Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-5596

Summary
Assigner-VulDB
Assigner Org ID-1af790b2-7ee1-4545-860a-a788eba489b5
Published At-05 Apr, 2026 | 20:45
Updated At-06 Apr, 2026 | 18:09
Rejected At-
Credits

griptape-ai griptape SqlTool tool.py sql injection

A vulnerability was detected in griptape-ai griptape 0.19.4. Affected by this issue is some unknown functionality of the file griptape/tools/sql/tool.py of the component SqlTool. Performing a manipulation results in sql injection. It is possible to initiate the attack remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:VulDB
Assigner Org ID:1af790b2-7ee1-4545-860a-a788eba489b5
Published At:05 Apr, 2026 | 20:45
Updated At:06 Apr, 2026 | 18:09
Rejected At:
â–¼CVE Numbering Authority (CNA)
griptape-ai griptape SqlTool tool.py sql injection

A vulnerability was detected in griptape-ai griptape 0.19.4. Affected by this issue is some unknown functionality of the file griptape/tools/sql/tool.py of the component SqlTool. Performing a manipulation results in sql injection. It is possible to initiate the attack remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Affected Products
Vendor
griptape-ai
Product
griptape
Modules
  • SqlTool
Versions
Affected
  • 0.19.4
Problem Types
TypeCWE IDDescription
CWECWE-89SQL Injection
CWECWE-74Injection
Type: CWE
CWE ID: CWE-89
Description: SQL Injection
Type: CWE
CWE ID: CWE-74
Description: Injection
Metrics
VersionBase scoreBase severityVector
4.05.3MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
3.16.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
3.06.3MEDIUM
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
2.06.5N/A
AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR
Version: 4.0
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
Version: 3.1
Base score: 6.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
Version: 3.0
Base score: 6.3
Base severity: MEDIUM
Vector:
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
Version: 2.0
Base score: 6.5
Base severity: N/A
Vector:
AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
reporter
Goku (VulDB User)
coordinator
VulDB CNA Team
Timeline
EventDate
Advisory disclosed2026-04-05 00:00:00
VulDB entry created2026-04-05 02:00:00
VulDB entry last update2026-04-05 07:22:11
Event: Advisory disclosed
Date: 2026-04-05 00:00:00
Event: VulDB entry created
Date: 2026-04-05 02:00:00
Event: VulDB entry last update
Date: 2026-04-05 07:22:11
Replaced By
Rejected Reason
References
HyperlinkResource
https://vuldb.com/vuln/355390
vdb-entry
https://vuldb.com/vuln/355390/cti
signature
permissions-required
https://vuldb.com/submit/784464
third-party-advisory
https://github.com/Ka7arotto/cve/blob/main/griptape/text2sqlTool/issue.md
exploit
Hyperlink: https://vuldb.com/vuln/355390
Resource:
vdb-entry
Hyperlink: https://vuldb.com/vuln/355390/cti
Resource:
signature
permissions-required
Hyperlink: https://vuldb.com/submit/784464
Resource:
third-party-advisory
Hyperlink: https://github.com/Ka7arotto/cve/blob/main/griptape/text2sqlTool/issue.md
Resource:
exploit
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cna@vuldb.com
Published At:05 Apr, 2026 | 21:16
Updated At:27 Apr, 2026 | 19:04

