Medium
CVE-2024-5107
A vulnerability, which was classified as critical, has been found in Campcodes Complete Web-Based School Management System 1.0. This issue affects some unknown processing of the file /view/student_pa…
Tag: SQL Injection
All CVEs associated with "SQL Injection". Page 62/175 • 20884 CVEs.
Subscribe CVEs: RSS for “SQL Injection” · RSS (High+Critical only)
About “SQL Injection”
A curated feed of “SQL Injection”-related CVEs appears below. We currently track 20884 CVEs for this tag (all time). In the last 365 days, 4061 were published. Average CVSS is 7.7 (all time; 7.3 over 365d), and 76% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'), CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'), CWE-20 - Improper Input Validation.
In our taxonomy this topic maps to a HIGH impact class. Common exploitation patterns for this weakness can lead to high. Use the filters to triage high risk first and validate exposure in your environment. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2024-05-20
2024-05-19
Medium
CVE-2024-5106
A vulnerability classified as critical was found in Campcodes Complete Web-Based School Management System 1.0. This vulnerability affects unknown code of the file /view/student_payment_details3.php.…
Medium
CVE-2024-5105
A vulnerability classified as critical has been found in Campcodes Complete Web-Based School Management System 1.0. This affects an unknown part of the file /view/student_payment_details.php. The man…
Medium
CVE-2024-5104
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /view/student_g…
Medium
CVE-2024-5103
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /view/…
Medium
CVE-2024-5101
A vulnerability was found in SourceCodester Simple Inventory System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file updateproduct.php. The manipulation of t…
Medium
CVE-2024-5100
A vulnerability was found in SourceCodester Simple Inventory System 1.0. It has been classified as critical. This affects an unknown part of the file tableedit.php. The manipulation of the argument f…
Medium
CVE-2024-5099
A vulnerability was found in SourceCodester Simple Inventory System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file updateprice.php. The manipulation…
Medium
CVE-2024-5098
A vulnerability has been found in SourceCodester Simple Inventory System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file login.php. The manipula…
2024-05-18
High
CVE-2024-5094
A vulnerability was found in SourceCodester Best House Rental Management System 1.0 and classified as critical. This issue affects some unknown processing of the file view_payment.php. The manipulati…
High
CVE-2024-5093
A vulnerability has been found in SourceCodester Best House Rental Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file login.php. The manipulation of…
2024-05-17
Medium
CVE-2024-5069
A vulnerability, which was classified as critical, has been found in SourceCodester Simple Online Mens Salon Management System 1.0. Affected by this issue is some unknown functionality of the file vi…
Medium
CVE-2024-5066
A vulnerability classified as critical was found in PHPGurukul Online Course Registration System 3.1. Affected by this vulnerability is an unknown functionality of the file /pincode-verification.php.…
High
CVE-2024-5065
A vulnerability classified as critical has been found in PHPGurukul Online Course Registration System 3.1. Affected is an unknown function of the file /onlinecourse/. The manipulation of the argument…
High
CVE-2024-5064
A vulnerability was found in PHPGurukul Online Course Registration System 3.1. It has been rated as critical. This issue affects some unknown processing of the file news-details.php. The manipulation…
High
CVE-2024-5063
A vulnerability was found in PHPGurukul Online Course Registration System 3.1. It has been declared as critical. This vulnerability affects unknown code of the file /admin/index.php. The manipulation…
Medium
CVE-2024-5051
A vulnerability has been found in SourceCodester Gas Agency Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file edituser.php. The manipulation of the…
Medium
CVE-2024-5048
A vulnerability classified as critical was found in code-projects Budget Management 1.0. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the arg…
High
CVE-2024-5046
A vulnerability was found in SourceCodester Online Examination System 1.0. It has been rated as critical. This issue affects some unknown processing of the file registeracc.php. The manipulation of t…
Critical
CVE-2024-22120
