Medium
CVE-2025-1576
A vulnerability classified as critical was found in code-projects Real Estate Property Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /ajax_state.php. T…
Tag: SQL Injection
All CVEs associated with "SQL Injection". Page 45/175 • 20882 CVEs.
Subscribe CVEs: RSS for “SQL Injection” · RSS (High+Critical only)
About “SQL Injection”
A curated feed of “SQL Injection”-related CVEs appears below. We currently track 20882 CVEs for this tag (all time). In the last 365 days, 4079 were published. Average CVSS is 7.7 (all time; 7.3 over 365d), and 76% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'), CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'), CWE-20 - Improper Input Validation.
In our taxonomy this topic maps to a HIGH impact class. Common exploitation patterns for this weakness can lead to high. Use the filters to triage high risk first and validate exposure in your environment. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2025-02-23
2025-02-22
High
CVE-2024-13474
The LTL Freight Quotes – Purolator Edition plugin for WordPress is vulnerable to SQL Injection via the 'dropship_edit_id' and 'edit_id' parameters in all versions up to, and including, 2.2.3 due to i…
2025-02-21
Medium
CVE-2020-19248
SQL Injection vulnerability in PbootCMS 1.4.1 in parsing if statements in templates, resulting in a malicious user's ability to contaminate template content by searching for page contamination URLs,…
Low
CVE-2025-25878
A vulnerability was found in ITSourcecode Simple ChatBox up to 1.0. This vulnerability affects unknown code of the file /del.php. The attack can use SQL injection to obtain sensitive data.
Low
CVE-2025-25877
A vulnerability was found in ITSourcecode Simple ChatBox up to 1.0. This vulnerability affects unknown code of the file /admin.php. The attack can use SQL injection to obtain sensitive data.
High
CVE-2025-25876
A vulnerability was found in ITSourcecode Simple ChatBox up to 1.0. This vulnerability affects unknown code of the file /delete.php. The attack can use SQL injection to obtain sensitive data.
Medium
CVE-2025-25875
A vulnerability was found in ITSourcecode Simple ChatBox up to 1.0. This vulnerability affects unknown code of the file /message.php. The attack can use SQL injection to obtain sensitive data.
Medium
CVE-2024-55159
GFast between v2 to v3.2 was discovered to contain a SQL injection vulnerability via the SortName parameter at /system/loginLog/list.
Medium
CVE-2025-1544
A vulnerability, which was classified as critical, was found in dingfanzu CMS up to 20250210. Affected is an unknown function of the file /ajax/loadShopInfo.php. The manipulation of the argument shop…
Medium
CVE-2025-1537
A vulnerability was found in Harpia DiagSystem 12. It has been rated as critical. This issue affects some unknown processing of the file /diagsystem/PACS/atualatendimento_jpeg.php. The manipulation o…
High
CVE-2025-26794
Exim 4.98 before 4.98.1, when SQLite hints and ETRN serialization are used, allows remote SQL injection. (Resolving SQL injection requires an update to 4.99.1 in certain non-default rate-limit config…
High
CVE-2025-1535
A vulnerability was found in Baiyi Cloud Asset Management System 8.142.100.161. It has been classified as critical. This affects an unknown part of the file /wuser/admin.ticket.close.php. The manipul…
Medium
CVE-2024-13846
The Indeed Ultimate Learning Pro plugin for WordPress is vulnerable to time-based SQL Injection via the ‘post_id’ parameter in all versions up to, and including, 3.9 due to insufficient escaping on t…
Medium
CVE-2024-13713
The WPExperts Square For GiveWP plugin for WordPress is vulnerable to SQL Injection via the 'post' parameter in all versions up to, and including, 1.3.1 due to insufficient escaping on the user suppl…
Medium
CVE-2024-12276
The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to second-order SQL Injection via filenames in al…
High
CVE-2024-11260
The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to time-based SQL Injection via the active_status parameter in all versions up to, and including, 6.6.3…
Medium
CVE-2024-13235
The Pinpoint Booking System – #1 WordPress Booking Plugin plugin for WordPress is vulnerable to SQL Injection via the 'language' parameter in all versions up to, and including, 2.9.9.5.4 due to insuf…
2025-02-20
Critical
CVE-2025-27096
WeGIA is a Web Manager for Institutions with a focus on Portuguese language. A SQL Injection vulnerability was discovered in the WeGIA application, personalizacao_upload.php endpoint. This vulnerabil…
Medium
CVE-2024-54960
A SQL Injection vulnerability in Nagios XI 2024R1.2.2 allows a remote attacker to execute SQL injection via a crafted payload in the History Tab component.
