Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2008-3563

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-10 Aug, 2008 | 20:00
Updated At-07 Aug, 2024 | 09:45
Rejected At-
Credits

Multiple SQL injection vulnerabilities in Plogger 3.0 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the checked array parameter to plog-download.php in an album action and (2) unspecified parameters to plog-remote.php, and (3) allow remote authenticated administrators to execute arbitrary SQL commands via the activate parameter to admin/plog-themes.php, related to theme_dir settings.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:10 Aug, 2008 | 20:00
Updated At:07 Aug, 2024 | 09:45
Rejected At:
▼CVE Numbering Authority (CNA)

Multiple SQL injection vulnerabilities in Plogger 3.0 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the checked array parameter to plog-download.php in an album action and (2) unspecified parameters to plog-remote.php, and (3) allow remote authenticated administrators to execute arbitrary SQL commands via the activate parameter to admin/plog-themes.php, related to theme_dir settings.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://securityreason.com/securityalert/4121
third-party-advisory
x_refsource_SREASON
http://www.gulftech.org/?node=research&article_id=00121-08042008
x_refsource_MISC
http://www.securityfocus.com/archive/1/495116/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
http://dev.plogger.org/changeset/569
x_refsource_CONFIRM
https://www.exploit-db.com/exploits/6204
exploit
x_refsource_EXPLOIT-DB
http://www.securityfocus.com/bid/30547
vdb-entry
x_refsource_BID
https://exchange.xforce.ibmcloud.com/vulnerabilities/44233
vdb-entry
x_refsource_XF
Hyperlink: http://securityreason.com/securityalert/4121
Resource:
third-party-advisory
x_refsource_SREASON
Hyperlink: http://www.gulftech.org/?node=research&article_id=00121-08042008
Resource:
x_refsource_MISC
Hyperlink: http://www.securityfocus.com/archive/1/495116/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://dev.plogger.org/changeset/569
Resource:
x_refsource_CONFIRM
Hyperlink: https://www.exploit-db.com/exploits/6204
Resource:
exploit
x_refsource_EXPLOIT-DB
Hyperlink: http://www.securityfocus.com/bid/30547
Resource:
vdb-entry
x_refsource_BID
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/44233
Resource:
vdb-entry
x_refsource_XF
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://securityreason.com/securityalert/4121
third-party-advisory
x_refsource_SREASON
x_transferred
http://www.gulftech.org/?node=research&article_id=00121-08042008
x_refsource_MISC
x_transferred
http://www.securityfocus.com/archive/1/495116/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
x_transferred
http://dev.plogger.org/changeset/569
x_refsource_CONFIRM
x_transferred
https://www.exploit-db.com/exploits/6204
exploit
x_refsource_EXPLOIT-DB
x_transferred
http://www.securityfocus.com/bid/30547
vdb-entry
x_refsource_BID
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/44233
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://securityreason.com/securityalert/4121
Resource:
third-party-advisory
x_refsource_SREASON
x_transferred
Hyperlink: http://www.gulftech.org/?node=research&article_id=00121-08042008
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/495116/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://dev.plogger.org/changeset/569
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://www.exploit-db.com/exploits/6204
Resource:
exploit
x_refsource_EXPLOIT-DB
x_transferred
Hyperlink: http://www.securityfocus.com/bid/30547
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/44233
Resource:
vdb-entry
x_refsource_XF
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:10 Aug, 2008 | 20:41
Updated At:23 Apr, 2026 | 00:35

