CVE-2021-24630

The Schreikasten WordPress plugin through 0.14.18 does not sanitise or escape the id GET parameter before using it in SQL statements in the comments dashboard from various actions, leading to authenticated SQL Injections which can be exploited by users as low as author...

CVE-2021-24662

The Game Server Status WordPress plugin through 1.0 does not validate or escape the serverid parameter before using it in SQL statement, leading to an Authenticated SQL Injection in an admin page...

CVE-2025-41403

Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection while fetching service account audit data...

CVE-2025-3836

CVE-2025-3836 affects Zohocorp ManageEngine ADAudit Plus versions 8.5.10 and earlier, with an authenticated SQL injection in the logon events aggregate report. The root cause is an injection vulnerability exploitable by an authenticated user when accessing the logon events aggregate report. The i...

CVE-2019-14966

An issue was discovered in Frappe Framework 10 through 12 before 12.0.4. There exists an authenticated SQL injection...

CVE-2024-9879 Website File Changes < 2.1.1 - Authenticated SQL Injection

The Melapress File Monitor WordPress plugin before 2.1.1 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks...

CVE-2025-3834

Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the OU History report...

CVE-2025-3834

Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the OU History report...

PT-2025-22457 · Manageengine · Zoho Manageengine Adaudit Plus

Name of the Vulnerable Software and Affected Versions: ManageEngine ADAudit Plus versions 8510 and prior Description: The issue is related to authenticated SQL injection when fetching service account audit data. Recommendations: For ManageEngine ADAudit Plus versions 8510 and prior, update to a...

CVE-2025-3430 3DPrint Lite <=2.1.3.6 - Authenticated (Admin+) SQL Injection via 'printer_text'

The 3DPrint Lite plugin for WordPress is vulnerable to SQL Injection via the 'printertext' parameter in all versions up to, and including, 2.1.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

CVE-2025-1669 School Management System – WPSchoolPress <= 2.2.17 - Authenticated (Teacher+) SQL Injection

The School Management System – WPSchoolPress plugin for WordPress is vulnerable to SQL Injection via the 'addNotify' action in all versions up to, and including, 2.2.17 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

WordPress Legoeso PDF Manager plugin <= 1.2.2 - Authenticated (Author+) SQL Injection via checkedVals Parameter vulnerability

Authenticated Author+ SQL Injection via checkedVals Parameter vulnerability discovered by WordFence in WordPress Plugin Legoeso PDF Manager versions = 1.2.2...

CVE-2024-54762

Ruoyi v.4.7.9 and before contains an authenticated SQL injection vulnerability. This is because the filterKeyword method does not completely filter SQL injection keywords, resulting in the risk of SQL injection...

Exploit for CVE-2024-57521

Authenticated SQL Injection in RuoYi v4.7.9 Bypass of CVE-202...

VMSA-2024-0021: VMware HCX addresses an authenticated SQL injection vulnerability (CVE-2024-38814)

Advisory ID: | VMSA-2024-0021 ---|--- Severity: | Important CVSSv3 Range: | 8.8 Synopsis: | VMware HCX addresses an authenticated SQL injection vulnerability CVE-2024-38814 Issue Date: | 2024-10-16 Updated On: | 2024-10-16 Initial Advisory CVEs: | CVE-2024-38814 1. Impacted Products VMware HCX 2...

WordPress GiveWP plugin <= 3.16.1 - Authenticated (GiveWP Manager+) SQL Injection via order Parameter vulnerability

Authenticated GiveWP Manager+ SQL Injection via order Parameter vulnerability discovered by Leo in WordPress Plugin GiveWP versions = 3.16.1...

CVE-2024-45059 Authenticated SQL Injection in i-Educar

i-Educar is free, fully online school management software that can be used by school secretaries, teachers, coordinators, and area managers. A SQL Injection vulnerability was found prior to the 2.9 branch in the ieducar/intranet/funcionariovinculodet.php file, which creates the query by...

CVE-2024-5546

Zohocorp ManageEngine Password Manager Pro versions before 12431 and ManageEngine PAM360 versions before 7001 are affected by authenticated SQL Injection vulnerability via a global search option...

CVE-2024-5490

Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in aggregate reports option...

CVE-2024-36515

Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in dashboard. Note: This vulnerability is different from another vulnerability CVE-2024-36516, both of which have affected ADAudit Plus' dashboard...