Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2007-10001

Summary
Assigner-VulDB
Assigner Org ID-1af790b2-7ee1-4545-860a-a788eba489b5
Published At-05 Jan, 2023 | 11:26
Updated At-10 Apr, 2025 | 14:16
Rejected At-
Credits

web-cyradm search.php sql injection

A vulnerability classified as problematic has been found in web-cyradm. This affects an unknown part of the file search.php. The manipulation of the argument searchstring leads to sql injection. It is recommended to apply a patch to fix this issue. The identifier VDB-217449 was assigned to this vulnerability.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:VulDB
Assigner Org ID:1af790b2-7ee1-4545-860a-a788eba489b5
Published At:05 Jan, 2023 | 11:26
Updated At:10 Apr, 2025 | 14:16
Rejected At:
▼CVE Numbering Authority (CNA)
web-cyradm search.php sql injection

A vulnerability classified as problematic has been found in web-cyradm. This affects an unknown part of the file search.php. The manipulation of the argument searchstring leads to sql injection. It is recommended to apply a patch to fix this issue. The identifier VDB-217449 was assigned to this vulnerability.

Affected Products
Vendor
n/a
Product
web-cyradm
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
CWECWE-89CWE-89 SQL Injection
Type: CWE
CWE ID: CWE-89
Description: CWE-89 SQL Injection
Metrics
VersionBase scoreBase severityVector
3.13.5LOW
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
3.03.5LOW
CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
2.02.7N/A
AV:A/AC:L/Au:S/C:P/I:N/A:N
Version: 3.1
Base score: 3.5
Base severity: LOW
Vector:
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Version: 3.0
Base score: 3.5
Base severity: LOW
Vector:
CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Version: 2.0
Base score: 2.7
Base severity: N/A
Vector:
AV:A/AC:L/Au:S/C:P/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
tool
VulDB GitHub Commit Analyzer
Timeline
EventDate
Advisory disclosed2023-01-05 00:00:00
CVE reserved2023-01-05 00:00:00
VulDB entry created2023-01-05 01:00:00
VulDB last update2023-01-28 15:47:26
Event: Advisory disclosed
Date: 2023-01-05 00:00:00
Event: CVE reserved
Date: 2023-01-05 00:00:00
Event: VulDB entry created
Date: 2023-01-05 01:00:00
Event: VulDB last update
Date: 2023-01-28 15:47:26
Replaced By
Rejected Reason
References
HyperlinkResource
https://vuldb.com/?id.217449
vdb-entry
technical-description
https://vuldb.com/?ctiid.217449
signature
permissions-required
https://github.com/web-cyradm/web-cyradm/commit/3e8f0717f133907bb6a09cb674b05c5f273da3e1
patch
Hyperlink: https://vuldb.com/?id.217449
Resource:
vdb-entry
technical-description
Hyperlink: https://vuldb.com/?ctiid.217449
Resource:
signature
permissions-required
Hyperlink: https://github.com/web-cyradm/web-cyradm/commit/3e8f0717f133907bb6a09cb674b05c5f273da3e1
Resource:
patch
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://vuldb.com/?id.217449
vdb-entry
technical-description
x_transferred
https://vuldb.com/?ctiid.217449
signature
permissions-required
x_transferred
https://github.com/web-cyradm/web-cyradm/commit/3e8f0717f133907bb6a09cb674b05c5f273da3e1
patch
x_transferred
Hyperlink: https://vuldb.com/?id.217449
Resource:
vdb-entry
technical-description
x_transferred
Hyperlink: https://vuldb.com/?ctiid.217449
Resource:
signature
permissions-required
x_transferred
Hyperlink: https://github.com/web-cyradm/web-cyradm/commit/3e8f0717f133907bb6a09cb674b05c5f273da3e1
Resource:
patch
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cna@vuldb.com
Published At:05 Jan, 2023 | 12:15
Updated At:17 May, 2024 | 00:32

