Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2011-2703

Summary
Assigner-redhat
Assigner Org ID-53f830b8-0a3f-465b-8143-3b8a9948e749
Published At-01 Aug, 2011 | 19:00
Updated At-06 Aug, 2024 | 23:08
Rejected At-
Credits

Multiple SQL injection vulnerabilities in MapServer before 4.10.7, 5.x before 5.6.7, and 6.x before 6.0.1 allow remote attackers to execute arbitrary SQL commands via vectors related to (1) OGC filter encoding or (2) WMS time support.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:redhat
Assigner Org ID:53f830b8-0a3f-465b-8143-3b8a9948e749
Published At:01 Aug, 2011 | 19:00
Updated At:06 Aug, 2024 | 23:08
Rejected At:
â–¼CVE Numbering Authority (CNA)

Multiple SQL injection vulnerabilities in MapServer before 4.10.7, 5.x before 5.6.7, and 6.x before 6.0.1 allow remote attackers to execute arbitrary SQL commands via vectors related to (1) OGC filter encoding or (2) WMS time support.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://secunia.com/advisories/45318
third-party-advisory
x_refsource_SECUNIA
http://trac.osgeo.org/mapserver/ticket/3903
x_refsource_CONFIRM
http://www.openwall.com/lists/oss-security/2011/07/19/11
mailing-list
x_refsource_MLIST
http://secunia.com/advisories/45257
third-party-advisory
x_refsource_SECUNIA
http://www.debian.org/security/2011/dsa-2285
vendor-advisory
x_refsource_DEBIAN
https://bugzilla.redhat.com/show_bug.cgi?id=723293
x_refsource_CONFIRM
http://www.openwall.com/lists/oss-security/2011/07/19/14
mailing-list
x_refsource_MLIST
http://secunia.com/advisories/45368
third-party-advisory
x_refsource_SECUNIA
https://bugzilla.redhat.com/show_bug.cgi?id=722545
x_refsource_CONFIRM
http://lists.osgeo.org/pipermail/mapserver-users/2011-July/069430.html
mailing-list
x_refsource_MLIST
https://exchange.xforce.ibmcloud.com/vulnerabilities/68682
vdb-entry
x_refsource_XF
http://www.securityfocus.com/bid/48720
vdb-entry
x_refsource_BID
http://www.openwall.com/lists/oss-security/2011/07/20/15
mailing-list
x_refsource_MLIST
Hyperlink: http://secunia.com/advisories/45318
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://trac.osgeo.org/mapserver/ticket/3903
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.openwall.com/lists/oss-security/2011/07/19/11
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: http://secunia.com/advisories/45257
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.debian.org/security/2011/dsa-2285
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=723293
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.openwall.com/lists/oss-security/2011/07/19/14
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: http://secunia.com/advisories/45368
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=722545
Resource:
x_refsource_CONFIRM
Hyperlink: http://lists.osgeo.org/pipermail/mapserver-users/2011-July/069430.html
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/68682
Resource:
vdb-entry
x_refsource_XF
Hyperlink: http://www.securityfocus.com/bid/48720
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://www.openwall.com/lists/oss-security/2011/07/20/15
Resource:
mailing-list
x_refsource_MLIST
â–¼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://secunia.com/advisories/45318
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://trac.osgeo.org/mapserver/ticket/3903
x_refsource_CONFIRM
x_transferred
http://www.openwall.com/lists/oss-security/2011/07/19/11
mailing-list
x_refsource_MLIST
x_transferred
http://secunia.com/advisories/45257
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.debian.org/security/2011/dsa-2285
vendor-advisory
x_refsource_DEBIAN
x_transferred
https://bugzilla.redhat.com/show_bug.cgi?id=723293
x_refsource_CONFIRM
x_transferred
http://www.openwall.com/lists/oss-security/2011/07/19/14
mailing-list
x_refsource_MLIST
x_transferred
http://secunia.com/advisories/45368
third-party-advisory
x_refsource_SECUNIA
x_transferred
https://bugzilla.redhat.com/show_bug.cgi?id=722545
x_refsource_CONFIRM
x_transferred
http://lists.osgeo.org/pipermail/mapserver-users/2011-July/069430.html
mailing-list
x_refsource_MLIST
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/68682
vdb-entry
x_refsource_XF
x_transferred
http://www.securityfocus.com/bid/48720
vdb-entry
x_refsource_BID
x_transferred
http://www.openwall.com/lists/oss-security/2011/07/20/15
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: http://secunia.com/advisories/45318
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://trac.osgeo.org/mapserver/ticket/3903
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.openwall.com/lists/oss-security/2011/07/19/11
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: http://secunia.com/advisories/45257
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.debian.org/security/2011/dsa-2285
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=723293
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.openwall.com/lists/oss-security/2011/07/19/14
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: http://secunia.com/advisories/45368
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=722545
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://lists.osgeo.org/pipermail/mapserver-users/2011-July/069430.html
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/68682
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://www.securityfocus.com/bid/48720
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://www.openwall.com/lists/oss-security/2011/07/20/15
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secalert@redhat.com
Published At:01 Aug, 2011 | 19:55
Updated At:29 Apr, 2026 | 01:13