Multiple SQL injection vulnerabilities in Plogger 3.0 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the checked array parameter to plog-download.php in an album action and (2) unspecified parameters to plog-remote.php, and (3) allow remote authenticated administrators to execute arbitrary SQL commands via the activate parameter to admin/plog-themes.php, related to theme_dir settings.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.07.5HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Type: Primary
Version: 2.0
Base score: 7.5
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CPE Matches
plogger
plogger
>>plogger>>Versions up to 3.0(inclusive)
cpe:2.3:a:plogger:plogger:*:*:*:*:*:*:*:*
plogger
plogger
>>plogger>>1.0
cpe:2.3:a:plogger:plogger:1.0:beta3:*:*:*:*:*:*
plogger
plogger
>>plogger>>1.0
cpe:2.3:a:plogger:plogger:1.0:rc1:*:*:*:*:*:*
plogger
plogger
>>plogger>>2.0
cpe:2.3:a:plogger:plogger:2.0:*:*:*:*:*:*:*
plogger
plogger
>>plogger>>2.1
cpe:2.3:a:plogger:plogger:2.1:beta:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-89Primarynvd@nist.gov
CWE ID: CWE-89
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://dev.plogger.org/changeset/569cve@mitre.org
N/A
http://securityreason.com/securityalert/4121cve@mitre.org
N/A
http://www.gulftech.org/?node=research&article_id=00121-08042008cve@mitre.org
N/A
http://www.securityfocus.com/archive/1/495116/100/0/threadedcve@mitre.org
N/A
http://www.securityfocus.com/bid/30547cve@mitre.org
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/44233cve@mitre.org
N/A
https://www.exploit-db.com/exploits/6204cve@mitre.org
N/A
http://dev.plogger.org/changeset/569af854a3a-2127-422b-91ae-364da2661108
N/A
http://securityreason.com/securityalert/4121af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.gulftech.org/?node=research&article_id=00121-08042008af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/archive/1/495116/100/0/threadedaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/30547af854a3a-2127-422b-91ae-364da2661108
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/44233af854a3a-2127-422b-91ae-364da2661108
N/A
https://www.exploit-db.com/exploits/6204af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://dev.plogger.org/changeset/569
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://securityreason.com/securityalert/4121
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.gulftech.org/?node=research&article_id=00121-08042008
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/495116/100/0/threaded
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/30547
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/44233
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://www.exploit-db.com/exploits/6204
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://dev.plogger.org/changeset/569
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://securityreason.com/securityalert/4121
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.gulftech.org/?node=research&article_id=00121-08042008
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/495116/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/30547
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/44233
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://www.exploit-db.com/exploits/6204
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

7467Records found
CVE-2012-5289
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.40% / 60.97%
||
7 Day CHG~0.00%
Published-04 Oct, 2012 | 16:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple SQL injection vulnerabilities in Plogger 1.0 RC1 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) index.php or (2) gallery.php.

Action-Not Available
Vendor-ploggern/a
Product-ploggern/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2007-6587
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.51% / 81.29%
||
7 Day CHG~0.00%
Published-28 Dec, 2007 | 21:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in plog-rss.php in Plogger 1.0 Beta 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.

Action-Not Available
Vendor-ploggern/a
Product-ploggern/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2006-2157
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.43% / 62.91%
||
7 Day CHG~0.00%
Published-03 May, 2006 | 10:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in gallery.php in Plogger Beta 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter, when the level is set to "slideshow". NOTE: This is a different vulnerability than CVE-2005-4246.

Action-Not Available
Vendor-ploggern/a
Product-ploggern/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2005-4246
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.37% / 58.70%
||
7 Day CHG~0.00%
Published-14 Dec, 2005 | 11:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in Plogger Beta 2 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) id parameter to index.php and (2) page parameter.

Action-Not Available
Vendor-ploggern/a
Product-ploggern/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2014-2223
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-10.44% / 93.28%
||
7 Day CHG~0.00%
Published-11 Sep, 2014 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unrestricted file upload vulnerability in plog-admin/plog-upload.php in Plogger 1.0 RC1 and earlier allows remote authenticated users to execute arbitrary code by uploading a ZIP file that contains a PHP file and a non-zero length PNG file, then accessing the PHP file via a direct request to it in plog-content/uploads/archive/.

Action-Not Available
Vendor-ploggern/a
Product-ploggern/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2007-2277
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.78% / 73.68%
||
7 Day CHG~0.00%
Published-25 Apr, 2007 | 20:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Session fixation vulnerability in Plogger allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.

Action-Not Available
Vendor-ploggern/a
Product-ploggern/a
CWE ID-CWE-287
Improper Authentication
CVE-2005-4573
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-16.60% / 94.97%
||
7 Day CHG~0.00%
Published-29 Dec, 2005 | 11:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file include vulnerability in plog-admin-functions.php in Plogger Beta 2 allows remote attackers to execute arbitrary code via a URL in the config[basedir] parameter.