A vulnerability classified as problematic has been found in web-cyradm. This affects an unknown part of the file search.php. The manipulation of the argument searchstring leads to sql injection. It is recommended to apply a patch to fix this issue. The identifier VDB-217449 was assigned to this vulnerability.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Secondary3.13.5LOW
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Secondary2.02.7LOW
AV:A/AC:L/Au:S/C:P/I:N/A:N
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Type: Secondary
Version: 3.1
Base score: 3.5
Base severity: LOW
Vector:
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Type: Secondary
Version: 2.0
Base score: 2.7
Base severity: LOW
Vector:
AV:A/AC:L/Au:S/C:P/I:N/A:N
CPE Matches
web-cyradm_project
web-cyradm_project
>>web-cyradm>>-
cpe:2.3:a:web-cyradm_project:web-cyradm:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-89Primarycna@vuldb.com
CWE ID: CWE-89
Type: Primary
Source: cna@vuldb.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/web-cyradm/web-cyradm/commit/3e8f0717f133907bb6a09cb674b05c5f273da3e1cna@vuldb.com
Patch
Third Party Advisory
https://vuldb.com/?ctiid.217449cna@vuldb.com
Permissions Required
Third Party Advisory
https://vuldb.com/?id.217449cna@vuldb.com
Permissions Required
Third Party Advisory
Hyperlink: https://github.com/web-cyradm/web-cyradm/commit/3e8f0717f133907bb6a09cb674b05c5f273da3e1
Source: cna@vuldb.com
Resource:
Patch
Third Party Advisory
Hyperlink: https://vuldb.com/?ctiid.217449
Source: cna@vuldb.com
Resource:
Permissions Required
Third Party Advisory
Hyperlink: https://vuldb.com/?id.217449
Source: cna@vuldb.com
Resource:
Permissions Required
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

773Records found
CVE-2024-34220
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.45% / 63.64%
||
7 Day CHG~0.00%
Published-09 May, 2024 | 18:31
Updated-18 Apr, 2025 | 16:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sourcecodester Human Resource Management System 1.0 is vulnerable to SQL Injection via the 'leave' parameter.

Action-Not Available
Vendor-n/aSourceCodesteroretnom23
Product-human_resource_management_systemn/ahuman_resource_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-33964
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-9.8||CRITICAL
EPSS-0.18% / 38.45%
||
7 Day CHG~0.00%
Published-06 Aug, 2024 | 11:20
Updated-08 Aug, 2024 | 15:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL injection in Janobe products

SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'id' in '/admin/mod_users/index.php' parameter.

Action-Not Available
Vendor-janobe
Product-credit_cardschool_event_management_systemdebit_card_paymentpaypalschool_attendence_monitoring_systemJanobe PayPalJanobe Debit Card PaymentJanobe Credit Cardjanobe_debit_card_paymentjanobe_paypaljanobe_credit_card
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-33972
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-9.8||CRITICAL
EPSS-0.18% / 38.45%
||
7 Day CHG~0.00%
Published-06 Aug, 2024 | 11:56
Updated-08 Aug, 2024 | 15:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL injection in Janobe products

SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'events' in '/report/event_print.php' parameter.

Action-Not Available
Vendor-janobe
Product-credit_cardschool_event_management_systemdebit_card_paymentpaypalschool_attendence_monitoring_systemchool Event Management SystemSchool Attendance Monitoring Systemschool_attendance_monitoring_systemschool_event_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-33967
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-9.8||CRITICAL
EPSS-0.18% / 38.45%
||
7 Day CHG~0.00%
Published-06 Aug, 2024 | 11:53
Updated-08 Aug, 2024 | 15:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL injection in Janobe products

SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'view' in 'Attendance' and 'YearLevel' in '/AttendanceMonitoring/report/attendance_print.php' parameter.

Action-Not Available
Vendor-janobe
Product-credit_cardschool_event_management_systemdebit_card_paymentpaypalschool_attendence_monitoring_systemchool Event Management SystemSchool Attendance Monitoring Systemschool_attendance_monitoring_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-33971
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-9.8||CRITICAL
EPSS-0.18% / 38.45%
||
7 Day CHG~0.00%
Published-06 Aug, 2024 | 11:55
Updated-08 Aug, 2024 | 15:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL injection in Janobe products

SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'username' in '/login.php' parameter.

