Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-12307

Summary
Assigner-VulDB
Assigner Org ID-1af790b2-7ee1-4545-860a-a788eba489b5
Published At-27 Oct, 2025 | 19:02
Updated At-27 Oct, 2025 | 20:37
Rejected At-
Credits

code-projects Nero Social Networking Site addfriend.php sql injection

A vulnerability was identified in code-projects Nero Social Networking Site 1.0. Affected by this vulnerability is an unknown functionality of the file /addfriend.php. Such manipulation of the argument ID leads to sql injection. The attack may be performed from remote. The exploit is publicly available and might be used.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:VulDB
Assigner Org ID:1af790b2-7ee1-4545-860a-a788eba489b5
Published At:27 Oct, 2025 | 19:02
Updated At:27 Oct, 2025 | 20:37
Rejected At:
▼CVE Numbering Authority (CNA)
code-projects Nero Social Networking Site addfriend.php sql injection

A vulnerability was identified in code-projects Nero Social Networking Site 1.0. Affected by this vulnerability is an unknown functionality of the file /addfriend.php. Such manipulation of the argument ID leads to sql injection. The attack may be performed from remote. The exploit is publicly available and might be used.

Affected Products
Vendor
Source Code & Projectscode-projects
Product
Nero Social Networking Site
Versions
Affected
  • 1.0
Problem Types
TypeCWE IDDescription
CWECWE-89SQL Injection
CWECWE-74Injection
Type: CWE
CWE ID: CWE-89
Description: SQL Injection
Type: CWE
CWE ID: CWE-74
Description: Injection
Metrics
VersionBase scoreBase severityVector
4.06.9MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
3.17.3HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
3.07.3HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
2.07.5N/A
AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR
Version: 4.0
Base score: 6.9
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
Version: 3.1
Base score: 7.3
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
Version: 3.0
Base score: 7.3
Base severity: HIGH
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
Version: 2.0
Base score: 7.5
Base severity: N/A
Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
reporter
ArcueidBrunestud (VulDB User)
Timeline
EventDate
Advisory disclosed2025-10-26 00:00:00
VulDB entry created2025-10-26 02:00:00
VulDB entry last update2025-10-26 18:18:10
Event: Advisory disclosed
Date: 2025-10-26 00:00:00
Event: VulDB entry created
Date: 2025-10-26 02:00:00
Event: VulDB entry last update
Date: 2025-10-26 18:18:10
Replaced By
Rejected Reason
References
HyperlinkResource
https://vuldb.com/?id.329979
vdb-entry
technical-description
https://vuldb.com/?ctiid.329979
signature
permissions-required
https://vuldb.com/?submit.676808
third-party-advisory
https://github.com/yuan466/CVE/blob/main/two/report.md
exploit
https://code-projects.org/
product
Hyperlink: https://vuldb.com/?id.329979
Resource:
vdb-entry
technical-description
Hyperlink: https://vuldb.com/?ctiid.329979
Resource:
signature
permissions-required
Hyperlink: https://vuldb.com/?submit.676808
Resource:
third-party-advisory
Hyperlink: https://github.com/yuan466/CVE/blob/main/two/report.md
Resource:
exploit
Hyperlink: https://code-projects.org/
Resource:
product
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cna@vuldb.com
Published At:27 Oct, 2025 | 19:16
Updated At:03 Nov, 2025 | 16:54