Action-Not Available
Vendor-ploggern/a
Product-ploggern/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2020-35244
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.26% / 49.77%
||
7 Day CHG~0.00%
Published-26 Dec, 2020 | 19:15
Updated-04 Aug, 2024 | 17:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Flamingo (aka FlamingoIM) through 2020-09-29 has a SQL injection vulnerability in UserManager::addGroup.

Action-Not Available
Vendor-flamingo_projectn/a
Product-flamingon/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2020-29472
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.57% / 85.65%
||
7 Day CHG~0.00%
Published-24 Dec, 2020 | 19:28
Updated-04 Aug, 2024 | 16:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

EGavilan Media Under Construction page with cPanel 1.0 contains a SQL injection vulnerability. An attacker can gain Admin Panel access using malicious SQL injection queries to perform remote arbitrary code execution.

Action-Not Available
Vendor-egavilanmedian/a
Product-under_construction_page_with_cpaneln/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2020-29574
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-11.98% / 93.83%
||
7 Day CHG~0.00%
Published-11 Dec, 2020 | 16:03
Updated-07 Nov, 2025 | 22:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2025-02-27||The impacted product is end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue utilization of the product.

An SQL injection vulnerability in the WebAdmin of Cyberoam OS through 2020-12-04 allows unauthenticated attackers to execute arbitrary SQL statements remotely.

Action-Not Available
Vendor-n/aSophos Ltd.
Product-cyberoamosn/aCyberoamOS
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2008-4611
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.28% / 51.70%
||
7 Day CHG~0.00%
Published-20 Oct, 2008 | 18:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in index.php in PHP Arsivimiz Php Ziyaretci Defteri allows remote attackers to execute arbitrary SQL commands via the sayfa parameter.

Action-Not Available
Vendor-php_arsivimizn/a
Product-php_ziyaretci_defterin/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2007-0695
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.62% / 70.12%
||
7 Day CHG~0.00%
Published-03 Feb, 2007 | 22:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple SQL injection vulnerabilities in Free LAN In(tra|ter)net Portal (FLIP) before 1.0-RC3 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: some sources mention the escape_sqlData, implode_sql, and implode_sqlIn functions, but these are protection schemes, not the vulnerable functions.

Action-Not Available
Vendor-free_lan_intra_internet_portaln/a
Product-free_lan_intra_internet_portaln/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2020-35337
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.53% / 67.15%
||
7 Day CHG~0.00%
Published-24 Mar, 2021 | 15:40
Updated-04 Aug, 2024 | 17:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ThinkSAAS before 3.38 contains a SQL injection vulnerability through app/topic/action/admin/topic.php via the title parameter, which allows remote attackers to execute arbitrary SQL commands.

Action-Not Available
Vendor-thinksaasn/a
Product-thinksaasn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2020-35242
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.31% / 53.94%
||
7 Day CHG~0.00%
Published-26 Dec, 2020 | 19:13
Updated-04 Aug, 2024 | 17:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Flamingo (aka FlamingoIM) through 2020-09-29 has a SQL injection vulnerability in UserManager::updateUserTeamInfoInDbAndMemory.

Action-Not Available
Vendor-flamingo_projectn/a
Product-flamingon/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-23336
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.26% / 49.77%
||
7 Day CHG~0.00%
Published-14 Feb, 2022 | 20:18
Updated-03 Aug, 2024 | 03:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

S-CMS v5.0 was discovered to contain a SQL injection vulnerability in member_pay.php via the O_id parameter.

Action-Not Available
Vendor-s-cmsn/a
Product-s-cmsn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-5787
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-7.3||HIGH
EPSS-0.05% / 16.43%
||
7 Day CHG~0.00%
Published-26 Oct, 2023 | 15:31
Updated-02 Aug, 2024 | 08:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Shaanxi Chanming Education Technology Score Query System sql injection

A vulnerability was found in Shaanxi Chanming Education Technology Score Query System 5.0. It has been rated as critical. This issue affects some unknown processing. The manipulation of the argument stuIdCard leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-243593 was assigned to this vulnerability.

