Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2018-6393

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-29 Jan, 2018 | 20:00
Updated At-05 Aug, 2024 | 06:01
Rejected At-
Credits

FreePBX 10.13.66-32bit and 14.0.1.24 (SNG7-PBX-64bit-1712-2) allow post-authentication SQL injection via the order parameter. NOTE: the vendor disputes this issue because it is intentional that a user can "directly modify SQL tables ... [or] run shell scripts ... once ... logged in to the administration interface; there is no need to try to find input validation errors.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:29 Jan, 2018 | 20:00
Updated At:05 Aug, 2024 | 06:01
Rejected At:
▼CVE Numbering Authority (CNA)

FreePBX 10.13.66-32bit and 14.0.1.24 (SNG7-PBX-64bit-1712-2) allow post-authentication SQL injection via the order parameter. NOTE: the vendor disputes this issue because it is intentional that a user can "directly modify SQL tables ... [or] run shell scripts ... once ... logged in to the administration interface; there is no need to try to find input validation errors.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/c610/tmp/blob/master/sqlipoc-freepbx-14.0.1.24-req.txt
x_refsource_MISC
http://www.securityfocus.com/bid/102854
vdb-entry
x_refsource_BID
http://code610.blogspot.com/2018/01/post-auth-sql-injection-in-freepbx.html
x_refsource_MISC
Hyperlink: https://github.com/c610/tmp/blob/master/sqlipoc-freepbx-14.0.1.24-req.txt
Resource:
x_refsource_MISC
Hyperlink: http://www.securityfocus.com/bid/102854
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://code610.blogspot.com/2018/01/post-auth-sql-injection-in-freepbx.html
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/c610/tmp/blob/master/sqlipoc-freepbx-14.0.1.24-req.txt
x_refsource_MISC
x_transferred
http://www.securityfocus.com/bid/102854
vdb-entry
x_refsource_BID
x_transferred
http://code610.blogspot.com/2018/01/post-auth-sql-injection-in-freepbx.html
x_refsource_MISC
x_transferred
Hyperlink: https://github.com/c610/tmp/blob/master/sqlipoc-freepbx-14.0.1.24-req.txt
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://www.securityfocus.com/bid/102854
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://code610.blogspot.com/2018/01/post-auth-sql-injection-in-freepbx.html
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:29 Jan, 2018 | 20:29
Updated At:17 May, 2024 | 01:29

FreePBX 10.13.66-32bit and 14.0.1.24 (SNG7-PBX-64bit-1712-2) allow post-authentication SQL injection via the order parameter. NOTE: the vendor disputes this issue because it is intentional that a user can "directly modify SQL tables ... [or] run shell scripts ... once ... logged in to the administration interface; there is no need to try to find input validation errors.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.07.2HIGH
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Primary2.06.5MEDIUM
AV:N/AC:L/Au:S/C:P/I:P/A:P
Type: Primary
Version: 3.0
Base score: 7.2
Base severity: HIGH
Vector:
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 6.5
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:S/C:P/I:P/A:P
CPE Matches
Sangoma Technologies Corp.
sangoma
>>freepbx>>10.13.66
cpe:2.3:a:sangoma:freepbx:10.13.66:*:*:*:*:*:*:*
Sangoma Technologies Corp.
sangoma
>>freepbx>>14.0.1.24
cpe:2.3:a:sangoma:freepbx:14.0.1.24:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-89Primarynvd@nist.gov
CWE ID: CWE-89
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://code610.blogspot.com/2018/01/post-auth-sql-injection-in-freepbx.htmlcve@mitre.org
Exploit
Third Party Advisory
http://www.securityfocus.com/bid/102854cve@mitre.org
Third Party Advisory
VDB Entry
https://github.com/c610/tmp/blob/master/sqlipoc-freepbx-14.0.1.24-req.txtcve@mitre.org
Exploit
Third Party Advisory
Hyperlink: http://code610.blogspot.com/2018/01/post-auth-sql-injection-in-freepbx.html
Source: cve@mitre.org
Resource:
Exploit
Third Party Advisory
Hyperlink: http://www.securityfocus.com/bid/102854
Source: cve@mitre.org
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://github.com/c610/tmp/blob/master/sqlipoc-freepbx-14.0.1.24-req.txt
Source: cve@mitre.org
Resource:
Exploit
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

