Lucene search
K

1836 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/17 12:11 p.m.8 views

CVE-2018-25333

Nordex N149/4.0-4.5 Wind Turbine Web Server 4.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the login parameter in login.php. Attackers can submit crafted POST requests with SQL injection payloa...

8.8CVSS6.1AI score0.00343EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/16 3:26 p.m.10 views

CVE-2021-47980 Fuel CMS 1.4.13 Blind SQL Injection via col Parameter

Fuel CMS 1.4.13 contains a blind SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'col' parameter in the Activity Log interface. Attackers can send requests to the logs endpoint with malicious SQL payloads in the 'col...

7.1CVSS5.9AI score0.00226EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/16 3:26 p.m.11 views

EUVD-2021-34841

LayerBB 1.1.4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the searchquery parameter. Attackers can send POST requests to /search.php with malicious searchquery values using CASE WHEN statements to extra...

8.8CVSS5.9AI score0.00237EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/16 3:25 p.m.9 views

CVE-2020-37244 WordPress Plugin Supsystic Membership 1.4.7 SQL Injection via sidx

Supsystic Membership 1.4.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'search' and 'sidx' parameters. Attackers can send GET requests to the badges module with crafted payloads to extract...

8.8CVSS6.1AI score0.00276EPSS
Exploits0References4
Veracode
Veracode
added 2026/05/16 9:40 a.m.15 views

SQL Injection

XWiki Full Calendar Macro is vulnerable to SQL Injection. The vulnerability is due to a SQL injection vulnerability by accessing database info or starting a DoS attack, where users with the right to view the Calendar.JSONService page including guest users can exploit this issue and access databas...

10CVSS5.8AI score0.00282EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2026/05/13 2:17 p.m.16 views

CVE-2026-37428

qihang-wms commit 75c15a was discovered to contain a SQL injection vulnerability via the datascope parameter in the SysDeptMapper.xml file. This vulnerability allows attackers to access sensitive database information, including users' Personally Identifiable Information PII...

6.5CVSS0.00209EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/08 12:0 a.m.15 views

CVE-2026-37431

Beauty Parlour Management System v1.1 was discovered to contain a SQL injection vulnerability via the aptnumber parameter in the /appointment-detail.php endpoint. This vulnerability allows attackers to access sensitive database information via a crafted SQL statement...

5.9AI score0.0026EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/21 12:0 a.m.10 views

WordPress plugin CMS für Motorrad Werkstätten SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application plugin. The WordPre...

6.5CVSS5.9AI score0.00324EPSS
Exploits0References1
NVD
NVD
added 2026/04/12 1:16 p.m.7 views

CVE-2019-25710

Dolibarr ERP-CRM 8.0.4 contains an SQL injection vulnerability in the rowid parameter of the admin dict.php endpoint that allows attackers to execute arbitrary SQL queries. Attackers can inject malicious SQL code through the rowid POST parameter to extract sensitive database information using...

9.1CVSS0.00311EPSS
Exploits1References4
NVD
NVD
added 2026/04/12 1:16 p.m.4 views

CVE-2019-25703

ImpressCMS 1.3.11 contains a time-based blind SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'bid' parameter. Attackers can send POST requests to the admin.php endpoint with malicious 'bid' values containing SQL...

8.8CVSS0.00342EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/04/12 12:28 p.m.33 views

CVE-2019-25707 eBrigade ERP 4.5 SQL Injection via pdf.php

eBrigade ERP 4.5 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to pdf.php with crafted SQL payloads in the 'id' parameter to extract sensitive...

7.1CVSS0.00269EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/04/12 12:28 p.m.4 views

CVE-2019-25703

ImpressCMS 1.3.11 contains a time-based blind SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'bid' parameter. Attackers can send POST requests to the admin.php endpoint with malicious 'bid' values containing SQL...

7.1CVSS6AI score0.00342EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/12 12:28 p.m.3 views

CVE-2019-25697 CMSsite 1.0 SQL Injection via category.php

CMSsite 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the catid parameter. Attackers can send GET requests to category.php with malicious catid values to extract sensitive database information includi...

8.8CVSS5.9AI score0.00413EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/04/12 12:0 a.m.16 views

PT-2026-32169

eBrigade ERP 4.5 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to pdf.php with crafted SQL payloads in the 'id' parameter to extract sensitive...

7.1CVSS6.2AI score0.00269EPSS
Exploits1References5
NVD
NVD
added 2026/04/05 9:16 p.m.5 views

CVE-2019-25668

News Website Script 2.0.5 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the news ID parameter. Attackers can send GET requests to index.php/show/news/ with malicious SQL statements to extract sensitive...

8.8CVSS0.004EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/04/05 8:45 p.m.2 views

CVE-2019-25690

Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the mngprofileid parameter. Attackers can send crafted requests with malicious SQL payloads in the mngprofileid parameter to extract sensitive database...

8.8CVSS6AI score0.00311EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/04/05 8:45 p.m.2 views

CVE-2019-25684

OpenDocMan 1.3.4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'where' parameter. Attackers can send GET requests to search.php with malicious SQL payloads in the 'where' parameter to extract sensitiv...

8.8CVSS6AI score0.00327EPSS
Exploits1References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/27 2:24 p.m.13 views

CVE-2021-27672

SQL Injection in the "adminboxes.ajax.php" component of Tribal Systems Zenario CMS v8.8.52729 allows remote attackers to obtain sesnitive database information by injecting SQL commands into the "cID" parameter when creating a new HTML component...

4.9CVSS7.8AI score0.01327EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/03/26 11:39 a.m.7 views

CVE-2018-25207 Online Quiz Maker 1.0 SQL Injection via catid Parameter

Online Quiz Maker 1.0 contains SQL injection vulnerabilities in the catid and usern parameters that allow authenticated attackers to execute arbitrary SQL commands. Attackers can submit malicious POST requests to quiz-system.php or add-category.php with crafted SQL payloads in POST parameters to...

7.1CVSS6.2AI score0.0027EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/26 11:39 a.m.3 views

CVE-2018-25205

ASP.NET jVideo Kit 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to inject SQL commands through the 'query' parameter in the search functionality. Attackers can submit malicious SQL payloads via GET or POST requests to the /search endpoint to extract sensitive...

8.8CVSS5.9AI score0.00267EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder