 High |
| SQL injection vulnerability in the ZimbraSync Service SOAP endpoint in Zimbra Collaboration 10.0.x before 10.0.12 and 10.1.x before 10.1.4 due to insufficient sanitization of a user-supplied parameter. Authenticated attackers can exploit this vulnerability by manipulating a specific parameter in the request, allowing them to inject arbitrary SQL queries that could retrieve email metadata. | ||||
| CVE-2024-25722 | 1 Qanything | 1 Qanything | 2025-06-11 | 9.8 Critical |
| qanything_kernel/connector/database/mysql/mysql_client.py in qanything.ai QAnything before 1.2.0 allows SQL Injection. | ||||
| CVE-2024-0558 | 1 Dedebiz | 1 Dedebiz | 2025-06-11 | 4.7 Medium |
| A vulnerability has been found in DedeBIZ 6.3.0 and classified as critical. This vulnerability affects unknown code of the file /admin/makehtml_freelist_action.php. The manipulation of the argument startid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-250726 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-10009 | 1 Melapress | 1 Melapress File Monitor | 2025-06-11 | 4.1 Medium |
| The Melapress File Monitor WordPress plugin before 2.1.0 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks | ||||
| CVE-2023-6030 | 1 Deryckoe | 1 Logdash Activity Log | 2025-06-11 | 5.4 Medium |
| The LogDash Activity Log WordPress plugin before 1.1.4 hooks the wp_login_failed function (from src/Hooks/Users.php) in order to log failed login attempts to the database but it doesn't escape the username when it perform some SQL request leading to a SQL injection vulnerability which can be exploited using time-based technique by unauthenticated attacker | ||||
| CVE-2023-6373 | 1 Artplacer | 1 Artplacer Widget | 2025-06-11 | 8.8 High |
| The ArtPlacer Widget WordPress plugin before 2.20.7 does not sanitize and escape the "id" parameter before submitting the query, leading to a SQLI exploitable by editors and above. Note: Due to the lack of CSRF check, the issue could also be exploited via a CSRF against a logged editor (or above) | ||||
| CVE-2023-48793 | 2 Manageengine, Zohocorp | 2 Adaudit Plus, Manageengine Adaudit Plus | 2025-06-11 | 9.8 Critical |
| Zoho ManageEngine ADAudit Plus through 7250 allows SQL Injection in the aggregate report feature. | ||||
| CVE-2023-48792 | 2 Manageengine, Zohocorp | 2 Adaudit Plus, Manageengine Adaudit Plus | 2025-06-11 | 9.8 Critical |
| Zoho ManageEngine ADAudit Plus through 7250 is vulnerable to SQL Injection in the report export option. | ||||
| CVE-2023-3211 | 1 Dmparekh | 1 Wordpress Database Administrator | 2025-06-11 | 9.8 Critical |
| The WordPress Database Administrator WordPress plugin through 1.0.3 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection. | ||||
| CVE-2024-6159 | 1 Pnfpb | 1 Push Notification For Post And Buddypress | 2025-06-11 | 9.8 Critical |
| The Push Notification for Post and BuddyPress WordPress plugin before 1.9.4 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection | ||||
| CVE-2025-4929 | 1 Campcodes | 1 Online Shopping Portal | 2025-06-11 | 7.3 High |
| A vulnerability was found in Campcodes Online Shopping Portal 1.0. It has been rated as critical. This issue affects some unknown processing of the file /my-account.php. The manipulation of the argument Name leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-5119 | 1 Emlog | 1 Emlog | 2025-06-10 | 7.3 High |
| A vulnerability has been found in Emlog Pro 2.5.11 and classified as critical. This vulnerability affects unknown code of the file /include/controller/api_controller.php. The manipulation of the argument tag leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure and confirmed the existence of the vulnerability. | ||||
| CVE-2025-5610 | 1 Codeastro | 1 Real Estate Management System | 2025-06-10 | 6.3 Medium |
| A vulnerability, which was classified as critical, has been found in CodeAstro Real Estate Management System 1.0. Affected by this issue is some unknown functionality of the file /submitpropertydelete.php. The manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-5611 | 1 Codeastro | 1 Real Estate Management System | 2025-06-10 | 6.3 Medium |
| A vulnerability, which was classified as critical, was found in CodeAstro Real Estate Management System 1.0. This affects an unknown part of the file /submitpropertyupdate.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||