4688 matches found
CVE-2025-30507
CyberData 011209 Intercom could allow an unauthenticated user to gather sensitive information through blind SQL injections...
CVE-2025-31424
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in kamleshyadav WP Lead Capturing Pages leadcapture allows Blind SQL Injection.This issue affects WP Lead Capturing Pages: from n/a through 2.6...
CVE-2025-31424
CVE-2025-31424 describes an unauthenticated SQL Injection in the WordPress plugin WP Lead Capturing Pages (Kamleshyadav) affecting versions up to 2.3. The vulnerability arises from improper neutralization of input elements used in SQL commands, enabling blind SQL injection. The associated CVSS 3....
CVE-2025-48281
The CVE describes a SQL Injection vulnerability in the WordPress plugin MyStyle Custom Product Designer (versions up to and including 3.21.1). The issue stems from improper neutralization of user-supplied input and insufficient query preparation, enabling blind SQL injection. Unauthenticated atta...
CVE-2025-49263 WordPress WC Vendors Marketplace <= 2.5.6 - SQL Injection Vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WCVendors WC Vendors Marketplace allows Blind SQL Injection. This issue affects WC Vendors Marketplace: from n/a through 2.5.6...
CVE-2025-49263
The CVE-2025-49263 entry concerns WC Vendors Marketplace (WC Vendors) for WordPress, with an SQL Injection vulnerability in WC Vendors Marketplace that affects versions up to 2.5.6. The vulnerability stems from improper neutralization of special elements in SQL commands, enabling Blind SQL Inject...
CVE-2025-40666 Time-based blind SQL injection vulnerability in TCMAN GIM v11
Time-based blind SQL injection vulnerabilities in TCMAN's GIM v11. These allow an attacker to retrieve, create, update and delete databases through ArbolID parameter in/GIMWeb/PC/frmPreventivosList.aspx...
CVE-2025-40665 Time-based blind SQL injection vulnerability in TCMAN GIM v11
Time-based blind SQL injection vulnerabilities in TCMAN's GIM v11. These allow an attacker to retrieve, create, update and delete databases through ArbolID parameter in /GIMWeb/PC/frmCorrectivosList.aspx...
CVE-2025-40665 Time-based blind SQL injection vulnerability in TCMAN GIM v11
Time-based blind SQL injection vulnerabilities in TCMAN's GIM v11. These allow an attacker to retrieve, create, update and delete databases through ArbolID parameter in /GIMWeb/PC/frmCorrectivosList.aspx...
CVE-2025-31914
CVE-2025-31914 concerns the WordPress plugin Pixel WordPress Form BuilderPlugin & Autoresponder. Connected sources confirm an SQL Injection vulnerability caused by improper neutralization of special elements in SQL commands, enabling blind SQL injection. Affected software: Pixel WordPress Form Bu...
CVE-2025-39504
CVE-2025-39504 (GoodLayers Hotel) is a SQL Injection vulnerability affecting Goodlayers Hotel versions up to 3.1.4. The vulnerability is described as Blind SQL Injection with improper neutralization of input, yielding CRITICAL impact (CVSS 3.1: 9.3; Network, high confidentiality impact). The Conn...
CVE-2025-46539 WordPress Fable Extra plugin <= 1.0.6 - SQL Injection Vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WPFable Fable Extra fable-extra allows Blind SQL Injection.This issue affects Fable Extra: from n/a through = 1.0.6...
CVE-2025-46539 WordPress Fable Extra <= 1.0.6 - SQL Injection Vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WPFable Fable Extra allows Blind SQL Injection. This issue affects Fable Extra: from n/a through 1.0.6...
CVE-2024-6919
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in NAC Telecommunication Systems Inc. NACPremium allows Blind SQL Injection. This issue affects NACPremium: through 01082024...
CVE-2024-25897
ChurchCRM 5.5.0 FRCatalog.php is vulnerable to Blind SQL Injection Time-based via the CurrentFundraiser GET parameter...
CVE-2024-25893
ChurchCRM 5.5.0 FRCertificates.php is vulnerable to Blind SQL Injection Time-based via the CurrentFundraiser GET parameter...
CVE-2024-25896
ChurchCRM 5.5.0 EventEditor.php is vulnerable to Blind SQL Injection Time-based via the EID POST parameter...
CVE-2024-25892
ChurchCRM 5.5.0 ConfirmReport.php is vulnerable to Blind SQL Injection Time-based via the familyId GET parameter...
CVE-2024-25894
ChurchCRM 5.5.0 /EventEditor.php is vulnerable to Blind SQL Injection Time-based via the EventCount POST parameter...
CVE-2024-37765
Machform up to version 19 is affected by an authenticated Blind SQL injection in the user account settings page...