Zabbix server can perform command execution for configured scripts. After command is executed, audit entry is added to "Audit Log". Due to "clientip" field is not sanitized, it is possible to injecti…
2024-05-16
Critical
CVE-2024-4992
Vulnerability in SiAdmin 1.1 that allows SQL injection via the /modul/mod_kuliah/aksi_kuliah.php parameter in nim. This vulnerability could allow a remote attacker to send a specially crafted SQL que…
Critical
CVE-2024-4991
Vulnerability in SiAdmin 1.1 that allows SQL injection via the /modul/mod_pass/aksi_pass.php parameter in nama_lengkap. This vulnerability could allow a remote attacker to send a specially crafted SQ…
Critical
CVE-2024-4826
SQL injection vulnerability in Simple PHP Shopping Cart affecting version 0.9. This vulnerability could allow an attacker to retrieve all the information stored in the database by sending a specially…
Medium
CVE-2024-4973
A vulnerability classified as critical was found in code-projects Simple Chat System 1.0. This vulnerability affects unknown code of the file /register.php. The manipulation of the argument name/numb…
High
CVE-2024-4352
The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on the 'get_calendar_materials' function. The…
Medium
CVE-2024-4972
A vulnerability classified as critical has been found in code-projects Simple Chat System 1.0. This affects an unknown part of the file /login.php. The manipulation of the argument email/password lea…
Medium
CVE-2024-4967
A vulnerability was found in SourceCodester Interactive Map with Marker 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /endpoint/delete-…
High
CVE-2024-4318
The Tutor LMS plugin for WordPress is vulnerable to time-based SQL Injection via the ‘question_id’ parameter in versions up to, and including, 2.7.0 due to insufficient escaping on the user supplied…
Medium
CVE-2024-4933
A vulnerability has been found in SourceCodester Simple Online Bidding System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /simple-online-bid…
Medium
CVE-2024-4932
A vulnerability, which was classified as critical, was found in SourceCodester Simple Online Bidding System 1.0. Affected is an unknown function of the file /simple-online-bidding-system/admin/index.…
Medium
CVE-2024-4931
A vulnerability, which was classified as critical, has been found in SourceCodester Simple Online Bidding System 1.0. This issue affects some unknown processing of the file /simple-online-bidding-sys…
Medium
CVE-2024-4930
A vulnerability classified as critical was found in SourceCodester Simple Online Bidding System 1.0. This vulnerability affects unknown code of the file /simple-online-bidding-system/index.php?page=v…
Medium
CVE-2024-4928
A vulnerability was found in SourceCodester Simple Online Bidding System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /simple-online-bidding-sy…
Medium
CVE-2024-4926
A vulnerability was found in SourceCodester School Intramurals Student Attendance Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /intrams_sams/…
Medium
CVE-2024-4925
A vulnerability was found in SourceCodester School Intramurals Student Attendance Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /intrams_sam…
Medium
CVE-2024-4919
A vulnerability was found in Campcodes Online Examination System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /adminpanel/admin/query/addCourseExe.php. T…
2024-05-15
Medium
CVE-2024-4918
A vulnerability was found in Campcodes Online Examination System 1.0. It has been classified as critical. This affects an unknown part of the file updateQuestion.php. The manipulation of the argument…
Medium
CVE-2024-4917
A vulnerability was found in Campcodes Online Examination System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file submitAnswerExe.php. The manipulation…
Medium
CVE-2024-4916
A vulnerability has been found in Campcodes Online Examination System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file selExamAttemptExe.php. The…
Medium
CVE-2024-4915
A vulnerability, which was classified as critical, was found in Campcodes Online Examination System 1.0. Affected is an unknown function of the file result.php. The manipulation of the argument id le…
Medium
CVE-2024-4914
A vulnerability, which was classified as critical, has been found in Campcodes Online Examination System 1.0. This issue affects some unknown processing of the file ranking-exam.php. The manipulation…
Medium
CVE-2024-4913
A vulnerability classified as critical was found in Campcodes Online Examination System 1.0. This vulnerability affects unknown code of the file exam.php. The manipulation of the argument id leads to…
Medium
CVE-2024-4912