Action-Not Available
Vendor-janobe
Product-credit_cardschool_event_management_systemdebit_card_paymentpaypalschool_attendence_monitoring_systemchool Event Management SystemSchool Attendance Monitoring System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2020-36003
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.32% / 55.30%
||
7 Day CHG~0.00%
Published-17 Feb, 2021 | 14:32
Updated-04 Aug, 2024 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The id parameter in detail.php of Online Book Store v1.0 is vulnerable to union-based blind SQL injection, which leads to the ability to retrieve all databases.

Action-Not Available
Vendor-online_book_store_projectn/a
Product-online_book_storen/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-33962
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-9.8||CRITICAL
EPSS-0.18% / 38.45%
||
7 Day CHG~0.00%
Published-06 Aug, 2024 | 11:19
Updated-08 Aug, 2024 | 15:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL injection in Janobe products

SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'code' in '/admin/mod_reservation/index.php' parameter.

Action-Not Available
Vendor-janobe
Product-credit_cardschool_event_management_systemdebit_card_paymentpaypalschool_attendence_monitoring_systemJanobe PayPalJanobe Debit Card PaymentJanobe Credit Cardjanobe_debit_card_paymentjanobe_paypaljanobe_credit_card
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2020-36002
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.32% / 54.72%
||
7 Day CHG~0.00%
Published-17 Feb, 2021 | 14:32
Updated-04 Aug, 2024 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Seat-Reservation-System 1.0 has a SQL injection vulnerability in index.php in the id parameter where attackers can obtain sensitive database information.

Action-Not Available
Vendor-seat-reservation-system_projectn/a
Product-seat-reservation-systemn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-33966
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-9.8||CRITICAL
EPSS-0.18% / 38.45%
||
7 Day CHG~0.00%
Published-06 Aug, 2024 | 11:21
Updated-08 Aug, 2024 | 15:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL injection in Janobe products

SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'xtsearch' in '/admin/mod_reports/index.php' parameter.

Action-Not Available
Vendor-janobe
Product-credit_cardschool_event_management_systemdebit_card_paymentpaypalschool_attendence_monitoring_systemJanobe PayPalJanobe Debit Card PaymentJanobe Credit Cardjanobe_debit_card_paymentjanobe_paypaljanobe_credit_card
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-33965
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-9.8||CRITICAL
EPSS-0.18% / 38.45%
||
7 Day CHG~0.00%
Published-06 Aug, 2024 | 11:20
Updated-08 Aug, 2024 | 15:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL injection in Janobe products

SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'view' in '/tubigangarden/admin/mod_accomodation/index.php' parameter.

Action-Not Available
Vendor-janobe
Product-credit_cardschool_event_management_systemdebit_card_paymentpaypalschool_attendence_monitoring_systemJanobe PayPalJanobe Debit Card PaymentJanobe Credit Cardjanobe_debit_card_paymentjanobe_paypaljanobe_credit_card
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-33968
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-9.8||CRITICAL
EPSS-0.18% / 38.45%
||
7 Day CHG~0.00%
Published-06 Aug, 2024 | 11:54
Updated-08 Aug, 2024 | 15:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL injection in Janobe products

SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'Attendance' and 'YearLevel' in '/AttendanceMonitoring/report/index.php' parameter.

Action-Not Available
Vendor-janobe
Product-credit_cardschool_event_management_systemdebit_card_paymentpaypalschool_attendence_monitoring_systemchool Event Management SystemSchool Attendance Monitoring Systemschool_attendance_monitoring_systemschool_event_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-34334
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.3||CRITICAL
EPSS-0.08% / 22.63%
||
7 Day CHG~0.00%
Published-12 Sep, 2024 | 00:00
Updated-18 Sep, 2024 | 20:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ORDAT FOSS-Online before v2.24.01 was discovered to contain a SQL injection vulnerability via the forgot password function.

Action-Not Available
Vendor-ordatn/aordat
Product-ordat.erpn/afoss-online
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-34458
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.77% / 73.66%
||
7 Day CHG~0.00%
Published-20 Aug, 2024 | 00:00
Updated-14 Mar, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Keyfactor Command 10.5.x before 10.5.1 and 11.5.x before 11.5.1 allows SQL Injection which could result in information disclosure.

Action-Not Available
Vendor-keyfactorn/a
Product-commandn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-4840
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-7.5||HIGH
EPSS-0.22% / 44.79%
||
7 Day CHG~0.00%
Published-10 Jun, 2025 | 06:00
Updated-02 Jul, 2025 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Likes and Dislikes Plugin <= 1.0.0 - Unauthenticated SQL Injection

The inprosysmedia-likes-dislikes-post WordPress plugin through 1.0.0 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection

Action-Not Available
Vendor-erumfahamUnknown
Product-likes_and_dislikesinprosysmedia-likes-dislikes-post
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-33973
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-9.8||CRITICAL
EPSS-0.18% / 38.45%
||
7 Day CHG~0.00%
Published-06 Aug, 2024 | 11:56
Updated-08 Aug, 2024 | 15:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL injection in Janobe products

SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'Attendance' and 'YearLevel' in '/report/attendance_print.php' parameter.

Action-Not Available
Vendor-janobe
Product-credit_cardschool_event_management_systemdebit_card_paymentpaypalschool_attendence_monitoring_systemchool Event Management SystemSchool Attendance Monitoring Systemschool_attendance_monitoring_systemschool_event_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-33961
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-9.8||CRITICAL
EPSS-0.18% / 38.45%
||
7 Day CHG~0.00%
Published-06 Aug, 2024 | 11:18
Updated-08 Aug, 2024 | 15:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL injection in Janobe products

SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'code' in '/admin/mod_reservation/controller.php' parameter.

Action-Not Available
Vendor-janobe
Product-credit_cardschool_event_management_systemdebit_card_paymentpaypalschool_attendence_monitoring_systemJanobe PayPalJanobe Debit Card PaymentJanobe Credit Cardjanobe_credit_card
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-33958
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-9.8||CRITICAL
EPSS-0.25% / 47.84%
||
7 Day CHG~0.00%
Published-06 Aug, 2024 | 11:04
Updated-15 Aug, 2024 | 16:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL injection in Janobe E-Negosyo System

SQL injection vulnerability in E-Negosyo System affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in 'phonenumber' in '/passwordrecover.php' parameter.

Action-Not Available
Vendor-janobe
Product-young_entrepreneur_e-negosyo_systemE-Negosyo Systemenegosyo_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-33970
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-9.8||CRITICAL
EPSS-0.18% / 38.45%
||
7 Day CHG~0.00%
Published-06 Aug, 2024 | 11:55
Updated-08 Aug, 2024 | 15:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL injection in Janobe products

SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'studid' in '/candidate/controller.php' parameter.

Action-Not Available
Vendor-janobe
Product-credit_cardschool_event_management_systemdebit_card_paymentpaypalschool_attendence_monitoring_systemchool Event Management SystemSchool Attendance Monitoring Systemschool_attendance_monitoring_systemschool_event_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2020-19450
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.26% / 49.84%
||
7 Day CHG~0.00%
Published-25 Sep, 2020 | 14:16
Updated-04 Aug, 2024 | 14:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection exists in the jdownloads 3.2.63 component for Joomla! via com_jdownloads/helpers/jdownloadshelper.php, getUserLimits function in the list parameter.

Action-Not Available
Vendor-jdownloadsn/a
Product-jdownloadsn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-29709
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.86% / 75.20%
||
7 Day CHG~0.00%
Published-25 Jul, 2022 | 11:32
Updated-03 Aug, 2024 | 06:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CommuniLink Internet Limited CLink Office v2.0 was discovered to contain multiple SQL injection vulnerabilities via the username and password parameters.