A vulnerability was detected in griptape-ai griptape 0.19.4. Affected by this issue is some unknown functionality of the file griptape/tools/sql/tool.py of the component SqlTool. Performing a manipulation results in sql injection. It is possible to initiate the attack remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.05.3MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary3.16.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Secondary2.06.5MEDIUM
AV:N/AC:L/Au:S/C:P/I:P/A:P
Type: Secondary
Version: 4.0
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Primary
Version: 3.1
Base score: 6.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Type: Secondary
Version: 2.0
Base score: 6.5
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:S/C:P/I:P/A:P
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-74Primarycna@vuldb.com
CWE-89Primarycna@vuldb.com
CWE ID: CWE-74
Type: Primary
Source: cna@vuldb.com
CWE ID: CWE-89
Type: Primary
Source: cna@vuldb.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/Ka7arotto/cve/blob/main/griptape/text2sqlTool/issue.mdcna@vuldb.com
N/A
https://vuldb.com/submit/784464cna@vuldb.com
N/A
https://vuldb.com/vuln/355390cna@vuldb.com
N/A
https://vuldb.com/vuln/355390/cticna@vuldb.com
N/A
Hyperlink: https://github.com/Ka7arotto/cve/blob/main/griptape/text2sqlTool/issue.md
Source: cna@vuldb.com
Resource: N/A
Hyperlink: https://vuldb.com/submit/784464
Source: cna@vuldb.com
Resource: N/A
Hyperlink: https://vuldb.com/vuln/355390
Source: cna@vuldb.com
Resource: N/A
Hyperlink: https://vuldb.com/vuln/355390/cti
Source: cna@vuldb.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

4066Records found
CVE-2024-2770
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.07% / 21.83%
||
7 Day CHG~0.00%
Published-21 Mar, 2024 | 22:31
Updated-21 Feb, 2025 | 17:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Campcodes Complete Online Beauty Parlor Management System contact-us.php sql injection

A vulnerability was found in Campcodes Complete Online Beauty Parlor Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/contact-us.php. The manipulation of the argument email leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-257606 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-complete_online_beauty_parlor_management_system_projectCampCodes
Product-complete_online_beauty_parlor_management_systemComplete Online Beauty Parlor Management Systemcomplete_online_beauty_parlor_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-2766
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.10% / 26.38%
||
7 Day CHG~0.00%
Published-21 Mar, 2024 | 21:00
Updated-21 Feb, 2025 | 16:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Campcodes Complete Online Beauty Parlor Management System index.php sql injection

A vulnerability has been found in Campcodes Complete Online Beauty Parlor Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/index.php. The manipulation of the argument username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-257602 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-CampCodes
Product-complete_online_beauty_parlor_management_systemComplete Online Beauty Parlor Management Systemcomplete_online_beauty_parlor_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-3458
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.05% / 16.50%
||
7 Day CHG~0.00%
Published-08 Apr, 2024 | 18:00
Updated-06 Feb, 2025 | 19:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Netentsec NS-ASG Application Security Gateway add_ikev2.php sql injection

A vulnerability classified as critical was found in Netentsec NS-ASG Application Security Gateway 6.3. This vulnerability affects unknown code of the file /admin/add_ikev2.php. The manipulation of the argument TunnelId leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-259714 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-netentsecNetentsec
Product-application_security_gatewayNS-ASG Application Security Gateway
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-2620
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.17% / 38.12%
||
7 Day CHG~0.00%
Published-19 Mar, 2024 | 01:00
Updated-12 Aug, 2024 | 16:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Fujian Kelixin Communication Command and Dispatch Platform down_file.php sql injection

A vulnerability has been found in Fujian Kelixin Communication Command and Dispatch Platform up to 20240318 and classified as critical. Affected by this vulnerability is an unknown functionality of the file api/client/down_file.php. The manipulation of the argument uuid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257197 was assigned to this vulnerability.

Action-Not Available
Vendor-Fujian Kelixin Communicationfujiankelixun
Product-Command and Dispatch Platformcommand_and_dispatch_platform
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-3425
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.06% / 18.18%
||
7 Day CHG~0.00%
Published-07 Apr, 2024 | 16:00
Updated-17 Jan, 2025 | 16:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Online Courseware activateall.php sql injection

A vulnerability classified as critical was found in SourceCodester Online Courseware 1.0. Affected by this vulnerability is an unknown functionality of the file admin/activateall.php. The manipulation of the argument selector leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259597 was assigned to this vulnerability.