A vulnerability classified as critical has been found in Campcodes Online Examination System 1.0. This affects an unknown part of the file addExamExe.php. The manipulation of the argument examTitle l…
Medium
CVE-2024-4911
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /view/student_e…
Medium
CVE-2024-4910
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /view/…
Medium
CVE-2024-4909
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /view/student_due_payment.php.…
Medium
CVE-2024-4908
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /view/student_attendance_hist…
Medium
CVE-2024-4907
A vulnerability has been found in Campcodes Complete Web-Based School Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /view/show_student2.php. Th…
Medium
CVE-2024-4906
A vulnerability, which was classified as critical, was found in Campcodes Complete Web-Based School Management System 1.0. This affects an unknown part of the file /view/show_student1.php. The manipu…
Medium
CVE-2024-4905
A vulnerability classified as critical has been found in Kashipara College Management System 1.0. Affected is an unknown function of the file view_students_each_detail.php. The manipulation of the ar…
Medium
CVE-2024-4903
A vulnerability was found in Tongda OA 2017. It has been declared as critical. This vulnerability affects unknown code of the file /general/meeting/manage/delete.php. The manipulation of the argument…
Critical
CVE-2024-34955
Code-projects Budget Management 1.0 is vulnerable to SQL Injection via the delete parameter.
High
CVE-2024-4010
The Email Subscribers by Icegram Express plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to a missing capability check on the handle_ajax…
Critical
CVE-2024-32888
The Amazon JDBC Driver for Redshift is a Type 4 JDBC driver that provides database connectivity through the standard JDBC application program interfaces (APIs) available in the Java Platform, Enterpr…
High
CVE-2024-4847
The Alt Text AI – Automatically generate image alt text for SEO and accessibility plugin for WordPress is vulnerable to generic SQL Injection via the ‘last_post_id’ parameter in all versions up to, a…
2024-05-14
High
CVE-2022-28132
The T-Soft E-Commerce 4 web application is susceptible to SQL injection (SQLi) attacks when authenticated as an admin or privileged user. This vulnerability allows attackers to access and manipulate…
Critical
CVE-2024-33485
SQL Injection vulnerability in CASAP Automated Enrollment System using PHP/MySQLi with Source Code V1.0 allows a remote attacker to obtain sensitive information via a crafted payload to the login.php…
Medium
CVE-2023-24204
SQL injection vulnerability in SourceCodester Simple Customer Relationship Management System v1.0 allows attacker to execute arbitrary code via the name parameter in get-quote.php.
Critical
CVE-2024-34256
OFCMS V1.1.2 is vulnerable to SQL Injection via the new table function.
Medium
CVE-2024-33009
SAP Global Label Management is vulnerable to SQL injection. On exploitation the attacker can use specially crafted inputs to modify database commands resulting in the retrieval of additional informat…
Critical
CVE-2024-4824
Vulnerability in School ERP Pro+Responsive 1.0 that allows SQL injection through the '/SchoolERP/office_admin/' index in the parameters groups_id, examname, classes_id, es_voucherid, es_class, etc. T…
Medium
CVE-2024-4808
A vulnerability, which was classified as critical, was found in Kashipara College Management System 1.0. Affected is an unknown function of the file delete_faculty.php. The manipulation of the argume…
Medium
CVE-2024-4807
A vulnerability, which was classified as critical, has been found in Kashipara College Management System 1.0. This issue affects some unknown processing of the file delete_user.php. The manipulation…
Medium
CVE-2024-4806
A vulnerability classified as critical was found in Kashipara College Management System 1.0. This vulnerability affects unknown code of the file each_extracurricula_activities.php. The manipulation o…
Medium
CVE-2024-4805
A vulnerability classified as critical has been found in Kashipara College Management System 1.0. This affects an unknown part of the file edit_faculty.php. The manipulation of the argument id leads…
Medium
CVE-2024-4804
A vulnerability was found in Kashipara College Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file edit_user.php. The manipulation o…
Medium
CVE-2024-4803
A vulnerability was found in Kashipara College Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file submit_admin.php. The ma…
Medium
CVE-2024-4802