Critical
CVE-2024-57401
SQL Injection vulnerability in Uniclare Student portal v.2 and before allows a remote attacker to execute arbitrary code via the Forgot Password function.
Medium
CVE-2025-0866
The Legoeso PDF Manager plugin for WordPress is vulnerable to time-based SQL Injection via the ‘checkedVals’ parameter in all versions up to, and including, 1.2.2 due to insufficient escaping on the…
High
CVE-2024-13476
The LTL Freight Quotes – GlobalTranz Edition plugin for WordPress is vulnerable to SQL Injection via the 'engtz_wd_save_dropship' AJAX endpoint in all versions up to, and including, 2.3.11 due to ins…
2025-02-19
High
CVE-2025-1464
A vulnerability, which was classified as critical, has been found in Baiyi Cloud Asset Management System up to 20250204. This issue affects some unknown processing of the file /wuser/admin.house.coll…
High
CVE-2024-13534
The Small Package Quotes – Worldwide Express Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' and 'dropship_edit_id' parameters in all versions up to, and including, 5.2.…
High
CVE-2024-13533
The Small Package Quotes – USPS Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' parameter in all versions up to, and including, 1.3.5 due to insufficient escaping on the…
High
CVE-2024-13491
The Small Package Quotes – For Customers of FedEx plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' and 'dropship_edit_id' parameters in all versions up to, and including, 4.3.1 d…
High
CVE-2024-13485
The LTL Freight Quotes – ABF Freight Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' and 'dropship_edit_id' parameters in all versions up to, and including, 3.3.7 due to…
High
CVE-2024-13483
The LTL Freight Quotes – SAIA Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' and 'dropship_edit_id' parameters in all versions up to, and including, 2.2.10 due to insuf…
High
CVE-2024-13481
The LTL Freight Quotes – R+L Carriers Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' and 'dropship_edit_id' parameters in all versions up to, and including, 3.3.4 due t…
High
CVE-2024-13479
The LTL Freight Quotes – SEFL Edition plugin for WordPress is vulnerable to SQL Injection via the 'dropship_edit_id' and 'edit_id' parameters in all versions up to, and including, 3.2.4 due to insuff…
High
CVE-2024-13478
The LTL Freight Quotes – TForce Edition plugin for WordPress is vulnerable to SQL Injection via the 'dropship_edit_id' and 'edit_id' parameters in all versions up to, and including, 3.6.4 due to insu…
High
CVE-2024-13489
The LTL Freight Quotes – Old Dominion Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' and 'dropship_edit_id' parameters in all versions up to, and including, 4.2.10 due…
High
CVE-2025-1135
A vulnerability exists in ChurchCRM 5.13.0. and prior that allows an attacker to execute arbitrary SQL queries by exploiting a boolean-based and time-based blind SQL Injection vulnerability in the Ba…
High
CVE-2025-1134
A vulnerability exists in ChurchCRM 5.13.0 and prior that allows an attacker to execute arbitrary SQL queries by exploiting a boolean-based and time-based blind SQL Injection vulnerability in the Don…
High
CVE-2025-1133
A vulnerability exists in ChurchCRM 5.13.0 and prior that allows an attacker to execute arbitrary SQL queries by exploiting a boolean-based blind SQL Injection vulnerability in the EditEventAttendees…
High
CVE-2025-1132
A time-based blind SQL Injection vulnerability exists in the ChurchCRM 5.13.0 and prior EditEventAttendees.php within the EN_tyid parameter. The parameter is directly inserted into an SQL query witho…
Medium
CVE-2024-13712
The Pollin plugin for WordPress is vulnerable to SQL Injection via the 'question' parameter in all versions up to, and including, 1.01.1 due to insufficient escaping on the user supplied parameter an…
Medium
CVE-2024-13676
The Categorized Gallery Plugin plugin for WordPress is vulnerable to SQL Injection via the 'field' attribute of the 'image_gallery' shortcode in all versions up to, and including, 2.0 due to insuffic…
2025-02-18
Critical
CVE-2025-26617
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQL Injection vulnerability was discovered in the WeGIA application, `historico_paciente.php` endpoin…
High
CVE-2025-26614