Action-Not Available
Vendor-communilinkn/a
Product-clink_officen/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-33450
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.20% / 42.29%
||
7 Day CHG~0.00%
Published-28 May, 2024 | 19:07
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL Injection in Finereport v.8.0 allows a remote attacker to obtain sensitive information

Action-Not Available
Vendor-n/a
Product-n/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-32736
Matching Score-4
Assigner-Tenable Network Security, Inc.
ShareView Details
Matching Score-4
Assigner-Tenable Network Security, Inc.
CVSS Score-7.5||HIGH
EPSS-69.10% / 98.66%
||
7 Day CHG~0.00%
Published-09 May, 2024 | 14:57
Updated-23 Oct, 2025 | 12:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CyberPower PowerPanel Enterprise SQL Injection

A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to v2.8.3. An unauthenticated remote attacker can leak sensitive information via the "query_utask_verbose" function within MCUDBHelper.

Action-Not Available
Vendor-Cyber Power Systems, Inc.
Product-powerpanelCyberPower PowerPanel Enterprisepowerpanel_enterprise
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-32738
Matching Score-4
Assigner-Tenable Network Security, Inc.
ShareView Details
Matching Score-4
Assigner-Tenable Network Security, Inc.
CVSS Score-7.5||HIGH
EPSS-51.61% / 97.91%
||
7 Day CHG~0.00%
Published-09 May, 2024 | 14:58
Updated-23 Oct, 2025 | 12:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CyberPower PowerPanel Enterprise SQL Injection

A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to v2.8.3. An unauthenticated remote attacker can leak sensitive information via the "query_ptask_lean" function within MCUDBHelper.

Action-Not Available
Vendor-Cyber Power Systems, Inc.
Product-powerpanelCyberPower PowerPanel Enterprisepowerpanel_enterprise
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-32737
Matching Score-4
Assigner-Tenable Network Security, Inc.
ShareView Details
Matching Score-4
Assigner-Tenable Network Security, Inc.
CVSS Score-7.5||HIGH
EPSS-51.61% / 97.91%
||
7 Day CHG~0.00%
Published-09 May, 2024 | 14:57
Updated-23 Oct, 2025 | 12:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CyberPower PowerPanel Enterprise SQL Injection

A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to v2.8.3. An unauthenticated remote attacker can leak sensitive information via the "query_contract_result" function within MCUDBHelper.

Action-Not Available
Vendor-Cyber Power Systems, Inc.
Product-powerpanelCyberPower PowerPanel Enterprisepowerpanel_enterprise
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-33332
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.15% / 35.50%
||
7 Day CHG~0.00%
Published-30 Apr, 2024 | 00:00
Updated-03 Jun, 2025 | 14:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue discovered in SpringBlade 3.7.1 allows attackers to obtain sensitive information via crafted GET request to api/blade-system/tenant.

Action-Not Available
Vendor-bladexn/asmallchill
Product-springbladen/aspringblade
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-3226
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-7.3||HIGH
EPSS-0.13% / 31.27%
||
7 Day CHG~0.00%
Published-03 Apr, 2024 | 02:00
Updated-27 Feb, 2025 | 17:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Campcodes Online Patient Record Management System login.php sql injection

A vulnerability was found in Campcodes Online Patient Record Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/login.php. The manipulation of the argument password leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259071.

Action-Not Available
Vendor-CampCodes
Product-online_patient_record_management_systemOnline Patient Record Management Systemonline_patient_record_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-31506
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.9||MEDIUM
EPSS-0.08% / 22.63%
||
7 Day CHG~0.00%
Published-09 Apr, 2024 | 00:00
Updated-20 Mar, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sourcecodester Online Graduate Tracer System v1.0 is vulnerable to SQL Injection via the "id" parameter in admin/admin_cs.php.

