CVE-2023-32115

An attacker can exploit MDS COMPARE TOOL and use specially crafted inputs to read and modify database commands, resulting in the retrieval of additional information persisted by the system...

CVE-2023-36968

A SQL Injection vulnerability detected in Food Ordering System v1.0 allows attackers to run commands on the database by sending crafted SQL queries to the ID parameter...

CVE-2010-4721

SQL injection vulnerability in news.php in Immo Makler allows remote attackers to execute arbitrary SQL commands via the id parameter...

CVE-2010-3604

SQL injection vulnerability in the powermail extension 1.5.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...

CVE-2025-3708 Le-show Medical Practice Management System - SQL Injection

Le-show medical practice management system from Le-yan has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents...

CVE-2024-12706

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in OpenText™ Digital Asset Management. T he vulnerability could allow an authenticated user to run arbitrary SQL commands on the underlying database. This issue affects Digital Asset Management.:...

The vulnerability of the “Emergency Call-112” module, related to the failure to protect the SQL query structure, allows attackers to execute arbitrary SQL code.

The vulnerability of the “Emergency Call-112” module is related to the failure to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL code remotely...

Agito Computer Life4All SQL注入漏洞

Agito Computer Life4All is a healthy living application from Agito Computer. A SQL injection vulnerability exists in Agito Computer Life4All versions prior to 10.01.2025 that stems from improper neutralization of special elements in SQL commands...

Nagios XI 安全漏洞

Nagios XI is a suite of IT infrastructure monitoring solutions from the US-based Nagios. The solution supports monitoring and alerting of applications, services, operating systems, and more. A security vulnerability exists in Nagios XI version 2024R1.2.2, which stems from not filtering user input...

CVE-2025-1135

A vulnerability exists in ChurchCRM 5.13.0. and prior that allows an attacker to execute arbitrary SQL queries by exploiting a boolean-based and time-based blind SQL Injection vulnerability in the BatchWinnerEntry functionality. The CurrentFundraiser parameter is directly concatenated into an SQL...

PT-2025-6942 · Joomla · Js Jobs

Name of the Vulnerable Software and Affected Versions: JS Jobs plugin versions 1.1.5 through 1.4.3 for Joomla Description: A SQL injection issue allows authenticated attackers, with administrator privileges, to execute arbitrary SQL commands via the searchpaymentstatus parameter in the Employer...

CVE-2019-3661

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' in McAfee Advanced Threat Defense ATD prior to 4.8 allows remote authenticated attacker to execute database commands via carefully constructed time based payloads...

PT-2025-2958 · Easyvirt · Easyvirt Dcscope +1

Name of the Vulnerable Software and Affected Versions: EasyVirt DCScope versions 8.6.0 and earlier EasyVirt CO2Scope versions 1.3.0 and earlier Description: The issue allows remote authenticated attackers to execute arbitrary SQL commands. This can be achieved via various parameters to different...

CVE-2024-54921

CVE-2024-54921 affects Kashipara E-learning Management System v1.0, with a SQL injection in /student_signup.php that allows remote attackers to execute arbitrary SQL through the username, firstname, lastname, and class_id parameters, leading to unauthorized database access. The CVSS v3.1 data ind...

Wazifa System control.php File SQL Injection Vulnerability

Wazifa System is a content management system. Wazifa System suffers from a SQL injection vulnerability that stems from a lack of validation of externally-entered SQL statements in the parameter to of the file /controllers/control.php. An attacker can exploit this vulnerability to execute illegal...

Mitel MiCollab SQL Injection Vulnerability (CNVD-2024-42930)

Mitel MiCollab is an enterprise-grade audio, web and video conferencing solution that provides efficient collaboration and communication capabilities. An SQL injection vulnerability exists in Mitel MiCollab, which can be exploited by an attacker to access non-sensitive user configuration...

CVE-2024-47189

The API Interface of the AWV Audio, Web and Video Conferencing component of Mitel MiCollab through 9.8 SP1 FP2 9.8.1.201 could allow an unauthenticated attacker to conduct SQL injection due to insufficient sanitization of user input. A successful exploit could allow an attacker with knowledge of...

CVE-2024-47223

A vulnerability in the AWV Audio, Web and Video Conferencing component of Mitel MiCollab through 9.8 SP1 FP2 9.8.1.201 could allow an unauthenticated attacker to conduct a SQL injection attack due to insufficient sanitization of user input. A successful exploit could allow an attacker to access...

CVE-2024-47223

CVE-2024-47223 affects the AWV (Audio, Web and Video Conferencing) component of Mitel MiCollab up to version 9.8 SP1 FP2 (9.8.1.201). The Red Hat/NCSC/PTSecurity and CVE records describe an unauthenticated SQL injection caused by insufficient input sanitization, enabling access to non-sensitive u...

CVE-2024-47189

The API Interface of the AWV Audio, Web and Video Conferencing component of Mitel MiCollab through 9.8 SP1 FP2 9.8.1.201 could allow an unauthenticated attacker to conduct SQL injection due to insufficient sanitization of user input. A successful exploit could allow an attacker with knowledge of...