Action-Not Available
Vendor-longmenedutechShaanxi Chanming Education Technology
Product-score_query_systemScore Query System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2020-29287
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.45% / 85.32%
||
7 Day CHG~0.00%
Published-02 Dec, 2020 | 21:07
Updated-04 Aug, 2024 | 16:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An SQL injection vulnerability was discovered in Car Rental Management System v1.0 can be exploited via the id parameter in view_car.php or the car_id parameter in booking.php.

Action-Not Available
Vendor-car_rental_management_system_projectn/a
Product-car_rental_management_systemn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2020-35378
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.54% / 67.60%
||
7 Day CHG~0.00%
Published-14 Dec, 2020 | 15:44
Updated-04 Aug, 2024 | 17:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL Injection in the login page in Online Bus Ticket Reservation 1.0 allows attackers to execute arbitrary SQL commands and bypass authentication via the username and password fields.

Action-Not Available
Vendor-online_bus_ticket_reservation_projectn/a
Product-online_bus_ticket_reservationn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2020-29280
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.49% / 81.23%
||
7 Day CHG~0.00%
Published-02 Dec, 2020 | 21:08
Updated-04 Aug, 2024 | 16:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Victor CMS v1.0 application is vulnerable to SQL injection via the 'search' parameter on the search.php page.

Action-Not Available
Vendor-victor_cms_projectn/a
Product-victor_cmsn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2020-29474
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.57% / 85.65%
||
7 Day CHG~0.00%
Published-24 Dec, 2020 | 19:36
Updated-04 Aug, 2024 | 16:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

EGavilan Media EGM Address Book 1.0 contains a SQL injection vulnerability. An attacker can gain Admin Panel access using malicious SQL injection queries to perform remote arbitrary code execution.

Action-Not Available
Vendor-egavilanmedian/a
Product-egm_address_bookn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2020-29284
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-21.61% / 95.77%
||
7 Day CHG~0.00%
Published-02 Dec, 2020 | 21:08
Updated-04 Aug, 2024 | 16:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The file view-chair-list.php in Multi Restaurant Table Reservation System 1.0 does not perform input validation on the table_id parameter which allows unauthenticated SQL Injection. An attacker can send malicious input in the GET request to /dashboard/view-chair-list.php?table_id= to trigger the vulnerability.

Action-Not Available
Vendor-multi_restaurant_table_reservation_system_projectn/a
Product-multi_restaurant_table_reservation_systemn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-0817
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-9.8||CRITICAL
EPSS-64.65% / 98.47%
||
7 Day CHG~0.00%
Published-09 May, 2022 | 16:50
Updated-02 Aug, 2024 | 23:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
BadgeOS <= 3.7.0 - Unauthenticated SQLi

The BadgeOS WordPress plugin through 3.7.0 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action, leading to an SQL Injection exploitable by unauthenticated users

Action-Not Available
Vendor-badgeosUnknown
Product-badgeosBadgeOS
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-5780
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-7.3||HIGH
EPSS-0.05% / 16.40%
||
7 Day CHG~0.00%
Published-26 Oct, 2023 | 12:00
Updated-02 Aug, 2024 | 08:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tongda OA 2017 delete.php sql injection

A vulnerability classified as critical was found in Tongda OA 2017 11.10. This vulnerability affects unknown code of the file general/system/approve_center/flow_guide/flow_type/set_print/delete.php. The manipulation of the argument DELETE_STR leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-243586 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-tongda2000Tongda
Product-tongda_office_anywhereOA 2017
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2013-2627
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.38% / 59.43%
||
7 Day CHG~0.00%
Published-21 Dec, 2013 | 00:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in action.php in Leed (Light Feed), possibly before 1.5 Stable, allows remote attackers to execute arbitrary SQL commands via the id parameter in a removeFolder action.

