Lucene search
+L

486 matches found

SUSE CVE
SUSE CVE
added 2025/11/22 12:23 a.m.5 views

SUSE CVE-2025-60798

phpPgAdmin 7.13.0 and earlier contains a SQL injection vulnerability in display.php at line 396. The application passes user-controlled input from $REQUEST'query' directly to the browseQuery function without proper sanitization. An authenticated attacker can exploit this vulnerability to execute...

6.5CVSS8.5AI score0.00256EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/11/21 12:18 a.m.9 views

CVE-2025-60797

phpPgAdmin 7.13.0 and earlier contains a SQL injection vulnerability in dataexport.php at line 118. The application directly executes user-supplied SQL queries from the $REQUEST'query' parameter without any sanitization or parameterization via $data-conn-Execute$REQUEST'query'. An authenticated...

6.5CVSS8.3AI score0.00238EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/20 3:30 p.m.5 views

EUVD-2025-198265

phpPgAdmin 7.13.0 and earlier contains a SQL injection vulnerability in display.php at line 396. The application passes user-controlled input from $REQUEST'query' directly to the browseQuery function without proper sanitization. An authenticated attacker can exploit this vulnerability to execute...

6.5CVSS7.9AI score0.00256EPSS
Exploits0References4
OSV
OSV
added 2025/11/20 3:17 p.m.2 views

DEBIAN-CVE-2025-60798

phpPgAdmin 7.13.0 and earlier contains a SQL injection vulnerability in display.php at line 396. The application passes user-controlled input from $REQUEST'query' directly to the browseQuery function without proper sanitization. An authenticated attacker can exploit this vulnerability to execute...

6.5CVSS6.2AI score0.00256EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/11/20 12:0 a.m.3 views

CVE-2025-60797

phpPgAdmin 7.13.0 and earlier contains a SQL injection vulnerability in dataexport.php at line 118. The application directly executes user-supplied SQL queries from the $REQUEST'query' parameter without any sanitization or parameterization via $data-conn-Execute$REQUEST'query'. An authenticated...

7.6AI score0.00238EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/11/18 4:55 p.m.3 views

CVE-2025-62519

phpMyFAQ is an open source FAQ web application. Prior to version 4.0.14, an authenticated SQL injection vulnerability in the main configuration update functionality of phpMyFAQ allows a privileged user with 'Configuration Edit' permissions to execute arbitrary SQL commands. Successful exploitatio...

7.2CVSS8.8AI score0.00755EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/11/17 4:48 p.m.1 views

CVE-2025-62519 phpMyFAQ has Authenticated SQL Injection in Configuration Update Functionality

phpMyFAQ is an open source FAQ web application. Prior to version 4.0.14, an authenticated SQL injection vulnerability in the main configuration update functionality of phpMyFAQ allows a privileged user with 'Configuration Edit' permissions to execute arbitrary SQL commands. Successful exploitatio...

7.2CVSS8.7AI score0.00755EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/11/17 12:0 a.m.19 views

PT-2025-47176

Name of the Vulnerable Software and Affected Versions phpMyFAQ versions prior to 4.0.14 Description phpMyFAQ is an open source FAQ web application. A privileged user with 'Configuration Edit' permissions can execute arbitrary SQL commands due to an authenticated SQL injection flaw in the main...

7.2CVSS8.6AI score0.00755EPSS
Exploits1References12
CNNVD
CNNVD
added 2025/11/17 12:0 a.m.5 views

phpMyFAQ SQL注入漏洞

phpMyFAQ is a multilingual, fully database-driven FAQ system by the individual developer Thorsten Rinne. A SQL injection vulnerability exists in versions prior to phpMyFAQ 4.0.14, which stems from an SQL injection that could lead to a complete database crack...

7.2CVSS7.4AI score0.00755EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/11/09 12:41 a.m.7 views

CVE-2025-64488

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. In versions 7.14.7 and below and 8.0.0-beta.1 through 8.9.0 8.0.0-beta.1, an attacker can craft a malicious callid that alters the logic of the SQL query or injects arbitrary SQL. An attack can...