Action-Not Available
Vendor-argieSourceCodester
Product-online_coursewareOnline Coursewareonline_courseware
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-2769
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.17% / 37.33%
||
7 Day CHG~0.00%
Published-21 Mar, 2024 | 22:00
Updated-30 Sep, 2025 | 15:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Campcodes Complete Online Beauty Parlor Management System admin-profile.php sql injection

A vulnerability was detected in Campcodes Complete Online Beauty Parlor Management System 1.0. The affected element is an unknown function of the file /admin/admin-profile.php. The manipulation of the argument adminname/email results in sql injection. The attack may be launched remotely. The exploit is now public and may be used.

Action-Not Available
Vendor-CampCodes
Product-complete_online_beauty_parlor_management_systemComplete Online Beauty Parlor Management Systemcomplete_online_beauty_parlor_management_system
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-2777
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.11% / 29.75%
||
7 Day CHG+0.07%
Published-22 Mar, 2024 | 00:00
Updated-30 Sep, 2025 | 14:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Campcodes/PHPGurukul Online Marriage Registration System application-bwdates-reports-details.php sql injection

A vulnerability has been found in Campcodes/PHPGurukul Online Marriage Registration System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/application-bwdates-reports-details.php. The manipulation of the argument fromdate leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-PHPGurukul LLPCampCodes
Product-online_marriage_registration_systemOnline Marriage Registration Systemonline_marriage_registration_system
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-3457
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.05% / 16.50%
||
7 Day CHG~0.00%
Published-08 Apr, 2024 | 17:31
Updated-06 Feb, 2025 | 19:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Netentsec NS-ASG Application Security Gateway config_ISCGroupNoCache.php sql injection

A vulnerability classified as critical has been found in Netentsec NS-ASG Application Security Gateway 6.3. This affects an unknown part of the file /admin/config_ISCGroupNoCache.php. The manipulation of the argument GroupId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259713 was assigned to this vulnerability.

Action-Not Available
Vendor-netentsecNetentsecnetentsec
Product-application_security_gatewayNS-ASG Application Security Gatewayns-asg_application_security_gateway
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-3422
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.13% / 33.01%
||
7 Day CHG~0.00%
Published-07 Apr, 2024 | 13:31
Updated-17 Jan, 2025 | 15:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Online Courseware activatestud.php sql injection

A vulnerability was found in SourceCodester Online Courseware 1.0. It has been declared as critical. This vulnerability affects unknown code of the file admin/activatestud.php. The manipulation of the argument selector leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-259594 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-argieSourceCodester
Product-online_coursewareOnline Coursewareonline_courseware
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-2768
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.07% / 21.83%
||
7 Day CHG~0.00%
Published-21 Mar, 2024 | 21:31
Updated-21 Feb, 2025 | 17:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Campcodes Complete Online Beauty Parlor Management System edit-services.php sql injection

A vulnerability was found in Campcodes Complete Online Beauty Parlor Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/edit-services.php. The manipulation of the argument editid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257604.

Action-Not Available
Vendor-complete_online_beauty_parlor_management_system_projectCampCodes
Product-complete_online_beauty_parlor_management_systemComplete Online Beauty Parlor Management Systemcomplete_online_beauty_parlor_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-2774
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.10% / 26.38%
||
7 Day CHG~0.00%
Published-21 Mar, 2024 | 23:00
Updated-21 Feb, 2025 | 17:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Campcodes Online Marriage Registration System search.php sql injection

A vulnerability classified as critical was found in Campcodes Online Marriage Registration System 1.0. This vulnerability affects unknown code of the file /user/search.php. The manipulation of the argument searchdata leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257608.

Action-Not Available
Vendor-CampCodes
Product-online_marriage_registration_systemOnline Marriage Registration Systemonline_marriage_registration_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-2776
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.07% / 21.83%
||
7 Day CHG~0.00%
Published-21 Mar, 2024 | 23:31
Updated-21 Feb, 2025 | 18:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Campcodes Online Marriage Registration System search.php sql injection

A vulnerability, which was classified as critical, was found in Campcodes Online Marriage Registration System 1.0. Affected is an unknown function of the file /admin/search.php. The manipulation of the argument searchdata leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-257610 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-CampCodes
Product-online_marriage_registration_systemOnline Marriage Registration Systemonline_marriage_registration_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-2714
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.05% / 14.37%
||
7 Day CHG~0.00%
Published-20 Mar, 2024 | 19:31
Updated-21 Feb, 2025 | 16:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Campcodes Complete Online DJ Booking System booking-bwdates-reports-details.php sql injection

A vulnerability has been found in Campcodes Complete Online DJ Booking System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/booking-bwdates-reports-details.php. The manipulation of the argument fromdate leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257467.

Action-Not Available
Vendor-CampCodes
Product-complete_online_dj_booking_systemComplete Online DJ Booking Systemcomplete_online_dj_booking_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-2644
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.05% / 17.29%
||
7 Day CHG~0.00%
Published-19 Mar, 2024 | 22:00
Updated-07 Feb, 2025 | 15:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Netentsec NS-ASG Application Security Gateway addfirewall.php sql injection

A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. It has been rated as critical. Affected by this issue is some unknown functionality of the file /protocol/firewall/addfirewall.php. The manipulation of the argument FireWallTableArray leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-257282 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-netentsecNetentsecnetentsec
Product-application_security_gatewayNS-ASG Application Security Gatewayapplication_security_gateway
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-2678
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.05% / 14.37%
||
7 Day CHG~0.00%
Published-20 Mar, 2024 | 07:00
Updated-21 Feb, 2025 | 16:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Campcodes Online Job Finder System controller.php sql injection

A vulnerability was found in Campcodes Online Job Finder System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/applicants/controller.php. The manipulation of the argument JOBREGID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-257378 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-CampCodes
Product-online_job_finder_systemOnline Job Finder Systemonline_job_finder_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-2677
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.05% / 14.37%
||
7 Day CHG~0.00%
Published-20 Mar, 2024 | 06:31
Updated-10 Apr, 2025 | 20:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Campcodes Online Job Finder System controller.php sql injection

A vulnerability has been found in Campcodes Online Job Finder System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/category/controller.php. The manipulation of the argument CATEGORYID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257377 was assigned to this vulnerability.

Action-Not Available
Vendor-CampCodes
Product-online_job_finder_systemOnline Job Finder Systemonline_job_finder_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2021-21465
Matching Score-4
Assigner-SAP SE
ShareView Details
Matching Score-4
Assigner-SAP SE
CVSS Score-9.9||CRITICAL
EPSS-1.43% / 81.00%
||
7 Day CHG~0.00%
Published-12 Jan, 2021 | 14:40
Updated-03 Aug, 2024 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The BW Database Interface allows an attacker with low privileges to execute any crafted database queries, exposing the backend database. An attacker can include their own SQL commands which the database will execute without properly sanitizing the untrusted data leading to SQL injection vulnerability which can fully compromise the affected SAP system.

Action-Not Available
Vendor-SAP SE
Product-business_warehouseSAP Business Warehouse
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2012-5766
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.30% / 53.80%
||
7 Day CHG~0.00%
Published-03 Jul, 2013 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple SQL injection vulnerabilities in IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote authenticated users to execute arbitrary SQL commands via vectors involving the RNVisibility page and unspecified screens, a different vulnerability than CVE-2013-0560.

Action-Not Available
Vendor-n/aIBM Corporation
Product-sterling_b2b_integratorsterling_file_gatewayn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2012-5327
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.36% / 58.53%
||
7 Day CHG~0.00%
Published-08 Oct, 2012 | 20:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple SQL injection vulnerabilities in fs-admin/fs-admin.php in the Mingle Forum plugin 1.0.32.1 and other versions before 1.0.33 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) delete_usrgrp[] parameter in a delete_usergroups action, (2) usergroup parameter in an add_user_togroup action, or (3) add_forum_group_id parameter in an add_forum_submit action.