Action-Not Available
Vendor-tamparongj03n/atamparongj_03
Product-online_graduate_tracer_systemn/aonline_graduate_tracer_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-1483
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-9.3||CRITICAL
EPSS-0.04% / 11.62%
||
7 Day CHG~0.00%
Published-27 Jan, 2026 | 16:33
Updated-10 Feb, 2026 | 20:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Out-of-band SQL injection in Quatuor Performance Evaluation

An out-of-band SQL injection vulnerability (OOB SQLi) has been detected in the Performance Evaluation (EDD) application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in the parameter 'Id_usuario' in '/evaluacion_objetivos_ver_auto.aspx', could allow an attacker to extract sensitive information from the database through external channels, without the affected application returning the data directly, compromising the confidentiality of the stored information.

Action-Not Available
Vendor-quatuorQuatuor
Product-evaluacion_de_desempenoEvaluación de Desempeño (EDD)
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-2999
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.15% / 34.93%
||
7 Day CHG~0.00%
Published-27 Mar, 2024 | 21:00
Updated-05 Mar, 2025 | 18:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Campcodes Online Art Gallery Management System adminHome.php sql injection

A vulnerability classified as critical has been found in Campcodes Online Art Gallery Management System 1.0. This affects an unknown part of the file /admin/adminHome.php. The manipulation of the argument uname leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258201 was assigned to this vulnerability.

Action-Not Available
Vendor-SourceCodesterCampCodes
Product-online_art_gallery_management_systemOnline Art Gallery Management Systemonline_art_gallery_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-31010
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.13% / 31.29%
||
7 Day CHG~0.00%
Published-03 Apr, 2024 | 00:00
Updated-04 Apr, 2025 | 16:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in SEMCMS v.4.8, allows a remote attacker to obtain sensitive information via the ID parameter in Banner.php.

Action-Not Available
Vendor-sem-cmsn/asem-cms
Product-semcmsn/asemcms
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-31025
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.06% / 19.29%
||
7 Day CHG~0.00%
Published-04 Apr, 2024 | 00:00
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL Injection vulnerability in ECshop 4.x allows an attacker to obtain sensitive information via the file/article.php component.

Action-Not Available
Vendor-n/ashopex
Product-n/aecshop
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2017-4972
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-7.5||HIGH
EPSS-0.28% / 51.13%
||
7 Day CHG~0.00%
Published-13 Jun, 2017 | 06:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v257; UAA release 2.x versions prior to v2.7.4.14, 3.6.x versions prior to v3.6.8, 3.9.x versions prior to v3.9.10, and other versions prior to v3.15.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.12, 24.x versions prior to v24.7, and other versions prior to v30. An attacker can use a blind SQL injection attack to query the contents of the UAA database.

Action-Not Available
Vendor-n/aVMware (Broadcom Inc.)Cloud Foundry
Product-cloud_foundry_uaacf-releasecloud_foundry_uaa_boshCloud Foundry UAA
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-2879
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-9.8||CRITICAL
EPSS-93.67% / 99.85%
||
7 Day CHG~0.00%
Published-03 Apr, 2024 | 03:24
Updated-21 Nov, 2024 | 09:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The LayerSlider plugin for WordPress is vulnerable to SQL Injection via the ls_get_popup_markup action in versions 7.9.11 and 7.10.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

Action-Not Available
Vendor-layersliderLayerSliderlayerslider
Product-layersliderLayerSliderlayerslider
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-2932
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.20% / 42.01%
||
7 Day CHG~0.00%
Published-27 Mar, 2024 | 00:00
Updated-18 Feb, 2025 | 17:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Online Chatting System update_room.php sql injection

A vulnerability classified as critical has been found in SourceCodester Online Chatting System 1.0. Affected is an unknown function of the file admin/update_room.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258012.

Action-Not Available
Vendor-donbermoySourceCodester
Product-online_chatting_systemOnline Chatting Systemonline_chatting_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-29302
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.10% / 26.49%
||
7 Day CHG~0.00%
Published-25 Mar, 2024 | 00:00
Updated-01 Apr, 2025 | 18:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SourceCodester PHP Task Management System 1.0 is vulnerable to SQL Injection via update-employee.php.