Multiple SQL injection vulnerabilities in MapServer before 4.10.7, 5.x before 5.6.7, and 6.x before 6.0.1 allow remote attackers to execute arbitrary SQL commands via vectors related to (1) OGC filter encoding or (2) WMS time support.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.07.5HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Type: Primary
Version: 2.0
Base score: 7.5
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CPE Matches

osgeo
osgeo
>>mapserver>>Versions up to 4.10.6(inclusive)
cpe:2.3:a:osgeo:mapserver:*:*:*:*:*:*:*:*
osgeo
osgeo
>>mapserver>>4.2.0
cpe:2.3:a:osgeo:mapserver:4.2.0:beta1:*:*:*:*:*:*
osgeo
osgeo
>>mapserver>>4.4.0
cpe:2.3:a:osgeo:mapserver:4.4.0:*:*:*:*:*:*:*
osgeo
osgeo
>>mapserver>>4.4.0
cpe:2.3:a:osgeo:mapserver:4.4.0:beta1:*:*:*:*:*:*
osgeo
osgeo
>>mapserver>>4.4.0
cpe:2.3:a:osgeo:mapserver:4.4.0:beta2:*:*:*:*:*:*
osgeo
osgeo
>>mapserver>>4.4.0
cpe:2.3:a:osgeo:mapserver:4.4.0:beta3:*:*:*:*:*:*
osgeo
osgeo
>>mapserver>>4.6.0
cpe:2.3:a:osgeo:mapserver:4.6.0:*:*:*:*:*:*:*
osgeo
osgeo
>>mapserver>>4.6.0
cpe:2.3:a:osgeo:mapserver:4.6.0:beta1:*:*:*:*:*:*
osgeo
osgeo
>>mapserver>>4.6.0
cpe:2.3:a:osgeo:mapserver:4.6.0:beta2:*:*:*:*:*:*
osgeo
osgeo
>>mapserver>>4.6.0
cpe:2.3:a:osgeo:mapserver:4.6.0:beta3:*:*:*:*:*:*
osgeo
osgeo
>>mapserver>>4.6.0
cpe:2.3:a:osgeo:mapserver:4.6.0:rc1:*:*:*:*:*:*
osgeo
osgeo
>>mapserver>>4.8.0
cpe:2.3:a:osgeo:mapserver:4.8.0:beta1:*:*:*:*:*:*
osgeo
osgeo
>>mapserver>>4.8.0
cpe:2.3:a:osgeo:mapserver:4.8.0:beta2:*:*:*:*:*:*
osgeo
osgeo
>>mapserver>>4.8.0
cpe:2.3:a:osgeo:mapserver:4.8.0:beta3:*:*:*:*:*:*
osgeo
osgeo
>>mapserver>>4.8.0
cpe:2.3:a:osgeo:mapserver:4.8.0:rc1:*:*:*:*:*:*
osgeo
osgeo
>>mapserver>>4.8.0
cpe:2.3:a:osgeo:mapserver:4.8.0:rc2:*:*:*:*:*:*
osgeo
osgeo
>>mapserver>>4.10.0
cpe:2.3:a:osgeo:mapserver:4.10.0:*:*:*:*:*:*:*
osgeo
osgeo
>>mapserver>>4.10.0
cpe:2.3:a:osgeo:mapserver:4.10.0:beta1:*:*:*:*:*:*
osgeo
osgeo
>>mapserver>>4.10.0
cpe:2.3:a:osgeo:mapserver:4.10.0:beta2:*:*:*:*:*:*
osgeo
osgeo
>>mapserver>>4.10.0
cpe:2.3:a:osgeo:mapserver:4.10.0:beta3:*:*:*:*:*:*
osgeo
osgeo
>>mapserver>>4.10.0
cpe:2.3:a:osgeo:mapserver:4.10.0:rc1:*:*:*:*:*:*
osgeo
osgeo
>>mapserver>>4.10.1
cpe:2.3:a:osgeo:mapserver:4.10.1:*:*:*:*:*:*:*
osgeo
osgeo
>>mapserver>>4.10.2
cpe:2.3:a:osgeo:mapserver:4.10.2:*:*:*:*:*:*:*
osgeo
osgeo
>>mapserver>>4.10.3
cpe:2.3:a:osgeo:mapserver:4.10.3:*:*:*:*:*:*:*
osgeo
osgeo
>>mapserver>>4.10.4
cpe:2.3:a:osgeo:mapserver:4.10.4:*:*:*:*:*:*:*
osgeo
osgeo
>>mapserver>>4.10.5
cpe:2.3:a:osgeo:mapserver:4.10.5:*:*:*:*:*:*:*
osgeo
osgeo
>>mapserver>>5.0.0
cpe:2.3:a:osgeo:mapserver:5.0.0:*:*:*:*:*:*:*
osgeo
osgeo
>>mapserver>>5.0.0
cpe:2.3:a:osgeo:mapserver:5.0.0:beta1:*:*:*:*:*:*
osgeo
osgeo
>>mapserver>>5.0.0
cpe:2.3:a:osgeo:mapserver:5.0.0:beta2:*:*:*:*:*:*
osgeo
osgeo
>>mapserver>>5.0.0
cpe:2.3:a:osgeo:mapserver:5.0.0:beta3:*:*:*:*:*:*
osgeo
osgeo
>>mapserver>>5.0.0
cpe:2.3:a:osgeo:mapserver:5.0.0:beta4:*:*:*:*:*:*
osgeo
osgeo
>>mapserver>>5.0.0
cpe:2.3:a:osgeo:mapserver:5.0.0:beta5:*:*:*:*:*:*
osgeo
osgeo
>>mapserver>>5.0.0
cpe:2.3:a:osgeo:mapserver:5.0.0:beta6:*:*:*:*:*:*
osgeo
osgeo
>>mapserver>>5.0.0
cpe:2.3:a:osgeo:mapserver:5.0.0:rc1:*:*:*:*:*:*
osgeo
osgeo
>>mapserver>>5.0.0
cpe:2.3:a:osgeo:mapserver:5.0.0:rc2:*:*:*:*:*:*
osgeo
osgeo
>>mapserver>>5.2.0
cpe:2.3:a:osgeo:mapserver:5.2.0:*:*:*:*:*:*:*
osgeo
osgeo
>>mapserver>>5.2.0
cpe:2.3:a:osgeo:mapserver:5.2.0:beta1:*:*:*:*:*:*
osgeo
osgeo
>>mapserver>>5.2.0
cpe:2.3:a:osgeo:mapserver:5.2.0:beta2:*:*:*:*:*:*
osgeo
osgeo
>>mapserver>>5.2.0
cpe:2.3:a:osgeo:mapserver:5.2.0:beta3:*:*:*:*:*:*
osgeo
osgeo
>>mapserver>>5.2.0
cpe:2.3:a:osgeo:mapserver:5.2.0:beta4:*:*:*:*:*:*
osgeo
osgeo
>>mapserver>>5.2.0
cpe:2.3:a:osgeo:mapserver:5.2.0:rc1:*:*:*:*:*:*
osgeo
osgeo
>>mapserver>>5.2.1
cpe:2.3:a:osgeo:mapserver:5.2.1:*:*:*:*:*:*:*
osgeo
osgeo
>>mapserver>>5.4.0
cpe:2.3:a:osgeo:mapserver:5.4.0:*:*:*:*:*:*:*
osgeo
osgeo
>>mapserver>>5.4.0
cpe:2.3:a:osgeo:mapserver:5.4.0:beta1:*:*:*:*:*:*
osgeo
osgeo
>>mapserver>>5.4.0
cpe:2.3:a:osgeo:mapserver:5.4.0:beta2:*:*:*:*:*:*
osgeo
osgeo
>>mapserver>>5.4.0
cpe:2.3:a:osgeo:mapserver:5.4.0:beta3:*:*:*:*:*:*
osgeo
osgeo
>>mapserver>>5.4.0
cpe:2.3:a:osgeo:mapserver:5.4.0:beta4:*:*:*:*:*:*
osgeo
osgeo
>>mapserver>>5.4.0
cpe:2.3:a:osgeo:mapserver:5.4.0:rc1:*:*:*:*:*:*
osgeo
osgeo
>>mapserver>>5.4.0
cpe:2.3:a:osgeo:mapserver:5.4.0:rc2:*:*:*:*:*:*
osgeo
osgeo
>>mapserver>>5.4.1
cpe:2.3:a:osgeo:mapserver:5.4.1:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-89Primarynvd@nist.gov