Action-Not Available
Vendor-cartpaujn/aWordPress.org
Product-wordpressmingle-forumn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2018-19435
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.26% / 49.90%
||
7 Day CHG-0.01%
Published-22 Nov, 2018 | 05:00
Updated-05 Aug, 2024 | 11:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the Sales component in webERP 4.15. SalesInquiry.php has SQL Injection via the SortBy parameter.

Action-Not Available
Vendor-weberpn/a
Product-weberpn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2012-5328
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.29% / 53.00%
||
7 Day CHG~0.00%
Published-08 Oct, 2012 | 20:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple SQL injection vulnerabilities in the Mingle Forum plugin 1.0.32.1 and other versions before 1.0.33 for WordPress might allow remote authenticated users to execute arbitrary SQL commands via the (1) memberid or (2) groupid parameters in a removemember action or (3) id parameter to fs-admin/fs-admin.php, or (4) edit_forum_id parameter in an edit_save_forum action to fs-admin/wpf-edit-forum-group.php.

Action-Not Available
Vendor-cartpaujn/aWordPress.org
Product-wordpressmingle-forumn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-2712
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.10% / 26.38%
||
7 Day CHG~0.00%
Published-20 Mar, 2024 | 18:31
Updated-21 Feb, 2025 | 16:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Campcodes Complete Online DJ Booking System user-search.php sql injection

A vulnerability, which was classified as critical, has been found in Campcodes Complete Online DJ Booking System 1.0. This issue affects some unknown processing of the file /admin/user-search.php. The manipulation of the argument searchdata leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257465 was assigned to this vulnerability.

Action-Not Available
Vendor-CampCodes
Product-complete_online_dj_booking_systemComplete Online DJ Booking System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-2687
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.05% / 14.37%
||
7 Day CHG~0.00%
Published-20 Mar, 2024 | 09:31
Updated-10 Apr, 2025 | 20:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Campcodes Online Job Finder System index.php sql injection

A vulnerability was found in Campcodes Online Job Finder System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/applicants/index.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257387.

Action-Not Available
Vendor-CampCodes
Product-online_job_finder_systemOnline Job Finder Systemonline_job_finder_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-2674
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.05% / 14.37%
||
7 Day CHG~0.00%
Published-20 Mar, 2024 | 05:31
Updated-21 Feb, 2025 | 15:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Campcodes Online Job Finder System index.php sql injection

A vulnerability classified as critical was found in Campcodes Online Job Finder System 1.0. This vulnerability affects unknown code of the file /admin/employee/index.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-257374 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-CampCodes
Product-online_job_finder_systemOnline Job Finder Systemonline_job_finder_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-2672
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.05% / 15.17%
||
7 Day CHG~0.00%
Published-20 Mar, 2024 | 04:31
Updated-21 Feb, 2025 | 15:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Campcodes Online Job Finder System controller.php sql injection

A vulnerability was found in Campcodes Online Job Finder System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/user/controller.php. The manipulation of the argument UESRID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257372.

Action-Not Available
Vendor-CampCodes
Product-online_job_finder_systemOnline Job Finder Systemonline_job_finder_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-5403
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.22% / 44.24%
||
7 Day CHG~0.00%
Published-01 Jun, 2025 | 16:00
Updated-10 Nov, 2025 | 20:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
chaitak-gorai Blogbook GET Parameter view_all_posts.php sql injection

A vulnerability classified as critical has been found in chaitak-gorai Blogbook up to 92f5cf90f8a7e6566b576fe0952e14e1c6736513. This affects an unknown part of the file /admin/view_all_posts.php of the component GET Parameter Handler. The manipulation of the argument post_id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-chaitak-goraichaitak-gorai
Product-blogbookBlogbook
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-2646
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.05% / 17.29%
||
7 Day CHG~0.00%
Published-19 Mar, 2024 | 22:31
Updated-30 Jan, 2025 | 15:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Netentsec NS-ASG Application Security Gateway sql injection