A vulnerability was found in Kashipara College Management System 1.0. It has been classified as critical. Affected is an unknown function of the file submit_extracurricular_activity.php. The manipula…
Medium
CVE-2024-4801
A vulnerability was found in Kashipara College Management System 1.0 and classified as critical. This issue affects some unknown processing of the file submit_new_faculty.php. The manipulation of the…
Medium
CVE-2024-4800
A vulnerability has been found in Kashipara College Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file submit_student.php. The manipulation of the a…
Medium
CVE-2024-4799
A vulnerability, which was classified as critical, was found in Kashipara College Management System 1.0. This affects an unknown part of the file view_each_faculty.php. The manipulation of the argume…
Medium
CVE-2024-4798
A vulnerability, which was classified as critical, has been found in SourceCodester Online Computer and Laptop Store 1.0. Affected by this issue is some unknown functionality of the file /admin/maint…
Medium
CVE-2024-4796
A vulnerability was found in Campcodes Online Laundry Management System 1.0. It has been classified as critical. This affects an unknown part of the file /manage_inv.php. The manipulation of the argu…
Medium
CVE-2024-4795
A vulnerability was found in Campcodes Online Laundry Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /manage_user.php. The manipula…
Medium
CVE-2024-4794
A vulnerability has been found in Campcodes Online Laundry Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /manage_receiving.p…
Medium
CVE-2024-4793
A vulnerability, which was classified as critical, was found in Campcodes Online Laundry Management System 1.0. Affected is an unknown function of the file /manage_laundry.php. The manipulation of th…
Medium
CVE-2024-4792
A vulnerability, which was classified as critical, has been found in Campcodes Online Laundry Management System 1.0. This issue affects some unknown processing of the file /admin_class.php. The manip…
Critical
CVE-2024-4434
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the ‘term_id’ parameter in versions up to, and including, 4.2.6.5 due to insufficient escaping…
High
CVE-2024-3055
The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to time-based SQL Injection via the ‘id’ parameter in all versions up to, and including, 1.5.…
High
CVE-2024-34310
Jin Fang Times Content Management System v3.2.3 was discovered to contain a SQL injection vulnerability via the id parameter.
Critical
CVE-2024-34226
SQL injection vulnerability in /php-sqlite-vms/?page=manage_visitor&id=1 in SourceCodester Visitor Management System 1.0 allow attackers to execute arbitrary SQL commands via the id parameters.
Medium
CVE-2024-34222
Sourcecodester Human Resource Management System 1.0 is vulnerable to SQL Injection via the searccountry parameter.
High
CVE-2024-34220
Sourcecodester Human Resource Management System 1.0 is vulnerable to SQL Injection via the 'leave' parameter.
High
CVE-2024-32739
A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to v2.8.3. An unauthenticated remote attacker can leak sensitive information via the "query_ptask_verbose" function with…
High
CVE-2024-32738
A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to v2.8.3. An unauthenticated remote attacker can leak sensitive information via the "query_ptask_lean" function within…
High
CVE-2024-32737
A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to v2.8.3. An unauthenticated remote attacker can leak sensitive information via the "query_contract_result" function wi…
High
CVE-2024-32736
A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to v2.8.3. An unauthenticated remote attacker can leak sensitive information via the "query_utask_verbose" function with…
Medium
CVE-2024-31460
Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in `automation_tree_rules.php` is not thoroughly checked and is used to conca…
High
CVE-2024-31459
Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, there is a file inclusion issue in the `lib/plugin.php` file. Combined with SQL injection vulnerabili…
Medium
CVE-2024-31458
Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in `form_save()` function in `graph_template_inputs.php` is not thoroughly ch…
High
CVE-2024-31445
Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, a SQL injection vulnerability in `automation_get_new_graphs_sql` function of `api_automation.php` all…
Medium
CVE-2024-30801
SQL Injection vulnerability in Cloud based customer service management platform v.1.0.0 allows a local attacker to execute arbitrary code via a crafted payload to Login.asp component.