CWE ID: CWE-89
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
http://lists.osgeo.org/pipermail/mapserver-users/2011-July/069430.htmlsecalert@redhat.com
Patch
http://secunia.com/advisories/45257secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/45318secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/45368secalert@redhat.com
Vendor Advisory
http://trac.osgeo.org/mapserver/ticket/3903secalert@redhat.com
Patch
http://www.debian.org/security/2011/dsa-2285secalert@redhat.com
N/A
http://www.openwall.com/lists/oss-security/2011/07/19/11secalert@redhat.com
Patch
http://www.openwall.com/lists/oss-security/2011/07/19/14secalert@redhat.com
Patch
http://www.openwall.com/lists/oss-security/2011/07/20/15secalert@redhat.com
Patch
http://www.securityfocus.com/bid/48720secalert@redhat.com
N/A
https://bugzilla.redhat.com/show_bug.cgi?id=722545secalert@redhat.com
Patch
https://bugzilla.redhat.com/show_bug.cgi?id=723293secalert@redhat.com
Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/68682secalert@redhat.com
N/A
http://lists.osgeo.org/pipermail/mapserver-users/2011-July/069430.htmlaf854a3a-2127-422b-91ae-364da2661108
Patch
http://secunia.com/advisories/45257af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/45318af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/45368af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://trac.osgeo.org/mapserver/ticket/3903af854a3a-2127-422b-91ae-364da2661108
Patch
http://www.debian.org/security/2011/dsa-2285af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.openwall.com/lists/oss-security/2011/07/19/11af854a3a-2127-422b-91ae-364da2661108
Patch
http://www.openwall.com/lists/oss-security/2011/07/19/14af854a3a-2127-422b-91ae-364da2661108
Patch
http://www.openwall.com/lists/oss-security/2011/07/20/15af854a3a-2127-422b-91ae-364da2661108
Patch
http://www.securityfocus.com/bid/48720af854a3a-2127-422b-91ae-364da2661108
N/A
https://bugzilla.redhat.com/show_bug.cgi?id=722545af854a3a-2127-422b-91ae-364da2661108
Patch
https://bugzilla.redhat.com/show_bug.cgi?id=723293af854a3a-2127-422b-91ae-364da2661108
Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/68682af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://lists.osgeo.org/pipermail/mapserver-users/2011-July/069430.html
Source: secalert@redhat.com
Resource:
Patch
Hyperlink: http://secunia.com/advisories/45257
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/45318
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/45368
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://trac.osgeo.org/mapserver/ticket/3903
Source: secalert@redhat.com
Resource:
Patch
Hyperlink: http://www.debian.org/security/2011/dsa-2285
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.openwall.com/lists/oss-security/2011/07/19/11
Source: secalert@redhat.com
Resource:
Patch
Hyperlink: http://www.openwall.com/lists/oss-security/2011/07/19/14
Source: secalert@redhat.com
Resource:
Patch
Hyperlink: http://www.openwall.com/lists/oss-security/2011/07/20/15
Source: secalert@redhat.com
Resource:
Patch
Hyperlink: http://www.securityfocus.com/bid/48720
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=722545
Source: secalert@redhat.com
Resource:
Patch
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=723293
Source: secalert@redhat.com
Resource:
Patch
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/68682
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://lists.osgeo.org/pipermail/mapserver-users/2011-July/069430.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: http://secunia.com/advisories/45257
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/45318
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/45368
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://trac.osgeo.org/mapserver/ticket/3903
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: http://www.debian.org/security/2011/dsa-2285
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.openwall.com/lists/oss-security/2011/07/19/11
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: http://www.openwall.com/lists/oss-security/2011/07/19/14
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: http://www.openwall.com/lists/oss-security/2011/07/20/15
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: http://www.securityfocus.com/bid/48720
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=722545
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=723293
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/68682
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