Action-Not Available
Vendor-idlemann/a
Product-leedn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2020-29015
Matching Score-4
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-4
Assigner-Fortinet, Inc.
CVSS Score-9.8||CRITICAL
EPSS-1.00% / 77.17%
||
7 Day CHG~0.00%
Published-14 Jan, 2021 | 16:07
Updated-25 Oct, 2024 | 14:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A blind SQL injection in the user interface of FortiWeb 6.3.0 through 6.3.7 and version before 6.2.4 may allow an unauthenticated, remote attacker to execute arbitrary SQL queries or commands by sending a request with a crafted Authorization header containing a malicious SQL statement.

Action-Not Available
Vendor-n/aFortinet, Inc.
Product-fortiwebFortinet FortiWeb
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-1556
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-9.8||CRITICAL
EPSS-8.83% / 92.58%
||
7 Day CHG~0.00%
Published-30 May, 2022 | 08:35
Updated-03 Aug, 2024 | 00:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
StaffList < 3.1.5 - Admin+ SQLi

The StaffList WordPress plugin before 3.1.5 does not properly sanitise and escape a parameter before using it in a SQL statement when searching for Staff in the admin dashboard, leading to an SQL Injection

Action-Not Available
Vendor-era404Unknown
Product-stafflistStaffList
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2007-1469
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.83% / 86.28%
||
7 Day CHG~0.00%
Published-16 Mar, 2007 | 21:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in gallery.asp in Absolute Image Gallery 2.0 allows remote attackers to execute arbitrary SQL commands via the categoryid parameter in a viewimage action.

Action-Not Available
Vendor-xiglan/a
Product-absolute_image_gallery_xen/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-1014
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-9.8||CRITICAL
EPSS-0.95% / 76.46%
||
7 Day CHG~0.00%
Published-23 May, 2022 | 07:15
Updated-02 Aug, 2024 | 23:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WP Contacts Manager <= 2.2.4 - Unauthenticated SQLi

The WP Contacts Manager WordPress plugin through 2.2.4 fails to properly sanitize user supplied POST data before it is being interpolated in an SQL statement and then executed, leading to an SQL injection vulnerability.

Action-Not Available
Vendor-labartaUnknown
Product-wp_contacts_managerWP Contacts Manager
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-5794
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-7.3||HIGH
EPSS-0.05% / 14.73%
||
7 Day CHG~0.00%
Published-26 Oct, 2023 | 17:00
Updated-02 Aug, 2024 | 08:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHPGurukul Online Railway Catering System Login index.php sql injection

A vulnerability was found in PHPGurukul Online Railway Catering System 1.0. It has been classified as critical. Affected is an unknown function of the file index.php of the component Login. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-243600.

Action-Not Available
Vendor-PHPGurukul LLP
Product-online_railway_catering_management_systemOnline Railway Catering System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2020-35245
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.26% / 49.77%
||
7 Day CHG~0.00%
Published-26 Dec, 2020 | 19:16
Updated-04 Aug, 2024 | 17:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Flamingo (aka FlamingoIM) through 2020-09-29 has a SQL injection vulnerability in UserManager::addUser.

Action-Not Available
Vendor-flamingo_projectn/a
Product-flamingon/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2020-29493
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-10||CRITICAL
EPSS-5.79% / 90.57%
||
7 Day CHG~0.00%
Published-14 Jan, 2021 | 21:10
Updated-16 Sep, 2024 | 19:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a SQL Injection Vulnerability in Fitness Analyzer. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application's backend database, causing unauthorized read and write access to application data. Exploitation may lead to leakage or deletion of sensitive backup data; hence the severity is Critical. Dell EMC recommends customers to upgrade at the earliest opportunity.

Action-Not Available
Vendor-Dell Inc.
Product-emc_integrated_data_protection_applianceemc_avamar_serverAvamar
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-2166
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.02% / 5.17%
||
7 Day CHG~0.00%
Published-08 Feb, 2026 | 17:02
Updated-23 Feb, 2026 | 09:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Online Reviewer System Login index.php sql injection

A security vulnerability has been detected in code-projects Online Reviewer System 1.0. The affected element is an unknown function of the file /login/index.php of the component Login. The manipulation of the argument username/password leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used.