A vulnerability classified as critical was found in Netentsec NS-ASG Application Security Gateway 6.3. This vulnerability affects unknown code of the file /vpnweb/index.php?para=index. The manipulation of the argument check_VirtualSiteId leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257284. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-netentsecNetentsecnetentsec
Product-application_security_gatewayNS-ASG Application Security Gatewayapplication_security_gateway
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-2671
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.05% / 14.37%
||
7 Day CHG~0.00%
Published-20 Mar, 2024 | 04:00
Updated-21 Feb, 2025 | 15:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Campcodes Online Job Finder System index.php sql injection

A vulnerability was found in Campcodes Online Job Finder System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/user/index.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257371.

Action-Not Available
Vendor-online_job_finder_system_projectCampCodes
Product-online_job_finder_systemOnline Job Finder Systemonline_job_finder_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-2670
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.05% / 14.37%
||
7 Day CHG~0.00%
Published-20 Mar, 2024 | 04:00
Updated-21 Feb, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Campcodes Online Job Finder System index.php sql injection

A vulnerability was found in Campcodes Online Job Finder System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/vacancy/index.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-257370 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-CampCodes
Product-online_job_finder_systemOnline Job Finder Systemonline_job_finder_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-2673
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.05% / 17.03%
||
7 Day CHG~0.00%
Published-20 Mar, 2024 | 05:00
Updated-21 Feb, 2025 | 15:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Campcodes Online Job Finder System login.php sql injection

A vulnerability classified as critical has been found in Campcodes Online Job Finder System 1.0. This affects an unknown part of the file /admin/login.php. The manipulation of the argument user_email leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257373 was assigned to this vulnerability.

Action-Not Available
Vendor-CampCodes
Product-online_job_finder_systemOnline Job Finder Systemonline_job_finder_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-3416
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.19% / 40.56%
||
7 Day CHG~0.00%
Published-07 Apr, 2024 | 03:31
Updated-17 Jan, 2025 | 15:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Online Courseware editt.php sql injection

A vulnerability classified as critical was found in SourceCodester Online Courseware 1.0. This vulnerability affects unknown code of the file admin/editt.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259588.

Action-Not Available
Vendor-argieSourceCodester
Product-online_coursewareOnline Coursewareonline_courseware
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-2649
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.05% / 17.29%
||
7 Day CHG~0.00%
Published-19 Mar, 2024 | 23:31
Updated-10 Apr, 2025 | 20:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Netentsec NS-ASG Application Security Gateway deleteonlineuser.php sql injection

A vulnerability has been found in Netentsec NS-ASG Application Security Gateway 6.3 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /protocol/iscdevicestatus/deleteonlineuser.php. The manipulation of the argument messagecontent leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257287. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-netentsecNetentsecnetentsec
Product-application_security_gatewayNS-ASG Application Security Gatewayapplication_security_gateway
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-2669
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.05% / 14.37%
||
7 Day CHG~0.00%
Published-20 Mar, 2024 | 02:00
Updated-21 Feb, 2025 | 15:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Campcodes Online Job Finder System GET Parameter controller.php sql injection

A vulnerability was found in Campcodes Online Job Finder System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/employee/controller.php of the component GET Parameter Handler. The manipulation of the argument EMPLOYEEID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257369 was assigned to this vulnerability.

Action-Not Available
Vendor-online_job_finder_system_projectCampCodes
Product-online_job_finder_systemOnline Job Finder Systemonline_job_finder_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-2676
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.06% / 18.27%
||
7 Day CHG~0.00%
Published-20 Mar, 2024 | 06:00
Updated-21 Feb, 2025 | 16:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Campcodes Online Job Finder System controller.php sql injection

A vulnerability, which was classified as critical, was found in Campcodes Online Job Finder System 1.0. Affected is an unknown function of the file /admin/company/controller.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257376.