3586Records found
CVE-2022-32299
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.26% / 49.14%
||
7 Day CHG~0.00%
Published-15 Jun, 2022 | 16:21
Updated-03 Aug, 2024 | 07:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

YoudianCMS v9.5.0 was discovered to contain a SQL injection vulnerability via the id parameter at /App/Lib/Action/Admin/SiteAction.class.php.

Action-Not Available
Vendor-youdiancmsn/a
Product-youdiancmsn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-32367
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.27% / 50.91%
||
7 Day CHG~0.00%
Published-14 Jun, 2022 | 17:20
Updated-03 Aug, 2024 | 07:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/?page=inquiries/view_inquiry&id=.

Action-Not Available
Vendor-product_show_room_site_projectn/a
Product-product_show_room_siten/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-32362
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.27% / 50.91%
||
7 Day CHG~0.00%
Published-14 Jun, 2022 | 20:15
Updated-03 Aug, 2024 | 07:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/categories/manage_category.php?id=.

Action-Not Available
Vendor-product_show_room_site_projectn/a
Product-product_show_room_siten/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-32011
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.27% / 50.91%
||
7 Day CHG~0.00%
Published-02 Jun, 2022 | 15:31
Updated-03 Aug, 2024 | 07:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/admin/applicants/index.php?view=view&id=.

Action-Not Available
Vendor-complete_online_job_search_system_projectn/a
Product-complete_online_job_search_systemn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-32401
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.26% / 49.14%
||
7 Day CHG~0.00%
Published-24 Jun, 2022 | 01:11
Updated-03 Aug, 2024 | 07:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/inmates/manage_privilege.php:4

Action-Not Available
Vendor-n/aoretnom23
Product-prison_management_systemn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-32398
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.26% / 49.14%
||
7 Day CHG~0.00%
Published-24 Jun, 2022 | 01:08
Updated-03 Aug, 2024 | 07:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/cells/manage_cell.php:4

Action-Not Available
Vendor-n/aoretnom23
Product-prison_management_systemn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-5649
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.01% / 1.82%
||
7 Day CHG~0.00%
Published-06 Apr, 2026 | 11:15
Updated-27 Apr, 2026 | 19:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Online Application System for Admission Endpoint admsnform.php sql injection

A vulnerability has been found in code-projects Online Application System for Admission 1.0. This issue affects some unknown processing of the file /enrollment/admsnform.php of the component Endpoint. Such manipulation leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Source Code & Projects
Product-Online Application System for Admission
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-32014
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.27% / 50.91%
||
7 Day CHG~0.00%
Published-02 Jun, 2022 | 15:27
Updated-03 Aug, 2024 | 07:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/index.php?q=result&searchfor=byfunction.

Action-Not Available
Vendor-complete_online_job_search_system_projectn/a
Product-complete_online_job_search_systemn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2017-8198
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-7.2||HIGH
EPSS-0.22% / 44.90%
||
7 Day CHG~0.00%
Published-22 Nov, 2017 | 19:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FusionSphere V100R006C00SPC102(NFV) has an SQL injection vulnerability. An authenticated, remote attacker could craft interface messages carrying malicious SQL statements and send them to a target device. Successful exploit could allow the attacker to launch an SQL injection attack and execute SQL commands.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-fusionsphereFusionSphere
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-31996
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.27% / 50.91%
||
7 Day CHG~0.00%
Published-02 Jun, 2022 | 14:52
Updated-03 Aug, 2024 | 07:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Badminton Center Management System v1.0 is vulnerable to SQL Injection via bcms/admin/?page=sales/manage_sale&id=.