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQL Injection vulnerability was discovered in the WeGIA application, `deletar_documento.php` endpoint…
Critical
CVE-2025-26612
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQL Injection vulnerability was discovered in the WeGIA application, `adicionar_almoxarife.php` endpo…
Critical
CVE-2025-26611
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQL Injection vulnerability was discovered in the WeGIA application, `remover_produto.php` endpoint.…
Critical
CVE-2025-26610
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQL Injection vulnerability was discovered in the WeGIA application, `restaurar_produto_desocultar.ph…
Critical
CVE-2025-26609
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQL Injection vulnerability was discovered in the WeGIA application, `familiar_docfamiliar.php` endpo…
Critical
CVE-2025-26608
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQL Injection vulnerability was discovered in the WeGIA application, `dependente_docdependente.php` e…
Critical
CVE-2025-26607
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQL Injection vulnerability was discovered in the WeGIA application, `documento_excluir.php` endpoint…
Critical
CVE-2025-26606
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQL Injection vulnerability was discovered in the WeGIA application, `informacao_adicional.php` endpo…
High
CVE-2025-26605
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQL Injection vulnerability was discovered in the WeGIA application, `deletar_cargo.php` endpoint. Th…
High
CVE-2025-22639
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Techspawn Distance Rate Shipping for WooCommerce distance-rate-shipping-for-woocommerce-pro allow…
Critical
CVE-2024-55460
A time-based SQL injection vulnerability in the login page of BoardRoom Limited Dividend Distribution Tax Election System Version v2.0 allows attackers to execute arbitrary code via a crafted input.
Medium
CVE-2025-22207
Improperly built order clauses lead to a SQL injection vulnerability in the backend task list of com_scheduler.
Critical
CVE-2025-1023
A vulnerability exists in ChurchCRM 5.13.0 and prior that allows an attacker to execute arbitrary SQL queries by exploiting a time-based blind SQL Injection vulnerability in the EditEventTypes functi…
Medium
CVE-2024-13369
The Tour Master - Tour Booking, Travel, Hotel plugin for WordPress is vulnerable to time-based SQL Injection via the ‘review_id’ parameter in all versions up to, and including, 5.3.7 due to insuffici…
Medium
CVE-2024-13595
The Simple Signup Form plugin for WordPress is vulnerable to SQL Injection via the 'id' attribute of the 'ssf' shortcode in all versions up to, and including, 1.6.5 due to insufficient escaping on th…
Critical
CVE-2025-25222
The LuxCal Web Calendar prior to 5.3.3M (MySQL version) and prior to 5.3.3L (SQLite version) contains an SQL injection vulnerability in retrieve.php. If this vulnerability is exploited, information i…
Critical
CVE-2025-25221
The LuxCal Web Calendar prior to 5.3.3M (MySQL version) and prior to 5.3.3L (SQLite version) contains an SQL injection vulnerability in pdf.php. If this vulnerability is exploited, information in a d…
2025-02-17
Medium
CVE-2025-1381
A vulnerability was found in code-projects Real Estate Property Management System 1.0. It has been classified as critical. This affects an unknown part of the file /ajax_city.php. The manipulation of…
Medium
CVE-2025-1380
A vulnerability was found in Codezips Gym Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /dashboard/admin/del_plan.php. The manipul…
Medium
CVE-2025-1379
A vulnerability has been found in code-projects Real Estate Property Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /Admin/Cu…
High
CVE-2024-13726
The Coder WordPress plugin through 1.3.4 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL…
Medium
CVE-2024-13608
The Track Logins WordPress plugin through 1.0 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks
High
CVE-2025-1389
Orca HCM from Learning Digital has a SQL Injection vulnerability, allowing attackers with regular privileges to inject arbitrary SQL commands to read, modify, and delete database contents.