Action-Not Available
Vendor-CampCodes
Product-online_job_finder_systemOnline Job Finder Systemonline_job_finder_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-2668
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.05% / 14.37%
||
7 Day CHG~0.00%
Published-20 Mar, 2024 | 02:00
Updated-21 Feb, 2025 | 14:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Campcodes Online Job Finder System controller.php sql injection

A vulnerability has been found in Campcodes Online Job Finder System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/vacancy/controller.php. The manipulation of the argument id/CATEGORY leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257368.

Action-Not Available
Vendor-CampCodes
Product-online_job_finder_systemOnline Job Finder Systemonline_job_finder_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-33722
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.3||MEDIUM
EPSS-0.04% / 13.86%
||
7 Day CHG+0.01%
Published-08 May, 2026 | 00:00
Updated-08 May, 2026 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SOPlanning 1.52.00 is vulnerable to SQL Injection by an authenticated user via projets.php with statut[].

Action-Not Available
Vendor-n/a
Product-n/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2007-2111
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.69% / 82.59%
||
7 Day CHG~0.00%
Published-18 Apr, 2007 | 18:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in the SYS.DBMS_AQADM_SYS package in Oracle Database 9.0.1.5, 9.2.0.7, and 10.1.0.5 allows remote authenticated users to inject arbitrary SQL commands via unknown vectors, aka DB04. NOTE: as of 20070424, Oracle has not disputed reliable claims that DB04 is actually for multiple vulnerabilities.

Action-Not Available
Vendor-n/aOracle Corporation
Product-database_servern/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-3424
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.11% / 29.52%
||
7 Day CHG~0.00%
Published-07 Apr, 2024 | 15:31
Updated-17 Jan, 2025 | 16:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Online Courseware listscore.php sql injection

A vulnerability classified as critical has been found in SourceCodester Online Courseware 1.0. Affected is an unknown function of the file admin/listscore.php. The manipulation of the argument title leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259596.

Action-Not Available
Vendor-argieSourceCodester
Product-online_coursewareOnline Coursewareonline_courseware
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-2675
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.05% / 14.37%
||
7 Day CHG~0.00%
Published-20 Mar, 2024 | 06:00
Updated-21 Feb, 2025 | 15:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Campcodes Online Job Finder System index.php sql injection

A vulnerability, which was classified as critical, has been found in Campcodes Online Job Finder System 1.0. This issue affects some unknown processing of the file /admin/company/index.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257375.

Action-Not Available
Vendor-CampCodes
Product-online_job_finder_systemOnline Job Finder Systemonline_job_finder_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-2713
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.07% / 20.44%
||
7 Day CHG~0.00%
Published-20 Mar, 2024 | 19:00
Updated-21 Feb, 2025 | 16:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Campcodes Complete Online DJ Booking System booking-search.php sql injection

A vulnerability, which was classified as critical, was found in Campcodes Complete Online DJ Booking System 1.0. Affected is an unknown function of the file /admin/booking-search.php. The manipulation of the argument searchdata leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-257466 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-CampCodes
Product-complete_online_dj_booking_systemComplete Online DJ Booking Systemcomplete_online_dj_booking_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-9524
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.03% / 8.86%
||
7 Day CHG~0.00%
Published-26 May, 2026 | 02:45
Updated-26 May, 2026 | 19:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
xianrendzw EasyReport REST Endpoint execute sql injection

A flaw has been found in xianrendzw EasyReport up to 2.0.17.0522_Beta. Affected by this issue is the function execute of the component REST Endpoint. Executing a manipulation of the argument reportParams can lead to sql injection. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-xianrendzw
Product-EasyReport
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-3223
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.10% / 26.59%
||
7 Day CHG~0.00%
Published-03 Apr, 2024 | 01:00
Updated-01 Aug, 2024 | 20:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester PHP Task Management System admin-manage-user.php sql injection

A vulnerability, which was classified as critical, was found in SourceCodester PHP Task Management System 1.0. Affected is an unknown function of the file admin-manage-user.php. The manipulation of the argument admin_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259068.