Action-Not Available
Vendor-badminton_center_management_system_projectn/a
Product-badminton_center_management_systemn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-32400
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.27% / 50.91%
||
7 Day CHG~0.00%
Published-24 Jun, 2022 | 01:10
Updated-03 Aug, 2024 | 07:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/user/manage_user.php:4.

Action-Not Available
Vendor-n/aoretnom23
Product-prison_management_systemn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-32334
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.27% / 50.91%
||
7 Day CHG~0.00%
Published-14 Jun, 2022 | 15:20
Updated-03 Aug, 2024 | 07:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Fast Food Ordering System v1.0 is vulnerable to SQL Injection via /ffos/admin/categories/manage_category.php?id=.

Action-Not Available
Vendor-fast_food_ordering_system_projectn/a
Product-fast_food_ordering_systemn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-32358
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.27% / 50.91%
||
7 Day CHG~0.00%
Published-14 Jun, 2022 | 20:20
Updated-03 Aug, 2024 | 07:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/classes/Master.php?f=delete_inquiry.

Action-Not Available
Vendor-product_show_room_site_projectn/a
Product-product_show_room_siten/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-31974
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-17.63% / 95.19%
||
7 Day CHG~0.00%
Published-01 Jun, 2022 | 18:21
Updated-03 Aug, 2024 | 07:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=reports&date=.

Action-Not Available
Vendor-online_fire_reporting_system_projectn/a
Product-online_fire_reporting_systemn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-32022
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-11.79% / 93.80%
||
7 Day CHG~0.00%
Published-02 Jun, 2022 | 15:58
Updated-03 Aug, 2024 | 07:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Car Rental Management System v1.0 is vulnerable to SQL Injection via /ip/car-rental-management-system/admin/ajax.php?action=login.

Action-Not Available
Vendor-car_rental_management_system_projectn/a
Product-car_rental_management_systemn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-31980
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-8.05% / 92.22%
||
7 Day CHG~0.00%
Published-01 Jun, 2022 | 18:11
Updated-03 Aug, 2024 | 07:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=teams/manage_team&id=.

Action-Not Available
Vendor-online_fire_reporting_system_projectn/a
Product-online_fire_reporting_systemn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-31970
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.27% / 50.91%
||
7 Day CHG~0.00%
Published-01 Jun, 2022 | 17:59
Updated-03 Aug, 2024 | 07:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ChatBot App with Suggestion v1.0 is vulnerable to SQL Injection via /simple_chat_bot/admin/?page=responses/manage_response&id=.

Action-Not Available
Vendor-chatbot_app_with_suggestion_projectn/a
Product-chatbot_app_with_suggestionn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-32351
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.27% / 50.91%
||
7 Day CHG~0.00%
Published-14 Jun, 2022 | 15:31
Updated-03 Aug, 2024 | 07:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/classes/Master.php?f=delete_message.

Action-Not Available
Vendor-hospital\'s_patient_records_management_system_projectn/a
Product-hospital\'s_patient_records_management_systemn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-32346
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.27% / 50.91%
||
7 Day CHG~0.00%
Published-14 Jun, 2022 | 15:46
Updated-03 Aug, 2024 | 07:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/admin/rooms/view_room.php?id=.

Action-Not Available
Vendor-hospital\'s_patient_records_management_system_projectn/a
Product-hospital\'s_patient_records_management_systemn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-32347
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.27% / 50.91%
||
7 Day CHG~0.00%
Published-14 Jun, 2022 | 15:44
Updated-03 Aug, 2024 | 07:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/classes/Master.php?f=delete_room.