Action-Not Available
Vendor-Source Code & ProjectsFabian Ros
Product-online_reviewer_systemOnline Reviewer System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-2088
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.01% / 2.00%
||
7 Day CHG~0.00%
Published-07 Feb, 2026 | 14:32
Updated-23 Feb, 2026 | 09:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHPGurukul Beauty Parlour Management System accepted-appointment.php sql injection

A vulnerability has been found in PHPGurukul Beauty Parlour Management System 1.1. This affects an unknown part of the file /admin/accepted-appointment.php. Such manipulation of the argument delid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-PHPGurukul LLP
Product-beauty_parlour_management_systemBeauty Parlour Management System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2020-35276
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.32% / 54.64%
||
7 Day CHG~0.00%
Published-21 Dec, 2020 | 14:51
Updated-04 Aug, 2024 | 17:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

EgavilanMedia ECM Address Book 1.0 is affected by SQL injection. An attacker can bypass the Admin Login panel through SQLi and get Admin access and add or remove any user.

Action-Not Available
Vendor-egavilanmedian/a
Product-ecm_address_bookn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-2057
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.04% / 11.55%
||
7 Day CHG~0.00%
Published-06 Feb, 2026 | 15:32
Updated-23 Feb, 2026 | 09:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Medical Center Portal Management System login.php sql injection

A vulnerability was detected in SourceCodester Medical Center Portal Management System 1.0. This affects an unknown function of the file /login.php. The manipulation of the argument User results in sql injection. The attack can be executed remotely. The exploit is now public and may be used.

Action-Not Available
Vendor-bontrofftechSourceCodester
Product-medical_center_portal_management_systemMedical Center Portal Management System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2020-35243
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.26% / 49.77%
||
7 Day CHG~0.00%
Published-26 Dec, 2020 | 19:14
Updated-04 Aug, 2024 | 17:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Flamingo (aka FlamingoIM) through 2020-09-29 has a SQL injection vulnerability in UserManager::updateUserInfoInDb.

Action-Not Available
Vendor-flamingo_projectn/a
Product-flamingon/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2020-35441
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.26% / 49.77%
||
7 Day CHG~0.00%
Published-02 Jun, 2021 | 21:40
Updated-04 Aug, 2024 | 17:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FDCMS (aka Fangfa Content Management System) 4.0 contains a front-end SQL injection via Admin/Lib/Action/FloginAction.class.php.

Action-Not Available
Vendor-fangfan/a
Product-fdcmsn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2020-29282
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.00% / 77.16%
||
7 Day CHG~0.00%
Published-02 Dec, 2020 | 21:08
Updated-04 Aug, 2024 | 16:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in BloodX 1.0 allows attackers to bypass authentication.

Action-Not Available
Vendor-bloodx_projectn/a
Product-bloodxn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2020-29214
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-45.26% / 97.63%
||
7 Day CHG~0.00%
Published-15 Jun, 2021 | 19:57
Updated-04 Aug, 2024 | 16:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in SourceCodester Alumni Management System 1.0 allows the user to inject SQL payload to bypass the authentication via admin/login.php.

Action-Not Available
Vendor-alumni_management_system_projectn/a
Product-alumni_management_systemn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2020-29288
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.49% / 81.23%
||
7 Day CHG~0.00%
Published-02 Dec, 2020 | 21:07
Updated-22 Dec, 2025 | 19:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An SQL injection vulnerability was discovered in Gym Management System In manage_user.php file, GET parameter 'id' is vulnerable.

Action-Not Available
Vendor-admercn/aAdrian Mercurio
Product-gym_management_systemn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-2059
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.01% / 3.36%
||
7 Day CHG~0.00%
Published-06 Feb, 2026 | 17:02
Updated-23 Feb, 2026 | 09:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Medical Center Portal Management System emp_edit1.php sql injection

A vulnerability has been found in SourceCodester Medical Center Portal Management System 1.0. Affected is an unknown function of the file /emp_edit1.php. Such manipulation of the argument ID leads to sql injection. The attack may be performed from remote. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-bontrofftechSourceCodester
Product-medical_center_portal_management_systemMedical Center Portal Management System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2020-35263
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.76% / 73.43%
||
7 Day CHG~0.00%
Published-26 Jan, 2021 | 17:20
Updated-04 Aug, 2024 | 17:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

EgavilanMedia User Registration & Login System 1.0 is affected by SQL injection to the admin panel, which may allow arbitrary code execution.