Action-Not Available
Vendor-SourceCodester
Product-PHP Task Management Systemphp_task_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-3224
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.10% / 26.95%
||
7 Day CHG~0.00%
Published-03 Apr, 2024 | 01:31
Updated-18 Feb, 2025 | 17:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester PHP Task Management System task-details.php sql injection

A vulnerability has been found in SourceCodester PHP Task Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file task-details.php. The manipulation of the argument task_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259069 was assigned to this vulnerability.

Action-Not Available
Vendor-SourceCodestermayuri_k
Product-php_task_management_systemPHP Task Management Systemphp_task_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2015-3993
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.24% / 46.99%
||
7 Day CHG~0.00%
Published-13 Jun, 2015 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Actian Matrix 5.1.x through 5.1.2.4 and 5.2.x through 5.2.0.1 allows remote authenticated users to bypass intended write-access restrictions and execute an UPDATE statement by referencing a table.

Action-Not Available
Vendor-actiann/a
Product-matrixn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-3225
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.12% / 30.13%
||
7 Day CHG~0.00%
Published-03 Apr, 2024 | 02:00
Updated-18 Feb, 2025 | 17:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester PHP Task Management System edit-task.php sql injection

A vulnerability was found in SourceCodester PHP Task Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file edit-task.php. The manipulation of the argument task_id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-259070 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-SourceCodestermayuri_k
Product-php_task_management_systemPHP Task Management Systemphp_task_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-2517
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.05% / 16.48%
||
7 Day CHG~0.00%
Published-16 Mar, 2024 | 12:00
Updated-14 Feb, 2025 | 17:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MAGESH-K21 Online-College-Event-Hall-Reservation-System book_history.php sql injection

A vulnerability has been found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0 and classified as critical. This vulnerability affects unknown code of the file book_history.php. The manipulation of the argument del_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-256954 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-magesh-k21MAGESH-K21magesh-k21
Product-online-college-event-hall-reservation-systemOnline-College-Event-Hall-Reservation-Systemonline-college-event-hall-reservation-system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-3222
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.13% / 32.14%
||
7 Day CHG~0.00%
Published-03 Apr, 2024 | 00:00
Updated-01 Aug, 2024 | 20:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester PHP Task Management System admin-password-change.php sql injection

A vulnerability, which was classified as critical, has been found in SourceCodester PHP Task Management System 1.0. This issue affects some unknown processing of the file admin-password-change.php. The manipulation of the argument admin_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259067.

Action-Not Available
Vendor-SourceCodester
Product-PHP Task Management System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-9451
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.03% / 9.52%
||
7 Day CHG~0.00%
Published-25 May, 2026 | 10:45
Updated-26 May, 2026 | 19:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Employee Management System applyleaveprocess.php sql injection

A weakness has been identified in code-projects Employee Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /process/applyleaveprocess.php. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks.

Action-Not Available
Vendor-Source Code & Projects
Product-Employee Management System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-32231
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.3||MEDIUM
EPSS-2.64% / 86.01%
||
7 Day CHG~0.00%
Published-15 Aug, 2024 | 00:00
Updated-10 Jul, 2025 | 15:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stash up to v0.25.1 was discovered to contain a SQL injection vulnerability via the sort parameter.

Action-Not Available
Vendor-stashappn/a
Product-stashn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-2556
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.07% / 22.16%
||
7 Day CHG~0.00%
Published-17 Mar, 2024 | 08:00
Updated-18 Feb, 2025 | 16:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Employee Task Management System attendance-info.php sql injection

A vulnerability was found in SourceCodester Employee Task Management System 1.0. It has been classified as critical. This affects an unknown part of the file attendance-info.php. The manipulation of the argument user_id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257055.

Action-Not Available
Vendor-SourceCodesteroretnom23
Product-employee_task_management_systemEmployee Task Management Systememployee_task_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 81
  • 82
  • Next
Details not found