4662 matches found
CVE-2025-40666 Time-based blind SQL injection vulnerability in TCMAN GIM v11
Time-based blind SQL injection vulnerabilities in TCMAN's GIM v11. These allow an attacker to retrieve, create, update and delete databases through ArbolID parameter in/GIMWeb/PC/frmPreventivosList.aspx...
CVE-2025-40665 Time-based blind SQL injection vulnerability in TCMAN GIM v11
Time-based blind SQL injection vulnerabilities in TCMAN's GIM v11. These allow an attacker to retrieve, create, update and delete databases through ArbolID parameter in /GIMWeb/PC/frmCorrectivosList.aspx...
CVE-2025-40665 Time-based blind SQL injection vulnerability in TCMAN GIM v11
Time-based blind SQL injection vulnerabilities in TCMAN's GIM v11. These allow an attacker to retrieve, create, update and delete databases through ArbolID parameter in /GIMWeb/PC/frmCorrectivosList.aspx...
CVE-2025-31914
CVE-2025-31914 concerns the WordPress plugin Pixel WordPress Form BuilderPlugin & Autoresponder. Connected sources confirm an SQL Injection vulnerability caused by improper neutralization of special elements in SQL commands, enabling blind SQL injection. Affected software: Pixel WordPress Form Bu...
CVE-2025-39504
CVE-2025-39504 (GoodLayers Hotel) is a SQL Injection vulnerability affecting Goodlayers Hotel versions up to 3.1.4. The vulnerability is described as Blind SQL Injection with improper neutralization of input, yielding CRITICAL impact (CVSS 3.1: 9.3; Network, high confidentiality impact). The Conn...
CVE-2025-46539 WordPress Fable Extra plugin <= 1.0.6 - SQL Injection Vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WPFable Fable Extra fable-extra allows Blind SQL Injection.This issue affects Fable Extra: from n/a through = 1.0.6...
CVE-2025-46539 WordPress Fable Extra <= 1.0.6 - SQL Injection Vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WPFable Fable Extra allows Blind SQL Injection. This issue affects Fable Extra: from n/a through 1.0.6...
CVE-2024-6919
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in NAC Telecommunication Systems Inc. NACPremium allows Blind SQL Injection. This issue affects NACPremium: through 01082024...
CVE-2024-25897
ChurchCRM 5.5.0 FRCatalog.php is vulnerable to Blind SQL Injection Time-based via the CurrentFundraiser GET parameter...
CVE-2024-25893
ChurchCRM 5.5.0 FRCertificates.php is vulnerable to Blind SQL Injection Time-based via the CurrentFundraiser GET parameter...
CVE-2024-25896
ChurchCRM 5.5.0 EventEditor.php is vulnerable to Blind SQL Injection Time-based via the EID POST parameter...
CVE-2024-25892
ChurchCRM 5.5.0 ConfirmReport.php is vulnerable to Blind SQL Injection Time-based via the familyId GET parameter...
CVE-2024-25894
ChurchCRM 5.5.0 /EventEditor.php is vulnerable to Blind SQL Injection Time-based via the EventCount POST parameter...
CVE-2024-37765
Machform up to version 19 is affected by an authenticated Blind SQL injection in the user account settings page...
CVE-2024-56801
Tasklists provides plugin tasklists for GLPI. Versions prior to 2.0.4 have a blind SQL injection vulnerability. Version 2.0.4 contains a patch for the vulnerability...
CVE-2024-4890
A blind SQL injection vulnerability exists in the berriai/litellm application, specifically within the '/team/update' process. The vulnerability arises due to the improper handling of the 'userid' parameter in the raw SQL query used for deleting users. An attacker can exploit this vulnerability b...
CVE-2023-22378
A blind SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in the sorting parameter, allows an authenticated attacker to execute arbitrary SQL statements on the DBMS used by the web application. Authenticated users may be able to extract arbitrary...
CVE-2023-50030
In the module "Jms Setting" jmssetting from Joommasters for PrestaShop, a guest can perform SQL injection in versions = 1.1.0. The method JmsSetting::getSecondImgs has a sensitive SQL call that can be executed with a trivial http call and exploited to forge a blind SQL injection...
CVE-2023-33279
In the Store Commander scfixmyprestashop module through 2023-05-09 for PrestaShop, sensitive SQL calls can be executed with a trivial HTTP request and exploited to forge a blind SQL injection...
CVE-2023-3197
The MStore API plugin for WordPress is vulnerable to Unauthenticated Blind SQL Injection via the 'id' parameter in versions up to, and including, 4.0.1 due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existing SQL query. This makes it possible...