Action-Not Available
Vendor-hospital\'s_patient_records_management_system_projectn/a
Product-hospital\'s_patient_records_management_systemn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-32395
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.26% / 49.14%
||
7 Day CHG~0.00%
Published-24 Jun, 2022 | 01:05
Updated-03 Aug, 2024 | 07:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/crimes/manage_crime.php:4

Action-Not Available
Vendor-n/aoretnom23
Product-prison_management_systemn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-32342
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.27% / 50.91%
||
7 Day CHG~0.00%
Published-14 Jun, 2022 | 15:56
Updated-03 Aug, 2024 | 07:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/admin/room_types/view_room_type.php?id=.

Action-Not Available
Vendor-hospital\'s_patient_records_management_system_projectn/a
Product-hospital\'s_patient_records_management_systemn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-32004
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.27% / 50.91%
||
7 Day CHG~0.00%
Published-02 Jun, 2022 | 14:40
Updated-03 Aug, 2024 | 07:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Badminton Center Management System v1.0 is vulnerable to SQL Injection via bcms/admin/products/manage_product.php?id=.

Action-Not Available
Vendor-badminton_center_management_system_projectn/a
Product-badminton_center_management_systemn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-32343
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.27% / 50.91%
||
7 Day CHG~0.00%
Published-14 Jun, 2022 | 15:54
Updated-03 Aug, 2024 | 07:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via hprms/admin/room_types/manage_room_type.php?id=.

Action-Not Available
Vendor-hospital\'s_patient_records_management_system_projectn/a
Product-hospital\'s_patient_records_management_systemn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-32016
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.27% / 50.91%
||
7 Day CHG~0.00%
Published-02 Jun, 2022 | 15:24
Updated-03 Aug, 2024 | 07:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/index.php?q=result&searchfor=bycompany.

Action-Not Available
Vendor-complete_online_job_search_system_projectn/a
Product-complete_online_job_search_systemn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-32345
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.27% / 50.91%
||
7 Day CHG~0.00%
Published-14 Jun, 2022 | 15:52
Updated-03 Aug, 2024 | 07:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/admin/rooms/manage_room.php?id=.

Action-Not Available
Vendor-hospital\'s_patient_records_management_system_projectn/a
Product-hospital\'s_patient_records_management_systemn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-32354
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.27% / 50.91%
||
7 Day CHG~0.00%
Published-14 Jun, 2022 | 20:24
Updated-03 Aug, 2024 | 07:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/?page=user/manage_user&id=.

Action-Not Available
Vendor-product_show_room_site_projectn/a
Product-product_show_room_siten/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-31994
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.27% / 50.91%
||
7 Day CHG~0.00%
Published-02 Jun, 2022 | 15:04
Updated-03 Aug, 2024 | 07:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/?page=sales/view_details&id.

Action-Not Available
Vendor-badminton_center_management_system_projectn/a
Product-badminton_center_management_systemn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-32340
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.27% / 50.91%
||
7 Day CHG~0.00%
Published-14 Jun, 2022 | 15:59
Updated-03 Aug, 2024 | 07:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/admin/?page=patients/view_patient&id=.

Action-Not Available
Vendor-hospital\'s_patient_records_management_system_projectn/a
Product-hospital\'s_patient_records_management_systemn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-32380
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.27% / 50.91%
||
7 Day CHG~0.00%
Published-15 Jun, 2022 | 18:38
Updated-03 Aug, 2024 | 07:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_student_subject.php?index=.

Action-Not Available
Vendor-advanced_school_management_system_projectn/a
Product-advanced_school_management_systemn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-32366
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.27% / 50.91%
||
7 Day CHG~0.00%
Published-14 Jun, 2022 | 17:21
Updated-03 Aug, 2024 | 07:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/fields/view_field.php?id=.