Medium
CVE-2025-1374
A vulnerability classified as critical has been found in code-projects Real Estate Property Management System 1.0. This affects an unknown part of the file /search.php. The manipulation of the argume…
2025-02-16
High
CVE-2025-26755
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in jgwhite33 WP Airbnb Review Slider wp-airbnb-review-slider allows Blind SQL Injection.This issue a…
Critical
CVE-2025-22290
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in enituretechnology LTL Freight Quotes – FreightQuote Edition ltl-freight-quotes-freightquote-editi…
Medium
CVE-2025-1356
A vulnerability was found in needyamin Library Card System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file card.php. The manipulation of the argum…
2025-02-15
Medium
CVE-2024-13500
The WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter i…
High
CVE-2024-13488
The LTL Freight Quotes – Estes Edition plugin for WordPress is vulnerable to SQL Injection via the 'dropship_edit_id' and 'edit_id' parameters in all versions up to, and including, 3.3.7 due to insuf…
Medium
CVE-2025-22209
A SQL injection vulnerability in the JS Jobs plugin versions 1.1.5-1.4.3 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands via the 'searchpaymentstatus' para…
Medium
CVE-2025-22208
A SQL injection vulnerability in the JS Jobs plugin versions 1.1.5-1.4.3 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands via the 'filter_email' parameter i…
2025-02-14
Medium
CVE-2025-26157
A SQL Injection vulnerability was found in /bpms/index.php in Source Code and Project Beauty Parlour Management System V1.1, which allows remote attackers to execute arbitrary code via the name POST…
High
CVE-2025-26156
A SQL Injection vulnerability was found in /shopping/track-orders.php in PHPGurukul Online Shopping Portal v2.1, which allows remote attackers to execute arbitrary code via orderid POST request param…
High
CVE-2025-25994
SQL Injection vulnerability in FeMiner wms wms 1.0 allows a remote attacker to obtain sensitive information via the parameters date1, date2, id.
Medium
CVE-2025-25993
SQL Injection vulnerability in FeMiner wms wms 1.0 allows a remote attacker to obtain sensitive information via the parameter "itemid."
Medium
CVE-2025-25992
SQL Injection vulnerability in FeMiner wms 1.0 allows a remote attacker to obtain sensitive information via the inquire_inout_item.php component.
Medium
CVE-2025-25991
SQL Injection vulnerability in hooskcms v.1.7.1 allows a remote attacker to obtain sensitive information via the /install/index.php component.
Critical
CVE-2024-13152
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BSS Software Mobuy Online Machinery Monitoring Panel allows SQL Injection. This issue affects Mo…
Medium
CVE-2025-0821
Bit Assist plugin for WordPress is vulnerable to time-based SQL Injection via the ‘id’ parameter in all versions up to, and including, 1.5.2 due to insufficient escaping on the user supplied paramete…
2025-02-13
Critical
CVE-2025-25389
A SQL Injection vulnerability was found in /admin/forgot-password.php in Phpgurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the contactno POST request par…
Critical
CVE-2025-25388
A SQL Injection vulnerability was found in /admin/edit-propertytype.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the editid GET request param…
High
CVE-2025-25387
A SQL Injection vulnerability was found in /admin/manage-propertytype.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the propertytype POST requ…
High
CVE-2025-25357
A SQL Injection vulnerability was found in /admin/contactus.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the email POST request parameter.