A vulnerability was identified in code-projects Nero Social Networking Site 1.0. Affected by this vulnerability is an unknown functionality of the file /addfriend.php. Such manipulation of the argument ID leads to sql injection. The attack may be performed from remote. The exploit is publicly available and might be used.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.06.9MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Secondary3.17.3HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Primary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Secondary2.07.5HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Type: Secondary
Version: 4.0
Base score: 6.9
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Secondary
Version: 3.1
Base score: 7.3
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Type: Primary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 2.0
Base score: 7.5
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CPE Matches
Fabian Ros
fabian
>>nero_social_networking_site>>1.0
cpe:2.3:a:fabian:nero_social_networking_site:1.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-74Primarycna@vuldb.com
CWE-89Primarycna@vuldb.com
CWE-89Primarynvd@nist.gov
CWE ID: CWE-74
Type: Primary
Source: cna@vuldb.com
CWE ID: CWE-89
Type: Primary
Source: cna@vuldb.com
CWE ID: CWE-89
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://code-projects.org/cna@vuldb.com
Product
https://github.com/yuan466/CVE/blob/main/two/report.mdcna@vuldb.com
Exploit
Third Party Advisory
https://vuldb.com/?ctiid.329979cna@vuldb.com
Permissions Required
VDB Entry
https://vuldb.com/?id.329979cna@vuldb.com
Third Party Advisory
VDB Entry
https://vuldb.com/?submit.676808cna@vuldb.com
Third Party Advisory
VDB Entry
Hyperlink: https://code-projects.org/
Source: cna@vuldb.com
Resource:
Product
Hyperlink: https://github.com/yuan466/CVE/blob/main/two/report.md
Source: cna@vuldb.com
Resource:
Exploit
Third Party Advisory
Hyperlink: https://vuldb.com/?ctiid.329979
Source: cna@vuldb.com
Resource:
Permissions Required
VDB Entry
Hyperlink: https://vuldb.com/?id.329979
Source: cna@vuldb.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://vuldb.com/?submit.676808
Source: cna@vuldb.com
Resource:
Third Party Advisory
VDB Entry

Change History

0
Information is not available yet

Similar CVEs

11016Records found
CVE-2018-17842
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.62% / 69.87%
||
7 Day CHG+0.32%
Published-19 Jun, 2019 | 16:05
Updated-05 Aug, 2024 | 10:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection exists in Scriptzee Hotel Booking Engine 1.0 via the hotels h_room_type parameter.

Action-Not Available
Vendor-scriptzeen/a
Product-hotel_booking_enginen/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-43917
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.3||CRITICAL
EPSS-89.48% / 99.55%
||
7 Day CHG~0.00%
Published-29 Aug, 2024 | 14:46
Updated-19 Sep, 2024 | 21:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress TI WooCommerce Wishlist plugin <= 2.8.2 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TemplateInvaders TI WooCommerce Wishlist allows SQL Injection.This issue affects TI WooCommerce Wishlist: from n/a through 2.8.2.

Action-Not Available
Vendor-templateinvadersTemplateInvaderstemplateinvaders
Product-ti_woocommerce_wishlistTI WooCommerce Wishlistti_woocommerce_wishlist
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-44839
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.11% / 29.99%
||
7 Day CHG~0.00%
Published-06 Sep, 2024 | 00:00
Updated-22 Apr, 2025 | 14:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

RapidCMS v1.3.1 was discovered to contain a SQL injection vulnerability via the articleid parameter at /default/article.php.

Action-Not Available
Vendor-openrapidn/aopenrapid
Product-rapidcmsn/arapidcms
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-44546
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.09% / 26.36%
||
7 Day CHG~0.00%
Published-11 Nov, 2024 | 00:00
Updated-27 Jun, 2025 | 18:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Powerjob >= 3.20 is vulnerable to SQL injection via the version parameter.

Action-Not Available
Vendor-powerjobn/apowerjob
Product-powerjobn/apowerjob
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-44659
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.05% / 15.17%
||
7 Day CHG~0.00%
Published-17 Nov, 2025 | 00:00
Updated-18 Nov, 2025 | 20:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHPGurukul Online Shopping Portal 2.0 is vulnerable to SQL Injection via the email parameter in forgot-password.php.

Action-Not Available
Vendor-n/aPHPGurukul LLP
Product-online_shopping_portaln/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-43965
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.2||HIGH
EPSS-20.87% / 95.54%
||
7 Day CHG~0.00%
Published-29 Aug, 2024 | 15:23
Updated-06 Sep, 2024 | 16:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress SendGrid for WordPress plugin <= 1.4 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Smackcoders SendGrid for WordPress allows SQL Injection.This issue affects SendGrid for WordPress: from n/a through 1.4.