8.8CVSS7.3AI score0.00419EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/11/07 12:0 a.m.5 views

PT-2025-45523

Name of the Vulnerable Software and Affected Versions SuiteCRM versions 7.14.7 and below SuiteCRM versions 8.0.0-beta.1 through 8.9.0 Description SuiteCRM is a Customer Relationship Management CRM software application. An attacker can manipulate the call id to modify SQL query logic or inject...

8.6CVSS7AI score0.00419EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2025/10/23 10:16 p.m.11 views

CVE-2025-62617

Admidio is an open-source user management solution. Prior to version 4.3.17, an authenticated SQL injection vulnerability exists in the member assignment data retrieval functionality of Admidio. Any authenticated user with permissions to assign members to a role such as an administrator can explo...

7.2CVSS8.1AI score0.00395EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/10/23 3:13 p.m.5 views

CVE-2025-62606

my little forum is a PHP and MySQL based internet forum that displays the messages in classical threaded view. Prior to version 2.5.12, an authenticated SQL injection vulnerability in the bookmark reordering feature allows any logged-in user to execute arbitrary SQL commands. This can lead to a...

8.8CVSS8.2AI score0.00294EPSS
Exploits0References1
NVD
NVD
added 2025/10/22 10:15 p.m.16 views

CVE-2025-62617

Admidio is an open-source user management solution. Prior to version 4.3.17, an authenticated SQL injection vulnerability exists in the member assignment data retrieval functionality of Admidio. Any authenticated user with permissions to assign members to a role such as an administrator can explo...

7.2CVSS0.00395EPSS
Exploits1References2
OSV
OSV
added 2025/10/22 9:19 p.m.8 views

CVE-2025-62617 Admidio Vulnerable to Authenticated SQL Injection in Member Assignment Functionality

Admidio is an open-source user management solution. Prior to version 4.3.17, an authenticated SQL injection vulnerability exists in the member assignment data retrieval functionality of Admidio. Any authenticated user with permissions to assign members to a role such as an administrator can explo...

7.2CVSS8.2AI score0.00395EPSS
Exploits1References4
OSV
OSV
added 2025/10/22 4:46 p.m.8 views

GHSA-2V5M-CQ9W-FC33 Admidio Vulnerable to Authenticated SQL Injection in Member Assignment Functionality

Summary An authenticated SQL injection vulnerability exists in the member assignment data retrieval functionality of Admidio. Any authenticated user with permissions to assign members to a role such as an administrator can exploit this vulnerability to execute arbitrary SQL commands. This can lea...

7.2CVSS8.1AI score0.00395EPSS
Exploits1References4
CVE
CVE
added 2025/10/22 3:11 p.m.18 views

CVE-2025-62606

CVE-2025-62606 affects My Little Forum (PHP/MySQL). Before version 2.5.12, an authenticated SQL injection vulnerability exists in the bookmark reordering feature, allowing any logged-in user to execute arbitrary SQL commands. This can lead to a full compromise of the application’s database (read,...

8.8CVSS7.8AI score0.00294EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/22 3:11 p.m.4 views

EUVD-2025-35589

my little forum is a PHP and MySQL based internet forum that displays the messages in classical threaded view. Prior to version 2.5.12, an authenticated SQL injection vulnerability in the bookmark reordering feature allows any logged-in user to execute arbitrary SQL commands. This can lead to a...

8.8CVSS7.7AI score0.00294EPSS
Exploits0References2
OSV
OSV
added 2025/10/22 3:11 p.m.6 views

CVE-2025-62606 my little forum vulnerable to SQL Injection in Bookmark Reordering via bookmarks parameter

my little forum is a PHP and MySQL based internet forum that displays the messages in classical threaded view. Prior to version 2.5.12, an authenticated SQL injection vulnerability in the bookmark reordering feature allows any logged-in user to execute arbitrary SQL commands. This can lead to a...

8.8CVSS8.2AI score0.00294EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/10/22 12:0 a.m.6 views

Admidio SQL注入漏洞

Admidio is an open source member management system from the Admidio team. The system supports features such as member lists, event management, guestbooks, photo albums and downloads. A SQL injection vulnerability exists in Admidio versions prior to 4.3.17, which stems from a SQL injection in the...

7.2CVSS7.4AI score0.00395EPSS
Exploits1References3
Rows per page
Query Builder