High
CVE-2025-25356
A SQL Injection vulnerability was found in /admin/bwdates-reports-details.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the " todate" POST req…
High
CVE-2025-25355
A SQL Injection vulnerability was found in /admin/bwdates-reports-details.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the fromdate POST requ…
High
CVE-2025-25354
A SQL Injection was found in /admin/admin-profile.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the contactnumber POST request parameter.
High
CVE-2025-25352
A SQL Injection vulnerability was found in /admin/aboutus.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the pagetitle POST request parameter.
High
CVE-2025-1094
Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral(), PQescapeIdentifier(), PQescapeString(), and PQescapeStringConn() allows a database input provider to achieve…
2025-02-12
Critical
CVE-2022-31631
In PHP versions 8.0.* before 8.0.27, 8.1.* before 8.1.15, 8.2.* before 8.2.2 when using PDO::quote() function to quote user-supplied data for SQLite, supplying an overly long string may cause the dri…
Medium
CVE-2025-1227
A vulnerability was found in ywoa up to 2024.07.03. It has been rated as critical. This issue affects the function selectList of the file com/cloudweb/oa/mapper/xml/AddressDao.xml. The manipulation l…
Medium
CVE-2025-1224
A vulnerability classified as critical was found in ywoa up to 2024.07.03. This vulnerability affects the function listNameBySql of the file com/cloudweb/oa/mapper/xml/UserMapper.xml. The manipulatio…
Medium
CVE-2025-1216
A vulnerability, which was classified as critical, has been found in ywoa up to 2024.07.03. This issue affects the function selectNoticeList of the file com/cloudweb/oa/mapper/xml/OaNoticeMapper.xml.…
Medium
CVE-2025-1210
A vulnerability classified as critical was found in code-projects Wazifa System 1.0. Affected by this vulnerability is an unknown functionality of the file /controllers/control.php. The manipulation…
Critical
CVE-2025-25351
PHPGurukul Daily Expense Tracker System v1.1 is vulnerable to SQL Injection in /dets/add-expense.php via the dateexpense parameter.
Critical
CVE-2025-25349
PHPGurukul Daily Expense Tracker System v1.1 is vulnerable to SQL Injection in /dets/add-expense.php via the costitem parameter.
Medium
CVE-2025-1206
A vulnerability was found in Codezips Gym Management System 1.0. It has been classified as critical. This affects an unknown part of the file /dashboard/admin/viewdetailroutine.php. The manipulation…
Medium
CVE-2025-1202
A vulnerability classified as critical has been found in SourceCodester Best Church Management Software 1.1. Affected is an unknown function of the file /admin/edit_slider.php. The manipulation of th…
Medium
CVE-2025-26348
A CWE-89 "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')" in maxprofile/menu/model.lua (editUserMenu endpoint) in Q-Free MaxTime less than or equal to version 2.…
Medium
CVE-2025-26346
A CWE-89 "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')" in maxprofile/menu/model.lua (editUserGroupMenu endpoint) in Q-Free MaxTime less than or equal to versi…
Medium
CVE-2025-1201
A vulnerability was found in SourceCodester Best Church Management Software 1.1. It has been rated as critical. This issue affects some unknown processing of the file /admin/app/profile_crud.php. The…
Medium
CVE-2025-1200
A vulnerability was found in SourceCodester Best Church Management Software 1.1. It has been declared as critical. This vulnerability affects unknown code of the file /admin/app/slider_crud.php. The…
Medium
CVE-2025-1199
A vulnerability was found in SourceCodester Best Church Management Software 1.1. It has been classified as critical. This affects an unknown part of the file /admin/app/role_crud.php. The manipulatio…
Medium
CVE-2025-1197