Action-Not Available
Vendor-product_show_room_site_projectn/a
Product-product_show_room_siten/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-32397
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.26% / 49.14%
||
7 Day CHG~0.00%
Published-24 Jun, 2022 | 01:07
Updated-03 Aug, 2024 | 07:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/visits/view_visit.php:4

Action-Not Available
Vendor-n/aoretnom23
Product-prison_management_systemn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-32373
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.27% / 50.91%
||
7 Day CHG~0.00%
Published-15 Jun, 2022 | 19:52
Updated-03 Aug, 2024 | 07:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_exam.php?id=.

Action-Not Available
Vendor-advanced_school_management_system_projectn/a
Product-advanced_school_management_systemn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-32364
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.27% / 50.91%
||
7 Day CHG~0.00%
Published-14 Jun, 2022 | 17:23
Updated-03 Aug, 2024 | 07:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/?page=products/manage_product&id=.

Action-Not Available
Vendor-product_show_room_site_projectn/a
Product-product_show_room_siten/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-32353
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.27% / 50.91%
||
7 Day CHG~0.00%
Published-14 Jun, 2022 | 20:26
Updated-03 Aug, 2024 | 07:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/categories/manage_field_order.php?id=.

Action-Not Available
Vendor-product_show_room_site_projectn/a
Product-product_show_room_siten/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-32378
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.27% / 50.91%
||
7 Day CHG~0.00%
Published-15 Jun, 2022 | 18:40
Updated-03 Aug, 2024 | 07:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_teacher_profile.php?my_index=.

Action-Not Available
Vendor-advanced_school_management_system_projectn/a
Product-advanced_school_management_systemn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-31325
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.36% / 58.22%
||
7 Day CHG~0.00%
Published-08 Jun, 2022 | 15:52
Updated-03 Aug, 2024 | 07:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a SQL Injection vulnerability in ChurchCRM 4.4.5 via the 'PersonID' field in /churchcrm/WhyCameEditor.php.

Action-Not Available
Vendor-churchcrmn/a
Product-churchcrmn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-30823
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.27% / 50.91%
||
7 Day CHG~0.00%
Published-31 May, 2022 | 17:32
Updated-03 Aug, 2024 | 07:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Wedding Management System v1.0 is vulnerable to SQL Injection via \admin\blog_events_edit.php.

Action-Not Available
Vendor-wedding_management_system_projectn/a
Product-wedding_management_systemn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-3793
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.01% / 2.26%
||
7 Day CHG~0.00%
Published-09 Mar, 2026 | 01:32
Updated-10 Mar, 2026 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Sales and Inventory System GET Parameter sales_invoice1.php sql injection

A vulnerability was determined in SourceCodester Sales and Inventory System 1.0. This vulnerability affects unknown code of the file sales_invoice1.php of the component GET Parameter Handler. This manipulation of the argument sellid causes sql injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized.

Action-Not Available
Vendor-ahsanriaz26gmailcomSourceCodester
Product-sales_and_inventory_systemSales and Inventory System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-4777
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.03% / 9.10%
||
7 Day CHG~0.00%
Published-24 Mar, 2026 | 21:42
Updated-08 Apr, 2026 | 18:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Sales and Inventory System POST Parameter view_supplier.php sql injection

A security flaw has been discovered in SourceCodester Sales and Inventory System 1.0. This affects an unknown part of the file view_supplier.php of the component POST Parameter Handler. The manipulation of the argument searchtxt results in sql injection. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks.

Action-Not Available
Vendor-ahsanriaz26gmailcomSourceCodester
Product-sales_and_inventory_systemSales and Inventory System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-3420
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.05% / 16.55%
||
7 Day CHG~0.00%
Published-07 Apr, 2024 | 11:00
Updated-17 Jan, 2025 | 15:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Online Courseware saveedit.php sql injection

A vulnerability was found in SourceCodester Online Courseware 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file admin/saveedit.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259592.