7562Records found

CVE-2017-5522
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-4.76% / 90.80%
||
7 Day CHG~0.00%
Published-15 Mar, 2017 | 16:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in MapServer before 6.0.6, 6.2.x before 6.2.4, 6.4.x before 6.4.5, and 7.0.x before 7.0.4 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via vectors involving WFS get feature requests.

Action-Not Available
Vendor-osgeon/aDebian GNU/Linux
Product-debian_linuxmapservern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2011-2704
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-5.22% / 91.50%
||
7 Day CHG~0.00%
Published-01 Aug, 2011 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in MapServer before 4.10.7 and 5.x before 5.6.7 allows remote attackers to execute arbitrary code via vectors related to OGC filter encoding.

Action-Not Available
Vendor-osgeoumnn/a
Product-mapservern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2019-17545
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.58% / 83.31%
||
7 Day CHG~0.00%
Published-14 Oct, 2019 | 01:07
Updated-05 Aug, 2024 | 01:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

GDAL through 3.0.1 has a poolDestroy double free in OGRExpatRealloc in ogr/ogr_expat.cpp when the 10MB threshold is exceeded.

Action-Not Available
Vendor-osgeon/aopenSUSEOracle CorporationFedora ProjectDebian GNU/Linux
Product-debian_linuxspatial_and_graphgdalfedorabackports_sleleapn/a
CWE ID-CWE-415
Double Free
CVE-2023-25157
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-9.8||CRITICAL
EPSS-85.25% / 99.69%
||
7 Day CHG~0.00%
Published-21 Feb, 2023 | 21:00
Updated-10 Mar, 2025 | 21:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unfiltered SQL Injection Vulnerabilities in Geoserver

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. GeoServer includes support for the OGC Filter expression language and the OGC Common Query Language (CQL) as part of the Web Feature Service (WFS) and Web Map Service (WMS) protocols. CQL is also supported through the Web Coverage Service (WCS) protocol for ImageMosaic coverages. Users are advised to upgrade to either version 2.21.4, or version 2.22.2 to resolve this issue. Users unable to upgrade should disable the PostGIS Datastore *encode functions* setting to mitigate ``strEndsWith``, ``strStartsWith`` and ``PropertyIsLike `` misuse and enable the PostGIS DataStore *preparedStatements* setting to mitigate the ``FeatureId`` misuse.

Action-Not Available
Vendor-osgeogeoserver
Product-geoservergeoserver
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-59431
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-8.9||HIGH
EPSS-0.39% / 31.03%
||
7 Day CHG~0.00%
Published-19 Sep, 2025 | 19:29
Updated-08 Oct, 2025 | 18:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MapServer - WFS XML Filter Query SQL injection

MapServer is a system for developing web-based GIS applications. Prior to 8.4.1, the XML Filter Query directive PropertyName is vulnerably to Boolean-based SQL injection. It seems like expression checking is bypassed by introducing double quote characters in the PropertyName. Allowing to manipulate backend database queries. This vulnerability is fixed in 8.4.1.

Action-Not Available
Vendor-osgeoMapServer
Product-mapserverMapServer
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2013-7262
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-2.22% / 80.51%
||
7 Day CHG~0.00%
Published-05 Jan, 2014 | 20:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in the msPostGISLayerSetTimeFilter function in mappostgis.c in MapServer before 6.4.1, when a WMS-Time service is used, allows remote attackers to execute arbitrary SQL commands via a crafted string in a PostGIS TIME filter.