Action-Not Available
Vendor-n/amayuri_kSourceCodester
Product-php_task_management_systemn/aphp_task_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-29031
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-1.55% / 81.55%
||
7 Day CHG~0.00%
Published-21 Mar, 2024 | 22:16
Updated-02 Sep, 2025 | 19:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Meshery SQL Injection vulnerability

Meshery is an open source, cloud native manager that enables the design and management of Kubernetes-based infrastructure and applications. A SQL injection vulnerability in Meshery prior to version 0.7.17 allows a remote attacker to obtain sensitive information via the `order` parameter of `GetMeshSyncResources`. Version 0.7.17 contains a patch for this issue.

Action-Not Available
Vendor-layer5mesherylayer5
Product-mesherymesherymeshery
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-29301
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.11% / 28.71%
||
7 Day CHG~0.00%
Published-25 Mar, 2024 | 00:00
Updated-01 Apr, 2025 | 18:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SourceCodester PHP Task Management System 1.0 is vulnerable to SQL Injection via update-admin.php?admin_id=

Action-Not Available
Vendor-n/amayuri_kSourceCodester
Product-php_task_management_systemn/aphp_task_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-2723
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-9.8||CRITICAL
EPSS-0.05% / 15.25%
||
7 Day CHG~0.00%
Published-22 Mar, 2024 | 13:34
Updated-15 Oct, 2025 | 18:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL injection vulnerability in the CIGESv2 system

SQL injection vulnerability in the CIGESv2 system, through /ajaxSubServicios.php, in the 'idServicio' parameter. The exploitation of this vulnerability could allow a remote user to retrieve all data stored in the database by sending a specially crafted SQL query.

Action-Not Available
Vendor-atisolucionesCigesciges
Product-cigesCIGESv2ciges
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2017-20104
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-7.3||HIGH
EPSS-0.24% / 47.20%
||
7 Day CHG~0.00%
Published-28 Jun, 2022 | 06:40
Updated-15 Apr, 2025 | 14:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Simplessus Cookie Time sql injection

A vulnerability was found in Simplessus 3.7.7. It has been declared as critical. This vulnerability affects unknown code of the component Cookie Handler. The manipulation of the argument UWA_SID leads to sql injection (Time). The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.8.3 is able to address this issue. It is recommended to upgrade the affected component.

Action-Not Available
Vendor-simplessusunspecified
Product-simplessusSimplessus
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2017-20136
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.28% / 51.49%
||
7 Day CHG~0.00%
Published-16 Jul, 2022 | 06:15
Updated-15 Apr, 2025 | 14:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Itech Classifieds Script subpage.php sql injection

A vulnerability classified as critical has been found in Itech Classifieds Script 7.27. Affected is an unknown function of the file /subpage.php. The manipulation of the argument scat with the input =51' AND 4941=4941 AND 'hoCP'='hoCP leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-itechscriptsItech
Product-classifieds_scriptClassifieds Script
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-2722
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-9.8||CRITICAL
EPSS-0.13% / 31.69%
||
7 Day CHG~0.00%
Published-22 Mar, 2024 | 13:33
Updated-15 Oct, 2025 | 18:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL injection vulnerability in the CIGESv2 system

SQL injection vulnerability in the CIGESv2 system, through /ajaxConfigTotem.php, in the 'id' parameter. The exploitation of this vulnerability could allow a remote user to retrieve all data stored in the database by sending a specially crafted SQL query.

Action-Not Available
Vendor-atisolucionesCigesciges
Product-cigesCIGESv2ciges
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-2724
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-9.8||CRITICAL
EPSS-0.05% / 15.25%
||
7 Day CHG~0.00%
Published-22 Mar, 2024 | 13:34
Updated-15 Oct, 2025 | 18:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL injection vulnerability in the CIGESv2 system

SQL injection vulnerability in the CIGESv2 system, through /ajaxServiciosAtencion.php, in the 'idServicio' parameter. The exploitation of this vulnerability could allow a remote user to retrieve all data stored in the database by sending a specially crafted SQL query.