Action-Not Available
Vendor-argieSourceCodester
Product-online_coursewareOnline Courseware
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-31101
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.1||HIGH
EPSS-53.87% / 98.04%
||
7 Day CHG~0.00%
Published-27 Jun, 2022 | 22:15
Updated-22 Apr, 2025 | 17:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL Injection in prestashop/blockwishlist

prestashop/blockwishlist is a prestashop extension which adds a block containing the customer's wishlists. In affected versions an authenticated customer can perform SQL injection. This issue is fixed in version 2.1.1. Users are advised to upgrade. There are no known workarounds for this issue.

Action-Not Available
Vendor-PrestaShop S.A
Product-blockwishlistblockwishlist
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-3423
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.10% / 26.48%
||
7 Day CHG~0.00%
Published-07 Apr, 2024 | 14:31
Updated-31 Jan, 2025 | 01:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Online Courseware activateteach.php sql injection

A vulnerability was found in SourceCodester Online Courseware 1.0. It has been rated as critical. This issue affects some unknown processing of the file admin/activateteach.php. The manipulation of the argument selector leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259595.

Action-Not Available
Vendor-argieSourceCodester
Product-online_coursewareOnline Coursewareonline_courseware
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-30825
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.27% / 50.91%
||
7 Day CHG~0.00%
Published-31 May, 2022 | 17:30
Updated-03 Aug, 2024 | 07:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Wedding Management System v1.0 is vulnerable to SQL Injection via \admin\client_edit.php.

Action-Not Available
Vendor-wedding_management_system_projectn/a
Product-wedding_management_systemn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-3755
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 11.33%
||
7 Day CHG~0.00%
Published-08 Mar, 2026 | 17:32
Updated-11 Mar, 2026 | 19:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Sales and Inventory System POST check_customer_details.php sql injection

A vulnerability was determined in SourceCodester Sales and Inventory System 1.0. This impacts an unknown function of the file /check_customer_details.php of the component POST Handler. Executing a manipulation of the argument stock_name1 can lead to sql injection. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized.

Action-Not Available
Vendor-ahsanriaz26gmailcomSourceCodester
Product-sales_and_inventory_systemSales and Inventory System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-32839
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-7.2||HIGH
EPSS-8.97% / 92.71%
||
7 Day CHG~0.00%
Published-13 Nov, 2024 | 01:54
Updated-19 Nov, 2024 | 04:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

Action-Not Available
Vendor-Ivanti Software
Product-EPMepm
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-30829
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.27% / 50.91%
||
7 Day CHG~0.00%
Published-31 May, 2022 | 17:24
Updated-03 Aug, 2024 | 07:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Wedding Management System v1.0 is vulnerable to SQL Injection via \admin\users_edit.php.

Action-Not Available
Vendor-wedding_management_system_projectn/a
Product-wedding_management_systemn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-30826
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.27% / 50.91%
||
7 Day CHG~0.00%
Published-31 May, 2022 | 17:28
Updated-03 Aug, 2024 | 07:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Wedding Management System v1.0 is vulnerable to SQL Injection via admin\client_assign.php.

Action-Not Available
Vendor-wedding_management_system_projectn/a
Product-wedding_management_systemn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-2604
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.05% / 15.26%
||
7 Day CHG~0.00%
Published-21 Mar, 2025 | 20:31
Updated-01 Apr, 2025 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Kortex Lite Advocate Office Management System edit_act.php sql injection

A vulnerability was found in SourceCodester Kortex Lite Advocate Office Management System 1.0. It has been classified as critical. Affected is an unknown function of the file edit_act.php. The manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-mayuri_kSourceCodester
Product-advocate_office_management_systemKortex Lite Advocate Office Management System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-30830
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.27% / 50.91%
||
7 Day CHG~0.00%
Published-31 May, 2022 | 17:23
Updated-03 Aug, 2024 | 07:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Wedding Management System v1.0 is vulnerable to SQL Injection via \admin\feature_edit.php.

Action-Not Available
Vendor-wedding_management_system_projectn/a
Product-wedding_management_systemn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • ...
  • 71
  • 72
  • Next
Details not found