Action-Not Available
Vendor-osgeoumnn/a
Product-mapservern/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-2663
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.48% / 38.28%
||
7 Day CHG~0.00%
Published-23 Mar, 2025 | 20:31
Updated-13 May, 2025 | 20:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHPGurukul Bank Locker Management System search-locker-details.php sql injection

A vulnerability has been found in PHPGurukul Bank Locker Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /search-locker-details.php. The manipulation of the argument searchinput leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-PHPGurukul LLP
Product-bank_locker_management_systemBank Locker Management System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-2640
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.48% / 38.05%
||
7 Day CHG~0.00%
Published-23 Mar, 2025 | 03:31
Updated-24 Mar, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHPGurukul Doctor Appointment Management System appointment-bwdates-reports-details.php sql injection

A vulnerability was found in PHPGurukul Doctor Appointment Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /doctor/appointment-bwdates-reports-details.php. The manipulation of the argument fromdate/todate leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-PHPGurukul LLP
Product-Doctor Appointment Management System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2019-16644
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.37% / 68.49%
||
7 Day CHG~0.00%
Published-20 Sep, 2019 | 15:16
Updated-05 Aug, 2024 | 01:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

App\Home\Controller\ZhuantiController.class.php in TuziCMS 2.0.6 has SQL injection via the index.php/Zhuanti/group?id= substring.

Action-Not Available
Vendor-tuzicmsn/a
Product-tuzicmsn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-2657
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.48% / 38.04%
||
7 Day CHG~0.00%
Published-23 Mar, 2025 | 17:31
Updated-13 May, 2025 | 20:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
projectworlds Apartment Visitors Management System front.php sql injection

A vulnerability classified as critical was found in projectworlds Apartment Visitors Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /front.php. The manipulation of the argument rid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Projectworlds
Product-apartment_visitors_management_systemApartment Visitors Management System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-2676
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.46% / 36.90%
||
7 Day CHG~0.00%
Published-24 Mar, 2025 | 01:00
Updated-04 Jun, 2025 | 16:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHPGurukul Bank Locker Management System add-subadmin.php sql injection

A vulnerability, which was classified as critical, was found in PHPGurukul Bank Locker Management System 1.0. This affects an unknown part of the file /add-subadmin.php. The manipulation of the argument sadminusername leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-PHPGurukul LLP
Product-bank_locker_management_systemBank Locker Management System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-2655
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.55% / 41.82%
||
7 Day CHG~0.00%
Published-23 Mar, 2025 | 16:31
Updated-22 Nov, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester AC Repair and Services System Users.php delete_users sql injection

A vulnerability was detected in SourceCodester AC Repair and Services System 1.0. The affected element is the function save_users/delete_users of the file /classes/Users.php. Performing manipulation of the argument ID results in sql injection. It is possible to initiate the attack remotely. The exploit is now public and may be used. Other parameters might be affected as well.

Action-Not Available
Vendor-SourceCodesteroretnom23
Product-ac_repair_and_services_systemAC Repair and Services System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-2677
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.48% / 38.05%
||
7 Day CHG~0.00%
Published-24 Mar, 2025 | 01:31
Updated-04 Jun, 2025 | 16:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHPGurukul Bank Locker Management System changeidproof.php sql injection

A vulnerability has been found in PHPGurukul Bank Locker Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /changeidproof.php. The manipulation of the argument editid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-PHPGurukul LLP
Product-bank_locker_management_systemBank Locker Management System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-8734
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.26% / 17.26%
||
7 Day CHG~0.00%
Published-17 May, 2026 | 05:00
Updated-18 May, 2026 | 17:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Oinone Pamirs queryListByWrapper RSQLToSQLNodeConnector.makeVariable sql injection

A vulnerability was determined in Oinone Pamirs up to 7.2.0. Affected by this issue is the function RSQLToSQLNodeConnector.makeVariable of the component queryListByWrapper Interface. This manipulation causes sql injection. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Oinone
Product-Pamirs
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-2678
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.48% / 38.05%
||
7 Day CHG~0.00%
Published-24 Mar, 2025 | 02:00
Updated-04 Jun, 2025 | 15:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHPGurukul Bank Locker Management System changeimage1.php sql injection

A vulnerability was found in PHPGurukul Bank Locker Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /changeimage1.php. The manipulation of the argument editid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-PHPGurukul LLP
Product-bank_locker_management_systemBank Locker Management System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-2641
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.48% / 38.04%
||
7 Day CHG~0.00%
Published-23 Mar, 2025 | 04:31
Updated-24 Mar, 2025 | 13:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHPGurukul Art Gallery Management System edit-artist-detail.php sql injection

A vulnerability, which was classified as critical, has been found in PHPGurukul Art Gallery Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/edit-artist-detail.php?editid=1. The manipulation of the argument Name leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-PHPGurukul LLP
Product-Art Gallery Management System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-6903
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.40% / 31.89%
||
7 Day CHG~0.00%
Published-30 Jun, 2025 | 10:32
Updated-11 Jul, 2025 | 16:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Car Rental System approve.php sql injection

A vulnerability was found in code-projects Car Rental System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/approve.php. The manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-anishaSource Code & Projects
Product-car_rental_systemCar Rental System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2014-1608
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.14% / 86.33%
||
7 Day CHG~0.00%
Published-18 Mar, 2014 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in the mci_file_get function in api/soap/mc_file_api.php in MantisBT before 1.2.16 allows remote attackers to execute arbitrary SQL commands via a crafted envelope tag in a mc_issue_attachment_get SOAP request.