Action-Not Available
Vendor-atisolucionesCigesciges
Product-cigesCIGESv2ciges
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2017-20137
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.28% / 51.49%
||
7 Day CHG~0.00%
Published-16 Jul, 2022 | 06:16
Updated-15 Apr, 2025 | 14:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Itech B2B Script catcompany.php sql injection

A vulnerability was found in Itech B2B Script 4.28. It has been rated as critical. This issue affects some unknown processing of the file /catcompany.php. The manipulation of the argument token with the input 704667c6a1e7ce56d3d6fa748ab6d9af3fd7' AND 6539=6539 AND 'Fakj'='Fakj leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-itechscriptsItech
Product-b2b_scriptB2B Script
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-28297
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.14% / 32.99%
||
7 Day CHG~0.00%
Published-02 Aug, 2024 | 00:00
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in AzureSoft MyHorus 4.3.5 allows authenticated users to execute arbitrary SQL commands via unspecified vectors.

Action-Not Available
Vendor-n/aazursoft
Product-n/amyhorus
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2020-19957
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.40% / 60.91%
||
7 Day CHG~0.00%
Published-14 Oct, 2021 | 14:17
Updated-04 Aug, 2024 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A SQL injection vulnerability has been discovered in zz cms version 2019 which allows attackers to retrieve sensitive data via the id parameter on the /dl/dl_print.php page.

Action-Not Available
Vendor-zzcmsn/a
Product-zzcmsn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-26026
Matching Score-4
Assigner-F5, Inc.
ShareView Details
Matching Score-4
Assigner-F5, Inc.
CVSS Score-7.5||HIGH
EPSS-89.43% / 99.56%
||
7 Day CHG~0.00%
Published-08 May, 2024 | 15:01
Updated-19 Sep, 2025 | 20:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
BIG-IP Central Manager SQL Injection

An SQL injection vulnerability exists in the BIG-IP Next Central Manager API (URI).  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

Action-Not Available
Vendor-F5, Inc.
Product-big-ip_next_central_managerBIG-IP Next Central Managerbig-ip_next_central_manager
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-2591
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-8.2||HIGH
EPSS-0.05% / 14.82%
||
7 Day CHG~0.00%
Published-18 Mar, 2024 | 13:57
Updated-17 Apr, 2025 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL injection vulnerability in AMSS++

Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/modules/book/main/bookdetail_group.php, in multiple parameters. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB.

Action-Not Available
Vendor-amss\+\+_projectAmssplusamssplus
Product-amss\+\+AMSS++amss_plus
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-2586
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-8.2||HIGH
EPSS-0.06% / 17.21%
||
7 Day CHG~0.00%
Published-18 Mar, 2024 | 13:53
Updated-11 Apr, 2025 | 14:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL injection vulnerability in AMSS++

Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/index.php, in the 'username' parameter. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB.

Action-Not Available
Vendor-amss\+\+_projectAmssplusamssplus
Product-amss\+\+AMSS++amss_plus
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-2588
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-8.2||HIGH
EPSS-0.05% / 14.82%
||
7 Day CHG~0.00%
Published-18 Mar, 2024 | 13:54
Updated-16 Apr, 2025 | 18:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL injection vulnerability in AMSS++

Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/admin/index.php, in the 'id' parameter. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB.

Action-Not Available
Vendor-amss\+\+_projectAmssplusamssplus
Product-amss\+\+AMSS++amss_plus
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-25891
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.20% / 41.96%
||
7 Day CHG~0.00%
Published-21 Feb, 2024 | 00:00
Updated-17 Mar, 2025 | 19:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ChurchCRM 5.5.0 FRBidSheets.php is vulnerable to Blind SQL Injection (Time-based) via the CurrentFundraiser GET parameter.

Action-Not Available
Vendor-churchcrmn/achurchcrm
Product-churchcrmn/achurchcrm
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
  • Previous
  • 1
  • 2
  • ...
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • Next
Details not found