Action-Not Available
Vendor-smackcodersSmackcoderssmackcoders
Product-sendgridSendGrid for WordPresssendgrid
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-4466
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-9.8||CRITICAL
EPSS-0.07% / 20.30%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 11:44
Updated-01 Aug, 2024 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL injection vulnerability in Gescen

SQL injection vulnerability in Gescen on the centrosdigitales.net platform. This vulnerability allows an attacker to send a specially crafted SQL query to the pass parameter and retrieve all the data stored in the database.

Action-Not Available
Vendor-Centros Digitalescentros_digitales
Product-Gescengescen
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2021-37350
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-40.96% / 97.32%
||
7 Day CHG~0.00%
Published-13 Aug, 2021 | 11:30
Updated-04 Aug, 2024 | 01:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Nagios XI before version 5.8.5 is vulnerable to SQL injection vulnerability in Bulk Modifications Tool due to improper input sanitisation.

Action-Not Available
Vendor-n/aNagios Enterprises, LLC
Product-nagios_xin/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-43978
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.3||CRITICAL
EPSS-0.68% / 71.21%
||
7 Day CHG~0.00%
Published-17 Sep, 2024 | 22:29
Updated-24 Sep, 2024 | 16:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Super Store Finder plugin < 6.9.8 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in highwarden Super Store Finder allows SQL Injection.This issue affects Super Store Finder: from n/a before 6.9.8.

Action-Not Available
Vendor-Super Store Finder
Product-super_store_finderSuper Store Findersuper_store_finder
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-43976
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.3||CRITICAL
EPSS-0.52% / 66.66%
||
7 Day CHG~0.00%
Published-17 Sep, 2024 | 22:31
Updated-24 Sep, 2024 | 16:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Super Store Finder plugin <= 6.9.7 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in highwarden Super Store Finder allows SQL Injection.This issue affects Super Store Finder: from n/a through 6.9.7.

Action-Not Available
Vendor-Super Store Finder
Product-super_store_finderSuper Store Findersuper_store_finder
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-44921
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.58% / 68.69%
||
7 Day CHG~0.00%
Published-03 Sep, 2024 | 00:00
Updated-04 Sep, 2024 | 15:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SeaCMS v12.9 was discovered to contain a SQL injection vulnerability via the id parameter at /dmplayer/dmku/index.php?ac=del.

Action-Not Available
Vendor-seacmsn/aseacms
Product-seacmsn/aseacms
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-44812
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-14.65% / 94.38%
||
7 Day CHG~0.00%
Published-22 Oct, 2024 | 00:00
Updated-25 Oct, 2024 | 16:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL Injection vulnerability in Online Complaint Site v.1.0 allows a remote attacker to escalate privileges via the username and password parameters in the /admin.index.php component.

Action-Not Available
Vendor-n/ajanobeSourceCodester
Product-online_complaint_siten/aonline_complaint_site
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2018-17382
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.64% / 85.53%
||
7 Day CHG~0.00%
Published-28 Sep, 2018 | 00:00
Updated-05 Aug, 2024 | 10:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL Injection exists in the Jobs Factory 2.0.4 component for Joomla! via the filter_letter parameter.

Action-Not Available
Vendor-thephpfactoryn/a
Product-jobs_factoryn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2018-18787
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.26% / 49.69%
||
7 Day CHG~0.00%
Published-29 Oct, 2018 | 05:00
Updated-05 Aug, 2024 | 11:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in zzcms 8.3. SQL Injection exists in zs/zs.php via a pxzs cookie.

Action-Not Available
Vendor-zzcmsn/a
Product-zzcmsn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2018-17393
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.69% / 71.68%
||
7 Day CHG+0.39%
Published-19 Jun, 2019 | 16:46
Updated-05 Aug, 2024 | 10:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL Injection exists in HealthNode Hospital Management System 1.0 via the id parameter to dashboard/Patient/info.php or dashboard/Patient/patientdetails.php.

Action-Not Available
Vendor-healthnode_hospital_management_system_projectn/a
Product-healthnode_hospital_management_systemn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-44349
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-76.20% / 98.91%
||
7 Day CHG+4.05%
Published-08 Oct, 2024 | 00:00
Updated-10 Oct, 2024 | 13:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A SQL injection vulnerability in login portal in AnteeoWMS before v4.7.34 allows unauthenticated attackers to execute arbitrary SQL commands via the username parameter and disclosure of some data in the underlying DB.