Action-Not Available
Vendor-egavilanmedian/a
Product-user_registration_and_login_system_with_admin_paneln/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2020-35427
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.12% / 78.35%
||
7 Day CHG~0.00%
Published-20 Jul, 2021 | 13:22
Updated-04 Aug, 2024 | 17:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in PHPGurukul Employee Record Management System 1.1 allows remote attackers to execute arbitrary SQL commands and bypass authentication.

Action-Not Available
Vendor-n/aPHPGurukul LLP
Product-employee_record_management_systemn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2020-28994
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.95% / 76.51%
||
7 Day CHG~0.00%
Published-24 Nov, 2020 | 17:17
Updated-04 Aug, 2024 | 16:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A SQL injection vulnerability was discovered in Karenderia Multiple Restaurant System, affecting versions 5.4.2 and below. The vulnerability allows for an unauthenticated attacker to perform various tasks such as modifying and leaking all contents of the database.

Action-Not Available
Vendor-karenderia_multiple_restaurant_system_projectn/a
Product-karenderia_multiple_restaurant_systemn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-2089
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.04% / 11.02%
||
7 Day CHG~0.00%
Published-07 Feb, 2026 | 15:02
Updated-23 Feb, 2026 | 09:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Online Class Record System controller.php sql injection

A vulnerability was found in SourceCodester Online Class Record System 1.0. This vulnerability affects unknown code of the file /admin/subject/controller.php. Performing a manipulation of the argument ID results in sql injection. Remote exploitation of the attack is possible. The exploit has been made public and could be used.

Action-Not Available
Vendor-janobeSourceCodester
Product-online_class_record_systemOnline Class Record System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-2018
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.7||MEDIUM
EPSS-0.26% / 49.37%
||
7 Day CHG~0.00%
Published-07 Jun, 2022 | 11:05
Updated-15 Apr, 2025 | 14:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Prison Management System Inmate sql injection

A vulnerability classified as critical has been found in SourceCodester Prison Management System 1.0. Affected is an unknown function of the file /admin/?page=inmates/view_inmate of the component Inmate Handler. The manipulation of the argument id with the input 1%27%20and%201=2%20union%20select%201,user(),3,4,5,6,7,8,9,0,database(),2,3,4,5,6,7,8,9,0,1,2,3,4--+ leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-SourceCodesteroretnom23
Product-prison_management_systemPrison Management System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2020-29285
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.26% / 49.77%
||
7 Day CHG~0.00%
Published-02 Dec, 2020 | 21:07
Updated-04 Aug, 2024 | 16:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability was discovered in Point of Sales in PHP/PDO 1.0, which can be exploited via the id parameter to edit_category.php.

Action-Not Available
Vendor-point_of_sales_in_php\/pdo_projectn/a
Product-point_of_sales_in_php\/pdon/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2008-4755
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.90% / 75.75%
||
7 Day CHG~0.00%
Published-28 Oct, 2008 | 00:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in gotourl.php in PozScripts Classified Auctions Script allows remote attackers to execute arbitrary SQL commands via the id parameter.

Action-Not Available
Vendor-pozscriptsn/a
Product-classified_auctions_scriptn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2007-5951
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.33% / 55.61%
||
7 Day CHG~0.00%
Published-14 Nov, 2007 | 01:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in articles.php in E-Vendejo 0.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.

Action-Not Available
Vendor-e-vendejon/a
Product-0.2n/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2020-29283
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.26% / 49.77%
||
7 Day CHG~0.00%
Published-02 Dec, 2020 | 21:08
Updated-04 Aug, 2024 | 16:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An SQL injection vulnerability was discovered in Online Doctor Appointment Booking System PHP and Mysql via the q parameter to getuser.php.

Action-Not Available
Vendor-online_doctor_appointment_booking_system_php_and_mysql_projectn/a
Product-online_doctor_appointment_booking_system_php_and_mysqln/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 149
  • 150
  • Next
Details not found