A vulnerability has been found in code-projects Real Estate Property Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /_parse/l…
High
CVE-2024-13532
The Small Package Quotes – Purolator Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' and 'dropship_edit_id' parameters in all versions up to, and including, 3.6.4 due to…
High
CVE-2024-13480
The LTL Freight Quotes – For Customers of FedEx Freight plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' and 'dropship_edit_id' parameters in all versions up to, and including, 3…
High
CVE-2024-13477
The LTL Freight Quotes – Unishippers Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' parameter in all versions up to, and including, 2.5.8 due to insufficient escaping o…
Medium
CVE-2025-1192
A vulnerability was found in SourceCodester Multi Restaurant Table Reservation System 1.0. It has been classified as critical. Affected is an unknown function of the file select-menu.php. The manipul…
Medium
CVE-2025-1191
A vulnerability was found in SourceCodester Multi Restaurant Table Reservation System 1.0 and classified as critical. This issue affects some unknown processing of the file /dashboard/approve-reject.…
Medium
CVE-2025-1189
A vulnerability, which was classified as critical, was found in 1000 Projects Attendance Tracking Management System 1.0. This affects an unknown part of the file /admin/chart1.php. The manipulation o…
High
CVE-2024-32838
SQL Injection vulnerability in various API endpoints - offices, dashboards, etc. Apache Fineract versions 1.9 and before have a vulnerability that allows an authenticated attacker to inject malicious…
High
CVE-2024-13531
The ShipEngine Shipping Quotes plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' parameter in all versions up to, and including, 1.0.7 due to insufficient escaping on the user sup…
High
CVE-2024-13490
The LTL Freight Quotes – XPO Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' and 'dropship_edit_id' parameters in all versions up to, and including, 4.3.7 due to insuffi…
High
CVE-2024-13475
The Small Package Quotes – UPS Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' parameter in all versions up to, and including, 4.5.16 due to insufficient escaping on the…
High
CVE-2024-13473
The LTL Freight Quotes – Worldwide Express Edition plugin for WordPress is vulnerable to SQL Injection via the 'dropship_edit_id' and 'edit_id' parameter in all versions up to, and including, 5.0.20…
High
CVE-2024-13435
The Ebook Downloader plugin for WordPress is vulnerable to SQL Injection via the 'download' parameter in all versions up to, and including, 1.0 due to insufficient escaping on the user supplied param…
Medium
CVE-2025-1188
A vulnerability, which was classified as critical, has been found in Codezips Gym Management System 1.0. Affected by this issue is some unknown functionality of the file /dashboard/admin/updateroutin…
Medium
CVE-2025-1185
A vulnerability was found in pihome-shc PiHome 2.0. It has been classified as critical. This affects an unknown part of the file /ajax.php?Ajax=GetModal_Sensor_Graph. The manipulation leads to sql in…
High
CVE-2025-26520
Cacti through 1.2.29 allows SQL injection in the template function in host_templates.php via the graph_template parameter. NOTE: this issue exists because of an incomplete fix for CVE-2024-54146.
Medium
CVE-2025-1184
A vulnerability was found in pihome-shc PiHome 1.77 and classified as critical. Affected by this issue is some unknown functionality of the file /ajax.php?Ajax=GetModal_MQTTEdit. The manipulation of…
Medium
CVE-2025-1183
A vulnerability has been found in CodeZips Gym Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /dashboard/admin/more-userprofi…
2025-02-11
Medium
CVE-2024-55212
DNNGo xBlog v6.5.0 was discovered to contain a SQL injection vulnerability via the Categorys parameter at /DNNGo_xBlog/Resource_Service.aspx.