Action-Not Available
Vendor-n/aanteeowms
Product-n/aanteeowms
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2018-17428
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.49% / 80.83%
||
7 Day CHG~0.00%
Published-03 Oct, 2018 | 20:00
Updated-05 Aug, 2024 | 10:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in OPAC EasyWeb Five 5.7. There is SQL injection via the w2001/index.php?scelta=campi biblio parameter.

Action-Not Available
Vendor-nexusfin/a
Product-opac_easyweb_fiven/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-43782
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.7||HIGH
EPSS-0.63% / 70.09%
||
7 Day CHG~0.00%
Published-23 Aug, 2024 | 14:35
Updated-12 Sep, 2024 | 18:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
openedx-translations's Atlas translations for Open edX missing validation

This openedx-translations repository contains translation files from Open edX repositories to be kept in sync with Transifex. Before moving to pulling translations from the openedx-translations repository via openedx-atlas, translations in the edx-platform repository were validated using edx-i18n-tools. This validation included protection against malformed translations and translations-based script injections. Prior to this patch, the validation implemented in the openedx-translations repository did not include the same protections. The maintainer inspected the translations in the edx-platform directory of both the main and open-release/redwood.master branches of the openedx-translations repository and found no evidence of exploited translation strings.

Action-Not Available
Vendor-openedxopenedxopenedx
Product-openedxopenedx-translationsopenedx-translations
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2024-4434
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-9.8||CRITICAL
EPSS-77.09% / 98.95%
||
7 Day CHG~0.00%
Published-10 May, 2024 | 08:32
Updated-15 Jan, 2025 | 20:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
LearnPress – WordPress LMS Plugin <= 4.2.6.5 - Unauthenticated Time-Based SQL Injection

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the ‘term_id’ parameter in versions up to, and including, 4.2.6.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

Action-Not Available
Vendor-ThimPress (PhysCode)
Product-LearnPress – WordPress LMS Pluginlearnpress
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2018-16353
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.26% / 49.69%
||
7 Day CHG~0.00%
Published-02 Sep, 2018 | 22:00
Updated-05 Aug, 2024 | 10:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in FHCRM through 2018-02-11. There is a SQL injection via the /index.php/Customer/read limit parameter.

Action-Not Available
Vendor-fhcrm_projectn/a
Product-fhcrmn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-44430
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.19% / 41.25%
||
7 Day CHG~0.00%
Published-13 Sep, 2024 | 00:00
Updated-19 Sep, 2024 | 01:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL Injection vulnerability in Best Free Law Office Management Software-v1.0 allows an attacker to execute arbitrary code and obtain sensitive information via a crafted payload to the kortex_lite/control/register_case.php interface

Action-Not Available
Vendor-n/amayuri_k
Product-best_free_law_office_managementn/abest_free_law_office_management_software
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-43772
Matching Score-4
Assigner-ZUSO Advanced Research Team (ZUSO ART)
ShareView Details
Matching Score-4
Assigner-ZUSO Advanced Research Team (ZUSO ART)
CVSS Score-9.3||CRITICAL
EPSS-0.46% / 63.68%
||
7 Day CHG~0.00%
Published-02 Sep, 2024 | 04:01
Updated-04 Sep, 2024 | 12:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Huachu Easytest Online Learning Test Platform - SQL Injection

SQL Injection in download student learning course function of Easytest Online Test Platform ver.24E01 and earlier allow remote attackers to execute arbitrary SQL commands via the uid parameter.

Action-Not Available
Vendor-easytestHuachu Digital Technology Ltd.huaju
Product-easytest_online_test_platformEasytest Online Test Platformeasytest_online_learning_test_platform
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-44541
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.90% / 86.18%
||
7 Day CHG~0.00%
Published-11 Sep, 2024 | 00:00
Updated-12 Sep, 2024 | 12:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

evilnapsis Inventio Lite Versions v4 and before is vulnerable to SQL Injection via the "username" parameter in "/?action=processlogin."

