Lucene search
K

291 matches found

Nuclei
Nuclei
added 2 days ago26 views

Agentejo Cockpit <0.12.0 - NoSQL Injection

Agentejo Cockpit prior to 0.12.0 is vulnerable to NoSQL Injection via the newpassword method of the Auth controller, which is responsible for displaying the user password reset form. id: CVE-2020-35848 info: name: Agentejo Cockpit 0.12.0 - NoSQL Injection author: dwisiswant0 severity: critical...

9.8CVSS7.3AI score0.74989EPSS
Exploits5References5
Nuclei
Nuclei
added 2 days ago25 views

rConfig 3.9.4 - SQL Injection

rConfig 3.9.4 and previous versions have unauthenticated compliancepolicies.inc.php SQL injection. Because nodes' passwords are stored in cleartext by default, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices. id: CVE-2020-10546 info: name:...

9.8CVSS7.3AI score0.8733EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/06/08 12:0 a.m.12 views

CodeAstro Student Attendance Management System 注入漏洞

CodeAstro Student Attendance Management System is a student attendance management system developed by CodeAstro Inc. Version 1.0 of the CodeAstro Student Attendance Management System has a SQL injection vulnerability. This vulnerability arises from incorrect operations with the parameter classId ...

6.5CVSS6.6AI score0.002EPSS
Exploits0References2
CVE
CVE
added 2026/04/07 5:33 p.m.17 views

CVE-2026-39329

CVE-2026-39329 – ChurchCRM SQL injection : Affected: ChurchCRM prior to 7.1.0. Description: Authenticated users with AddEvent privileges can inject SQL via the newEvtTypeCntLst parameter during event type creation. The vulnerability occurs in the ON DUPLICATE KEY UPDATE path where unescaped user ...

8.8CVSS5.9AI score0.00244EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/08/14 10:2 p.m.4 views

CVE-2025-8986 SourceCodester COVID 19 Testing Management System search-report-result.php sql injection

A vulnerability was determined in SourceCodester COVID 19 Testing Management System 1.0. Affected by this issue is some unknown functionality of the file /search-report-result.php. The manipulation of the argument serachdata leads to sql injection. The attack may be launched remotely. The exploit...

7.5CVSS7.6AI score0.00387EPSS
Exploits1References5
NVD
NVD
added 2024/11/22 5:15 p.m.26 views

CVE-2024-53438

EventAttendance.php in ChurchCRM 5.7.0 is vulnerable to SQL injection. An attacker can exploit this vulnerability by manipulating the 'Event' parameter, which is directly interpolated into the SQL query without proper sanitization or validation, allowing attackers to execute arbitrary SQL command...

9.8CVSS0.00531EPSS
Exploits0References2
CVE
CVE
added 2024/11/11 12:0 a.m.58 views

CVE-2024-44546

PowerJob is affected by a SQL injection vulnerability present in version parameter handling for PowerJob 3.20 and later. The issue is described across multiple sources (NVD/Red Hat/Veracode/CVE lists; PT Security) as a vulnerability in PowerJob &gt;= 3.20 that allows SQL injection via the version...

9.8CVSS7.5AI score0.00409EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2024/11/04 11:15 a.m.34 views

CVE-2024-48878

Zohocorp ManageEngine ADManager Plus versions 7241 and prior are vulnerable to SQL Injection in Archived Audit Report...

8.8CVSS0.015EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/10/31 12:0 a.m.15 views

CVE-2024-51064

Phpgurukul Teachers Record Management System v2.1 is vulnerable to SQL Injection via the tid parameter to admin/queries.php...

0.00564EPSS
Exploits1References2
CVE
CVE
added 2024/10/17 2:5 a.m.61 views

CVE-2024-45767

Dell OpenManage Enterprise (OME) before 4.2.0 contains an SQL injection vulnerability due to improper neutralization of special elements in SQL commands. A low-privilege, remote attacker could cause information disclosure. Publicly documented in CVE-2024-45767 and corroborated by NVD/CVEC/Vuln en...

6.5CVSS7.7AI score0.00312EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/10/13 9:9 p.m.7 views

CVE-2024-7099 SQL Injection in netease-youdao/qanything

netease-youdao/qanything version 1.4.1 contains a vulnerability where unsafe data obtained from user input is concatenated in SQL queries, leading to SQL injection. The affected functions include getknowledgebasename, fromstatustostatus, deletefiles, and getfilebystatus. An attacker can exploit...

9.8CVSS9.6AI score0.00608EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/09/14 3:30 a.m.10 views

CVE-2024-8669 Backuply – Backup, Restore, Migrate and Clone <= 1.3.4 - Authenticated (Admin+) SQL Injection

The Backuply – Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to SQL Injection via the 'options' parameter passed to the backuplywpclonesql function in all versions up to, and including, 1.3.4 due to insufficient escaping on the user supplied parameter and lack of sufficien...

9.1CVSS9.2AI score0.16709EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/09/02 12:0 a.m.14 views

CVE-2024-45622

ASIS aka Aplikasi Sistem Sekolah using CodeIgniter 3 3.0.0 through 3.2.0 allows index.php username SQL injection for Authentication Bypass...

8.1AI score0.36297EPSS
Exploits3References1
Vulnrichment
Vulnrichment
added 2024/07/29 4:20 p.m.24 views

CVE-2024-6748 SQL Injection

Zohocorp ManageEngine OpManager, OpManager Plus, OpManager MSP and RMM versions 128317 and below are vulnerable to authenticated SQL injection in the URL monitoring...

8.3CVSS7.7AI score0.23784EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/07/12 12:0 a.m.25 views

CVE-2024-40540

my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /api/dept...

8.3AI score0.00456EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/06/21 12:0 a.m.12 views

CVE-2024-34989

In the module RSI PDF/HTML catalog evolution prestapdf = 7.0.0 from RSI for PrestaShop, a guest can perform SQL injection via PrestaPDFProductListModuleFrontController::queryDb.'...

8AI score0.00485EPSS
Exploits0References1
OSV
OSV
added 2024/06/07 9:13 p.m.3 views

GHSA-QF36-FX9F-232X ZendFramework potential SQL Injection Vector When Using PDO_MySql

Developers using non-ASCII-compatible encodings in conjunction with the MySQL PDO driver of PHP may be vulnerable to SQL injection attacks. Developers using ASCII-compatible encodings like UTF8 or latin1 are not affected by this PHP issue, which is described in more detail here:...

9.8CVSS7.8AI score
Exploits0References4
NVD
NVD
added 2024/05/28 5:15 p.m.20 views

CVE-2024-35563

CDG-Server-V5.6.2.126.139 and earlier was discovered to contain a SQL injection vulnerability via the permissionId parameter in CDGTempPermissions...

9.8CVSS7.8AI score0.00487EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/05/16 4:31 a.m.17 views

CVE-2024-4932 SourceCodester Simple Online Bidding System sql injection

A vulnerability, which was classified as critical, was found in SourceCodester Simple Online Bidding System 1.0. Affected is an unknown function of the file /simple-online-bidding-system/admin/index.php?page=manageuser. The manipulation of the argument id leads to sql injection. It is possible to...

6.5CVSS7.4AI score0.00565EPSS
Exploits1References4
Cvelist
Cvelist
added 2024/05/08 12:0 a.m.12 views

CVE-2024-25524

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the sysfilestorageid parameter at /WorkPlan/WorkPlanAttachDownLoad.aspx...

8.2AI score0.00618EPSS
Exploits1References1
Rows per page
Query Builder