Action-Not Available
Vendor-n/aDebian GNU/LinuxMantis Bug Tracker (MantisBT)
Product-debian_linuxmantisbtn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-2642
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.48% / 38.04%
||
7 Day CHG~0.00%
Published-23 Mar, 2025 | 07:00
Updated-02 Apr, 2025 | 13:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHPGurukul Art Gallery Management System edit-art-product-detail.php sql injection

A vulnerability, which was classified as critical, was found in PHPGurukul Art Gallery Management System 1.0. This affects an unknown part of the file /admin/edit-art-product-detail.php?editid=2. The manipulation of the argument editide/sprice/description leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-PHPGurukul LLP
Product-art_gallery_management_systemArt Gallery Management System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2014-2323
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-61.67% / 99.06%
||
7 Day CHG~0.00%
Published-14 Mar, 2014 | 15:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in mod_mysql_vhost.c in lighttpd before 1.4.35 allows remote attackers to execute arbitrary SQL commands via the host name, related to request_check_hostname.

Action-Not Available
Vendor-lighttpdn/aopenSUSEDebian GNU/LinuxSUSE
Product-debian_linuxlighttpdlinux_enterprise_high_availability_extensionlinux_enterprise_software_development_kitopensusen/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-2647
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.47% / 37.13%
||
7 Day CHG~0.00%
Published-23 Mar, 2025 | 11:00
Updated-24 Mar, 2025 | 13:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHPGurukul Art Gallery Management System search.php sql injection

A vulnerability was found in PHPGurukul Art Gallery Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /search.php. The manipulation of the argument Search leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-PHPGurukul LLP
Product-Art Gallery Management System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-2654
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.53% / 40.72%
||
7 Day CHG~0.00%
Published-23 Mar, 2025 | 16:00
Updated-26 Mar, 2025 | 14:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester AC Repair and Services System manage_service.php sql injection

A vulnerability was found in SourceCodester AC Repair and Services System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/services/manage_service.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-SourceCodesteroretnom23
Product-ac_repair_and_services_systemAC Repair and Services System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-2679
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.46% / 36.90%
||
7 Day CHG~0.00%
Published-24 Mar, 2025 | 02:31
Updated-04 Jun, 2025 | 15:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHPGurukul Bank Locker Management System contact-us.php sql injection

A vulnerability was found in PHPGurukul Bank Locker Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /contact-us.php. The manipulation of the argument pagetitle leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-PHPGurukul LLP
Product-bank_locker_management_systemBank Locker Management System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-8785
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.25% / 16.69%
||
7 Day CHG~0.00%
Published-18 May, 2026 | 02:45
Updated-18 May, 2026 | 17:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
projectworlds hospital-management-system-in-php GET Parameter update_info.php getAllPatientDetail sql injection

A flaw has been found in projectworlds hospital-management-system-in-php 1.0. Affected by this vulnerability is the function getAllPatientDetail of the file update_info.php of the component GET Parameter Handler. Executing a manipulation of the argument appointment_no can lead to sql injection. The attack may be performed from remote. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.

Action-Not Available
Vendor-Projectworlds
Product-hospital-management-system-in-php
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2014-1925
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.99% / 78.23%
||
7 Day CHG~0.00%
Published-24 Jan, 2020 | 16:42
Updated-06 Aug, 2024 | 09:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in the MARC framework import/export function (admin/import_export_framework.pl) in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. NOTE: this can be leveraged by remote attackers using CVE-2014-1924.

Action-Not Available
Vendor-kohan/a
Product-kohan/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2019-12348
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.66% / 73.81%
||
7 Day CHG~0.00%
Published-24 May, 2021 | 15:03
Updated-04 Aug, 2024 | 23:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in zzcms 2019. SQL Injection exists in user/ztconfig.php via the daohang or img POST parameter.

Action-Not Available
Vendor-zzcmsn/a
Product-zzcmsn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-8771
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.26% / 17.27%
||
7 Day CHG~0.00%
Published-17 May, 2026 | 23:30
Updated-18 May, 2026 | 12:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
linlinjava litemall Front-end WeChat API WxGoodsController.java list sql injection

A security flaw has been discovered in linlinjava litemall up to 1.8.0. This impacts the function list of the file litemall-wx-api/src/main/java/org/linlinjava/litemall/wx/web/WxGoodsController.java of the component Front-end WeChat API. Performing a manipulation results in sql injection. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-linlinjava
Product-litemall
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-2675
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.48% / 38.04%
||
7 Day CHG~0.00%
Published-24 Mar, 2025 | 00:31
Updated-26 Mar, 2025 | 14:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHPGurukul Bank Locker Management System add-lockertype.php sql injection

A vulnerability, which was classified as critical, has been found in PHPGurukul Bank Locker Management System 1.0. Affected by this issue is some unknown functionality of the file /add-lockertype.php. The manipulation of the argument lockerprice leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-anujkumarPHPGurukul LLP
Product-bank_locker_management_systemBank Locker Management System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-2646
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.48% / 38.04%
||
7 Day CHG~0.00%
Published-23 Mar, 2025 | 09:31
Updated-02 Apr, 2025 | 12:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHPGurukul Art Gallery Management System admin-profile.php sql injection

A vulnerability was found in PHPGurukul Art Gallery Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/admin-profile.php. The manipulation of the argument contactnumber leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.