Action-Not Available
Vendor-n/aevilnapsis
Product-n/ainventio-lite
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2018-17232
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.44% / 63.14%
||
7 Day CHG~0.00%
Published-20 Sep, 2018 | 06:00
Updated-05 Aug, 2024 | 10:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in archivebot.py in docmarionum1 Slack ArchiveBot (aka slack-archive-bot) before 2018-09-19 allows remote attackers to execute arbitrary SQL commands via the text parameter to cursor.execute().

Action-Not Available
Vendor-slack_archivebot_projectn/a
Product-slack_archivebotn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2018-17410
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.25% / 47.94%
||
7 Day CHG~0.00%
Published-26 Sep, 2018 | 21:00
Updated-05 Aug, 2024 | 10:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Horus CMS allows SQL Injection, as demonstrated by a request to the /busca or /home URI.

Action-Not Available
Vendor-horus_cms_projectn/a
Product-horus_cmsn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2017-5344
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-4.73% / 89.26%
||
7 Day CHG-3.42%
Published-17 Feb, 2017 | 07:45
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in dotCMS through 3.6.1. The findChildrenByFilter() function which is called by the web accessible path /categoriesServlet performs string interpolation and direct SQL query execution. SQL quote escaping and a keyword blacklist were implemented in a new class, SQLUtil (main/java/com/dotmarketing/common/util/SQLUtil.java), as part of the remediation of CVE-2016-8902; however, these can be overcome in the case of the q and inode parameters to the /categoriesServlet path. Overcoming these controls permits a number of blind boolean SQL injection vectors in either parameter. The /categoriesServlet web path can be accessed remotely and without authentication in a default dotCMS deployment.

Action-Not Available
Vendor-n/adotCMS, LLC
Product-dotcmsn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-8997
Matching Score-4
Assigner-TR-CERT (Computer Emergency Response Team of the Republic of Türkiye)
ShareView Details
Matching Score-4
Assigner-TR-CERT (Computer Emergency Response Team of the Republic of Türkiye)
CVSS Score-9.8||CRITICAL
EPSS-0.10% / 28.28%
||
7 Day CHG~0.00%
Published-18 Mar, 2025 | 13:46
Updated-27 Jun, 2025 | 10:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQLi in Vestel's EVC04 Configuration Interface

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Vestel EVC04 Configuration Interface allows SQL Injection.This issue affects EVC04 Configuration Interface: before V3.187, V4.53.

Action-Not Available
Vendor-vestelVestel
Product-evc04_configuration_interfaceEVC04 Configuration Interface
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2018-17381
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.69% / 71.68%
||
7 Day CHG+0.39%
Published-19 Jun, 2019 | 17:17
Updated-05 Aug, 2024 | 10:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL Injection exists in the Dutch Auction Factory 2.0.2 component for Joomla! via the filter_order_Dir or filter_order parameter.

Action-Not Available
Vendor-thephpfactoryn/a
Product-dutch_auction_factoryn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-43699
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.3||CRITICAL
EPSS-0.52% / 66.40%
||
7 Day CHG~0.00%
Published-03 Oct, 2024 | 22:28
Updated-08 Oct, 2024 | 15:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Delta Electronics DIAEnergie SQL Injection

Delta Electronics DIAEnergie is vulnerable to an SQL injection in the script AM_RegReport.aspx. An unauthenticated attacker may be able to exploit this issue to obtain records contained in the targeted product.

Action-Not Available
Vendor-Delta Electronics, Inc.
Product-diaenergieDIAEnergiediaenergie
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-42783
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.16% / 37.35%
||
7 Day CHG~0.00%
Published-21 Aug, 2024 | 00:00
Updated-06 Sep, 2024 | 18:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Kashipara Music Management System v1.0 is vulnerable to SQL Injection via /music/manage_playlist_items.php. An attacker can execute arbitrary SQL commands via the "pid" parameter.

Action-Not Available
Vendor-lopalopan/aKashipara Group
Product-music_management_systemn/amusic_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2018-16492
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-9.8||CRITICAL
EPSS-1.32% / 79.71%
||
7 Day CHG-1.20%
Published-01 Feb, 2019 | 18:00
Updated-05 Aug, 2024 | 10:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A prototype pollution vulnerability was found in module extend <2.0.2, ~<3.0.2 that allows an attacker to inject arbitrary properties onto Object.prototype.

Action-Not Available
Vendor-extend_projectHackerOne
Product-extendextend
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2026-2115
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.03% / 7.79%
||
7 Day CHG~0.00%
Published-07 Feb, 2026 | 22:32
Updated-23 Feb, 2026 | 09:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
itsourcecode Society Management System delete_expenses.php sql injection

A flaw has been found in itsourcecode Society Management System 1.0. This issue affects some unknown processing of the file /admin/delete_expenses.php. This manipulation of the argument expenses_id causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may be used.

Action-Not Available
Vendor-Angel Jude Reyes SuarezITSourceCode
Product-society_management_systemSociety Management System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2018-16278
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.80% / 82.61%
||
7 Day CHG~0.00%
Published-31 Aug, 2018 | 16:00
Updated-05 Aug, 2024 | 10:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

phpkaiyuancms PhpOpenSourceCMS (POSCMS) V3.2.0 allows an unauthenticated user to execute arbitrary SQL commands via the diy/module/member/controllers/Api.php ajax_save_draft function with the dir parameter.

Action-Not Available
Vendor-phpkaiyuancmsn/a
Product-phpopensourcecmsn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2018-16822
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.42% / 61.62%
||
7 Day CHG~0.00%
Published-21 Sep, 2018 | 17:00
Updated-05 Aug, 2024 | 10:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SeaCMS 6.64 allows SQL Injection via the upload/admin/admin_video.php order parameter.

Action-Not Available
Vendor-seacmsn/a
Product-seacmsn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2018-16385
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.55% / 67.56%
||
7 Day CHG~0.00%
Published-03 Sep, 2018 | 02:00
Updated-05 Aug, 2024 | 10:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ThinkPHP before 5.1.23 allows SQL Injection via the public/index/index/test/index query string.

Action-Not Available
Vendor-thinkphpn/a
Product-thinkphpn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-21410
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.3||CRITICAL
EPSS-0.51% / 65.77%
||
7 Day CHG+0.34%
Published-24 Feb, 2026 | 20:53
Updated-27 Feb, 2026 | 03:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
InSAT MasterSCADA BUK-TS SQL Injection

InSAT MasterSCADA BUK-TS is susceptible to SQL Injection through its main web interface. Malicious users that use the vulnerable endpoint are potentially able to cause remote code execution.

Action-Not Available
Vendor-insatInSAT
Product-masterscadaMasterSCADA BUK-TS
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-42533
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.20% / 78.78%
||
7 Day CHG~0.00%
Published-25 Mar, 2025 | 00:00
Updated-27 Mar, 2025 | 16:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in the authentication module in Convivance StandVoice 4.5 through 6.2 allows remote attackers to execute arbitrary code via the GEST_LOGIN parameter.

Action-Not Available
Vendor-n/a
Product-n/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-42562
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.26% / 48.63%
||
7 Day CHG~0.00%
Published-20 Aug, 2024 | 00:00
Updated-05 Jun, 2025 | 20:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Pharmacy Management System commit a2efc8 was discovered to contain a SQL injection vulnerability via the invoice_number parameter at preview.php.

Action-Not Available
Vendor-krishna9772n/akrishna9772
Product-pharmacy_management_systemn/apharmacy_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2018-17397
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.64% / 85.53%
||
7 Day CHG~0.00%
Published-28 Sep, 2018 | 00:00
Updated-05 Aug, 2024 | 10:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL Injection exists in the AlphaIndex Dictionaries 1.0 component for Joomla! via the letter parameter.

Action-Not Available
Vendor-multiplanetn/a
Product-alphaindex_dictionariesn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-43144
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.3||CRITICAL
EPSS-0.80% / 73.81%
||
7 Day CHG~0.00%
Published-29 Aug, 2024 | 14:45
Updated-19 Sep, 2024 | 21:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Cost Calculator Builder plugin <= 3.2.15 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in StylemixThemes Cost Calculator Builder allows SQL Injection.This issue affects Cost Calculator Builder: from n/a through 3.2.15.

