240 matches found
EUVD-2024-42493
Malicious code in bioql PyPI...
EUVD-2022-31072
Malicious code in bioql PyPI...
EUVD-2022-30897
Malicious code in bioql PyPI...
Advantive Veracore < 2025.1.1.3 SQL Injection
Advantive Veracore version prior to 2025.1.1.3 is vulnerable to SQL Injection in timeoutWarning.asp functionality, allowing attackers to execute arbitrary SQL queries via the PmSess1 parameter. No source data...
CVE-2013-10033 Kimai 0.9.2 db_restore.php SQL Injection
An unauthenticated SQL injection vulnerability exists in Kimai version 0.9.2.x via the dbrestore.php endpoint. The flaw allows attackers to inject arbitrary SQL queries into the dates POST parameter, enabling file write via INTO OUTFILE under specific environmental conditions. This can lead to...
CVE-2025-40735
A vulnerability has been identified in SINEC NMS All versions V4.0. The affected devices are vulnerable to SQL injection. This could allow an unauthenticated remote attacker to execute arbitrary SQL queries on the server database...
CVE-2025-34038 Weaver E-cology SQL Injection
A SQL injection vulnerability exists in Weaver E-cology 8.0 via the getdata.jsp endpoint. The application directly passes unsanitized user input from the sql parameter into a database query within the getSelectAllIdssql, type method, reachable through the cmd=getSelectAllId workflow in the...
SQL Injection
github.com/navidrome/navidrome is vulnerable to SQL injection. The vulnerability is due to improper input validation of the role parameter in the /api/artist API endpoint, allowing attackers to inject arbitrary SQL queries...
CVE-2023-37372
A vulnerability has been identified in RUGGEDCOM CROSSBOW All versions V5.4. The affected applications is vulnerable to SQL injection. This could allow an unauthenticated remote attackers to execute arbitrary SQL queries on the server database...
CVE-2020-11530
A blind SQL injection vulnerability is present in Chop Slider 3, a WordPress plugin. The vulnerability is introduced in the id GET parameter supplied to getscript/index.php, and allows an attacker to execute arbitrary SQL queries in the context of the WP database user...
CVE-2003-0751
SQL injection vulnerability in passdone.php for PY-Membres 4.2 and earlier allows remote attackers to execute arbitrary SQL queries via the email parameter...
CVE-2002-2168
SQL injection vulnerability in Thorsten Korner 123tkShop before 0.3.1 allows remote attackers to execute arbitrary SQL queries via various programs including functiondescribeitem1.inc.php...
CVE-2024-50706
CVE-2024-50706 describes an unauthenticated SQL injection in Uniguest Tripleplay. The vulnerability affects Tripleplay 23.1+ and enables remote attackers to execute arbitrary SQL queries on the backend database. Multiple sources corroborate the issue and classify it as high/critical risk (CVSS v3...
CVE-2025-26606
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQL Injection vulnerability was discovered in the WeGIA application, informacaoadicional.php endpoint. This vulnerability could allow an attacker to execute arbitrary SQL queries, allowing unauthoriz...
CVE-2025-26605
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQL Injection vulnerability was discovered in the WeGIA application, deletarcargo.php endpoint. This vulnerability could allow an authorized attacker to execute arbitrary SQL queries, allowing access...
CVE-2025-26609 SQL Injection endpoint 'familiar_docfamiliar.php' parameter 'id_dependente', 'id_doc' in WeGIA
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQL Injection vulnerability was discovered in the WeGIA application, familiardocfamiliar.php endpoint. This vulnerability could allow an attacker to execute arbitrary SQL queries, allowing unauthoriz...
CVE-2025-26612 SQL Injection endpoint 'adicionar_almoxarife.php' parameter 'id_almoxarifado', 'id_funcionario' in WeGIA
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQL Injection vulnerability was discovered in the WeGIA application, adicionaralmoxarife.php endpoint. This vulnerability could allow an attacker to execute arbitrary SQL queries, allowing unauthoriz...
CVE-2025-24958
WeGIA is a Web Manager for Charitable Institutions. A SQL Injection vulnerability was discovered in the WeGIA application, salvartag.php endpoint. This vulnerability could allow an authorized attacker to execute arbitrary SQL queries, allowing access to or deletion of sensitive information. This...
CVE-2025-24905 SQL Injection endpoint 'get_codigobarras_cobranca.php' parameter 'codigo' in WeGIA
WeGIA is a Web Manager for Charitable Institutions. A SQL Injection vulnerability was discovered in the WeGIA application, getcodigobarrascobranca.php endpoint. This vulnerability could allow an authorized attacker to execute arbitrary SQL queries, allowing access to or deletion of sensitive...
CVE-2025-24958 SQL Injection endpoint 'salvar_tag.php' parameter 'id_tag' in WeGIA
WeGIA is a Web Manager for Charitable Institutions. A SQL Injection vulnerability was discovered in the WeGIA application, salvartag.php endpoint. This vulnerability could allow an authorized attacker to execute arbitrary SQL queries, allowing access to or deletion of sensitive information. This...