Action-Not Available
Vendor-PHPGurukul LLP
Product-art_gallery_management_systemArt Gallery Management System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2014-2211
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.40% / 82.05%
||
7 Day CHG~0.00%
Published-03 Mar, 2014 | 16:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in portal/addtoapplication.php in POSH (aka Posh portal or Portaneo) 3.0 before 3.3.0 allows remote attackers to execute arbitrary SQL commands via the rssurl parameter.

Action-Not Available
Vendor-posh_projectn/a
Product-poshn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-2674
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.48% / 38.04%
||
7 Day CHG~0.00%
Published-24 Mar, 2025 | 00:00
Updated-27 Mar, 2025 | 18:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHPGurukul Bank Locker Management System aboutus.php sql injection

A vulnerability classified as critical was found in PHPGurukul Bank Locker Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /aboutus.php. The manipulation of the argument pagetitle leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-PHPGurukul LLP
Product-bank_locker_management_systemBank Locker Management System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2014-1636
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.91% / 89.02%
||
7 Day CHG~0.00%
Published-22 Jan, 2014 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple SQL injection vulnerabilities in Command School Student Management System 1.06.01 allow remote attackers to execute arbitrary SQL commands via the id parameter in an edit action to (1) admin_school_names.php, (2) admin_subjects.php, (3) admin_grades.php, (4) admin_terms.php, (5) admin_school_years.php, (6) admin_sgrades.php, (7) admin_media_codes_1.php, (8) admin_infraction_codes.php, (9) admin_generations.php, (10) admin_relations.php, (11) admin_titles.php, or (12) health_allergies.php in sw/.

Action-Not Available
Vendor-doug_poulinn/a
Product-command_school_student_management_systemn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-2681
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.48% / 38.04%
||
7 Day CHG~0.00%
Published-24 Mar, 2025 | 03:31
Updated-27 Mar, 2025 | 18:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHPGurukul Bank Locker Management System edit-locker.php sql injection

A vulnerability was found in PHPGurukul Bank Locker Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /edit-locker.php?ltid=6. The manipulation of the argument lockersize leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-PHPGurukul LLP
Product-bank_locker_management_systemBank Locker Management System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2014-1854
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-5.41% / 91.72%
||
7 Day CHG~0.00%
Published-27 Feb, 2014 | 15:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in library/clicktracker.php in the AdRotate Pro plugin 3.9 through 3.9.5 and AdRotate Free plugin 3.9 through 3.9.4 for WordPress allows remote attackers to execute arbitrary SQL commands via the track parameter.

Action-Not Available
Vendor-adrotatepluginn/a
Product-adrotaten/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2014-2303
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.57% / 83.26%
||
7 Day CHG~0.00%
Published-13 Jun, 2014 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple SQL injection vulnerabilities in the file browser component (we_fs.php) in webEdition CMS before 6.2.7-s1.2 and 6.3.x through 6.3.8 before -s1 allow remote attackers to execute arbitrary SQL commands via the (1) table or (2) order parameter.

Action-Not Available
Vendor-webeditionn/a
Product-webedition_cmsn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-2658
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.48% / 38.05%
||
7 Day CHG~0.00%
Published-23 Mar, 2025 | 18:00
Updated-13 May, 2025 | 20:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHPGurukul Online Security Guards Hiring System search-request.php sql injection

A vulnerability, which was classified as critical, has been found in PHPGurukul Online Security Guards Hiring System 1.0. Affected by this issue is some unknown functionality of the file /search-request.php. The manipulation of the argument searchdata leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-PHPGurukul LLP
Product-online_security_guards_hiring_systemOnline Security Guards Hiring System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-2644
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.48% / 38.04%
||
7 Day CHG~0.00%
Published-23 Mar, 2025 | 08:00
Updated-02 Apr, 2025 | 13:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHPGurukul Art Gallery Management System add-art-product.php sql injection

A vulnerability was found in PHPGurukul Art Gallery Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/add-art-product.php. The manipulation of the argument arttype leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-PHPGurukul LLP
Product-art_gallery_management_systemArt Gallery Management System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-2649
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.47% / 37.13%
||
7 Day CHG~0.00%
Published-23 Mar, 2025 | 12:00
Updated-24 Mar, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHPGurukul Doctor Appointment Management System check-appointment.php sql injection

A vulnerability classified as critical was found in PHPGurukul Doctor Appointment Management System 1.0. This vulnerability affects unknown code of the file /check-appointment.php. The manipulation of the argument searchdata leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-PHPGurukul LLP
Product-Doctor Appointment Management System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-2643
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.48% / 38.04%
||
7 Day CHG~0.00%
Published-23 Mar, 2025 | 07:31
Updated-02 Apr, 2025 | 13:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHPGurukul Art Gallery Management System edit-art-type-detail.php sql injection