High
CVE-2024-28279
Code-projects Computer Book Store 1.0 is vulnerable to SQL Injection via book.php?bookisbn=.
Critical
CVE-2024-26517
SQL Injection vulnerability in School Task Manager v.1.0 allows a remote attacker to obtain sensitive information via a crafted payload to the delete-task.php component.
Medium
CVE-2023-50718
NocoDB is software for building databases as spreadsheets. Prior to version 0.202.10, an authenticated attacker with create access could conduct a SQL Injection attack on MySQL DB using unescaped `ta…
Medium
CVE-2023-29881
phpok 6.4.003 is vulnerable to SQL injection in the function index_f() in phpok64/framework/api/call_control.php.
2024-05-08
Critical
CVE-2024-25532
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the bt_id parameter at /include/get_dict.aspx.
Medium
CVE-2024-25528
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /PersonalAffair/worklog_template_show.aspx.
Critical
CVE-2024-31961
A SQL injection vulnerability in unit.php in Sonic Shopfloor.guide before 3.1.3 allows remote attackers to execute arbitrary SQL commands via the level2 parameter.
Critical
CVE-2024-25531
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the PageID parameter at /WebUtility/SearchCondiction.aspx.
Critical
CVE-2024-25530
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the PageID parameter at /WebUtility/get_find_condiction.aspx.
Critical
CVE-2024-25529
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /WorkFlow/wf_office_file_history_show.aspx.
Critical
CVE-2024-25527
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /PersonalAffair/worklog_template_show.aspx.
Medium
CVE-2024-4654
A vulnerability was found in BlueNet Technology Clinical Browsing System 1.2.1. It has been classified as critical. This affects an unknown part of the file /xds/cloudInterface.php. The manipulation…
Medium
CVE-2024-4653
A vulnerability was found in BlueNet Technology Clinical Browsing System 1.2.1 and classified as critical. Affected by this issue is some unknown functionality of the file /xds/outIndex.php. The mani…
High
CVE-2024-26026
An SQL injection vulnerability exists in the BIG-IP Next Central Manager API (URI). Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
High
CVE-2024-25526
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the project_id parameter at /ProjectManage/pm_gatt_inc.aspx.
Critical
CVE-2024-25525
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the filename parameter at /WorkFlow/OfficeFileDownload.aspx.
Critical
CVE-2024-25524
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the sys_file_storage_id parameter at /WorkPlan/WorkPlanAttachDownLoad.aspx.
Critical
CVE-2024-25523
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the file_id parameter at /filemanage/file_memo.aspx.
Critical
CVE-2024-25522
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the office_missive_id parameter at /WorkFlow/wf_work_form_save.aspx.
Critical
CVE-2024-25521
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the txt_keyword parameter at get_company.aspx.
Critical
CVE-2024-25520
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /SysManage/sys_blogtemplate_new.aspx.
Critical
CVE-2024-25519
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the idlist parameter at /WorkFlow/wf_work_print.aspx.
Critical
CVE-2024-25518
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the template_id parameter at /WorkFlow/wf_get_fields_approve.aspx.
Critical
CVE-2024-25517
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the tbTable argument at /WebUtility/MF.aspx.
High
CVE-2024-25515
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the sys_file_storage_id parameter at /WorkFlow/wf_work_finish_file_down.aspx.
2024-05-07
Critical
CVE-2024-25514
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the template_id parameter at /SysManage/wf_template_child_field_list.aspx.
High
CVE-2024-25513
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the file_id parameter at /CorporateCulture/kaizen_download.aspx.
Critical
CVE-2024-25511
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /AddressBook/address_public_new.aspx.