Action-Not Available
Vendor-stylemixthemesStylemixThemesstylemixthemes
Product-cost_calculator_builderCost Calculator Buildercost_calculator_builder
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-42575
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.26% / 48.63%
||
7 Day CHG~0.00%
Published-20 Aug, 2024 | 00:00
Updated-21 Aug, 2024 | 13:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at substaff.php.

Action-Not Available
Vendor-arajajyothibabun/aarajajyothibabu
Product-school_management_systemn/aschool_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2016-1154
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-9.1||CRITICAL
EPSS-0.88% / 75.12%
||
7 Day CHG~0.00%
Published-19 Feb, 2016 | 19:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in the Help plug-in 1.3.5 and earlier in Cuore EC-CUBE allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Action-Not Available
Vendor-cuoren/a
Product-ec-cube_help_pluginn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-42765
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.04% / 10.88%
||
7 Day CHG~0.00%
Published-23 Aug, 2024 | 00:00
Updated-06 May, 2025 | 13:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A SQL injection vulnerability in "/login.php" of the Kashipara Bus Ticket Reservation System v1.0 allows remote attackers to execute arbitrary SQL commands and bypass Login via the "email" or "password" Login page parameters.

Action-Not Available
Vendor-kjayvikn/aKashipara Group
Product-bus_ticket_reservation_systemn/abus_ticket_reservation_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2018-17385
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.64% / 85.53%
||
7 Day CHG~0.00%
Published-28 Sep, 2018 | 00:00
Updated-05 Aug, 2024 | 10:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL Injection exists in the Social Factory 3.8.3 component for Joomla! via the radius[lat], radius[lng], or radius[radius] parameter.

Action-Not Available
Vendor-thephpfactoryn/a
Product-social_factoryn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-42571
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.27% / 50.09%
||
7 Day CHG~0.00%
Published-20 Aug, 2024 | 00:00
Updated-05 Jun, 2025 | 20:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at insertattendance.php.

Action-Not Available
Vendor-arajajyothibabun/aschool_management_system_project
Product-school_management_systemn/aschool_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2018-16357
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.64% / 70.36%
||
7 Day CHG~0.00%
Published-02 Mar, 2020 | 19:28
Updated-05 Aug, 2024 | 10:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in PbootCMS. There is a SQL injection via the api.php/Cms/search order parameter.

Action-Not Available
Vendor-pbootcmsn/a
Product-pbootcmsn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2018-17399
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.31% / 53.67%
||
7 Day CHG-0.00%
Published-19 Jun, 2019 | 16:41
Updated-05 Aug, 2024 | 10:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL Injection exists in the Jimtawl 2.2.7 component for Joomla! via the id parameter.

Action-Not Available
Vendor-jimtawl_projectn/a
Product-jimtawln/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2018-17377
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.64% / 85.53%
||
7 Day CHG~0.00%
Published-28 Sep, 2018 | 00:00
Updated-05 Aug, 2024 | 10:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL Injection exists in the Questions 1.4.3 component for Joomla! via the term, userid, users, or groups parameter.

Action-Not Available
Vendor-extensiondevelopern/a
Product-questionsn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2018-17388
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.69% / 71.68%
||
7 Day CHG+0.39%
Published-19 Jun, 2019 | 17:00
Updated-05 Aug, 2024 | 10:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL Injection exists in Twilio WEB To Fax Machine System 1.0 via the email or password parameter to login_check.php, or the id parameter to add_email.php or edit_content.php.

Action-Not Available
Vendor-ranksoln/a
Product-twilio_web_to_fax_machine_systemn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2018-16809
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.71% / 71.99%
||
7 Day CHG~0.00%
Published-07 Mar, 2019 | 22:00
Updated-05 Aug, 2024 | 10:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Dolibarr through 7.0.0. expensereport/card.php in the expense reports module allows SQL injection via the integer parameters qty and value_unit.

Action-Not Available
Vendor-n/aDolibarr ERP & CRM
Product-dolibarrn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
  • Previous
  • 1
  • 2
  • ...
  • 29
  • 30
  • 31
  • ...
  • 220
  • 221
  • Next
Details not found