A vulnerability has been found in PHPGurukul Art Gallery Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/edit-art-type-detail.php?editid=1. The manipulation of the argument arttype leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-PHPGurukul LLP
Product-art_gallery_management_systemArt Gallery Management System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-6937
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.39% / 31.37%
||
7 Day CHG~0.00%
Published-01 Jul, 2025 | 00:32
Updated-09 Jul, 2025 | 17:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Simple Pizza Ordering System large.php sql injection

A vulnerability was found in code-projects Simple Pizza Ordering System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /large.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-carmeloSource Code & Projects
Product-simple_pizza_ordering_systemSimple Pizza Ordering System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2014-2081
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.08% / 79.24%
||
7 Day CHG~0.00%
Published-20 Oct, 2014 | 15:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple SQL injection vulnerabilities in the login in web_reports/cgi-bin/InfoStation.cgi in Innovative vtls-Virtua before 2013.2.4 and 2014.x before 2014.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter.

Action-Not Available
Vendor-iiin/a
Product-vtls-virtuan/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-2683
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.48% / 38.04%
||
7 Day CHG~0.00%
Published-24 Mar, 2025 | 04:31
Updated-24 Mar, 2025 | 17:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHPGurukul Bank Locker Management System profile.php sql injection

A vulnerability classified as critical was found in PHPGurukul Bank Locker Management System 1.0. This vulnerability affects unknown code of the file /profile.php. The manipulation of the argument mobilenumber leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-anujkumarPHPGurukul LLP
Product-bank_locker_management_systemBank Locker Management System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2020-29493
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-10||CRITICAL
EPSS-2.61% / 83.53%
||
7 Day CHG~0.00%
Published-14 Jan, 2021 | 21:10
Updated-16 Sep, 2024 | 19:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a SQL Injection Vulnerability in Fitness Analyzer. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application's backend database, causing unauthorized read and write access to application data. Exploitation may lead to leakage or deletion of sensitive backup data; hence the severity is Critical. Dell EMC recommends customers to upgrade at the earliest opportunity.

Action-Not Available
Vendor-Dell Inc.
Product-emc_integrated_data_protection_applianceemc_avamar_serverAvamar
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-2684
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.48% / 38.04%
||
7 Day CHG~0.00%
Published-24 Mar, 2025 | 05:00
Updated-24 Mar, 2025 | 17:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHPGurukul Bank Locker Management System search-report-details.php sql injection

A vulnerability, which was classified as critical, has been found in PHPGurukul Bank Locker Management System 1.0. This issue affects some unknown processing of the file /search-report-details.php. The manipulation of the argument searchinput leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-PHPGurukul LLP
Product-bank_locker_management_systemBank Locker Management System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-6963
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.50% / 39.03%
||
7 Day CHG~0.00%
Published-01 Jul, 2025 | 16:02
Updated-03 Jul, 2025 | 15:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Campcodes Employee Management System myprofile.php sql injection

A vulnerability has been found in Campcodes Employee Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /myprofile.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-CampCodes
Product-Employee Management System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-2660
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.48% / 38.04%
||
7 Day CHG~0.00%
Published-23 Mar, 2025 | 19:00
Updated-09 Jul, 2025 | 01:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Project Worlds Online Time Table Generator index.php sql injection

A vulnerability has been found in Project Worlds Online Time Table Generator 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/index.php. The manipulation of the argument e leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Projectworlds
Product-online_time_table_generatorOnline Time Table Generator
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2006-0159
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.21% / 64.76%
||
7 Day CHG-0.00%
Published-10 Jan, 2006 | 11:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in escribir.php in Foro Domus 2.10 allows remote attackers to execute arbitrary SQL commands via the email parameter. NOTE: the provenance of this information is unknown, although it may be based on post-disclosure analysis of CVE-2006-0110; the details are obtained solely from third party information.

Action-Not Available
Vendor-javier_suarez_sanzn/a
Product-foro_domusn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-2661
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.63% / 45.63%
||
7 Day CHG~0.00%
Published-23 Mar, 2025 | 19:31
Updated-09 Jul, 2025 | 01:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Project Worlds Online Time Table Generator index.php sql injection

A vulnerability was found in Project Worlds Online Time Table Generator 1.0 and classified as critical. This issue affects some unknown processing of the file /staff/index.php. The manipulation of the argument e leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Projectworlds
Product-online_time_table_generatorOnline Time Table Generator
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-2656
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.48% / 38.04%
||
7 Day CHG~0.00%
Published-23 Mar, 2025 | 17:00
Updated-13 May, 2025 | 20:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHPGurukul Zoo Management System login.php sql injection

A vulnerability classified as critical has been found in PHPGurukul Zoo Management System 2.1. Affected is an unknown function of the file /admin/login.php. The manipulation of the argument Username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-PHPGurukul LLP
Product-zoo_management_systemZoo Management System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-2659
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.48% / 38.04%
||
7 Day CHG~0.00%
Published-23 Mar, 2025 | 18:31
Updated-09 Jul, 2025 | 01:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Project Worlds Online Time Table Generator index.php sql injection

A vulnerability, which was classified as critical, was found in Project Worlds Online Time Table Generator 1.0. This affects an unknown part of the file /student/index.php. The manipulation of the argument e leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Projectworlds
Product-online_time_table_generatorOnline Time Table Generator
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 151
  • 152
  • Next
Details not found