CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2026/04/05 9:16 p.m.•4 views

CVE-2019-25668

News Website Script 2.0.5 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the news ID parameter. Attackers can send GET requests to index.php/show/news/ with malicious SQL statements to extract sensitive...

8.8CVSS0.004EPSS

NVD•added 2026/04/05 9:16 p.m.•3 views

CVE-2019-25672

PilusCart 1.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'send' parameter. Attackers can submit POST requests to the comment submission endpoint with RLIKE-based boolean SQL injection payloads to...

8.8CVSS0.00377EPSS

CVE•added 2026/04/05 8:45 p.m.•7 views

CVE-2019-25704

CVE-2019-25704 relates to Kados R10 GreenBee and a reported SQL injection vulnerability exposed through the filter_user_mail parameter. The vulnerability allows an attacker to inject SQL code into database queries via crafted requests, with the potential to extract sensitive data or modify data. ...

9.1CVSS6AI score0.00311EPSS

Exploits1References4Affected Software1

ATTACKERKB•added 2026/04/05 8:45 p.m.•0 views

CVE-2019-25704

Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the filterusermail parameter. Attackers can send crafted requests with malicious SQL statements to extract sensitive database information or modify data...

Vulnrichment•added 2026/04/05 8:45 p.m.•2 views

CVE-2019-25702 Kados R10 GreenBee SQL Injection via id_project Parameter

Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the idproject parameter. Attackers can send crafted requests with malicious SQL statements in the idproject parameter to extract sensitive database...

CVE-2019-25702

Vulnrichment•added 2026/04/05 8:45 p.m.•1 views

CVE-2019-25696 Kados R10 GreenBee SQL Injection via language_tag Parameter

Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the languagetag parameter. Attackers can submit malicious SQL statements in the languagetag parameter to extract sensitive database information or modify...

CVE•added 2026/04/05 8:45 p.m.•5 views

CVE-2019-25694

CVE-2019-25694 affects Kados R10 GreenBee. The vulnerability is an SQL injection that allows unauthenticated attackers to manipulate database queries via the user2reset parameter. Attackers can send crafted requests with malicious SQL payloads, leading to potential exposure of sensitive data or d...

9.1CVSS6AI score0.00398EPSS

Exploits1References4Affected Software1

Cvelist•added 2026/04/05 8:45 p.m.•17 views

CVE-2019-25692 Kados R10 GreenBee SQL Injection via id_to_modify Parameter

Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the 'idtomodify' parameter. Attackers can send crafted requests with malicious SQL statements in the idtomodify field to extract sensitive database...

8.8CVSS0.00311EPSS

Vulnrichment•added 2026/04/05 8:45 p.m.•1 views

CVE-2019-25692 Kados R10 GreenBee SQL Injection via id_to_modify Parameter

CVE-2019-25690

Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the mngprofileid parameter. Attackers can send crafted requests with malicious SQL payloads in the mngprofileid parameter to extract sensitive database...

8.8CVSS6AI score0.00338EPSS

CVE-2019-25688

Kados R10 GreenBee contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the menulev1 parameter. Attackers can send crafted requests with malicious SQL payloads in the menulev1 parameter to extract sensitive...

Vulnrichment•added 2026/04/05 8:45 p.m.•0 views

CVE-2019-25688 Kados R10 GreenBee SQL Injection via menu_lev1 Parameter

8.8CVSS6AI score0.00338EPSS

CVE•added 2026/04/05 8:45 p.m.•9 views

CVE-2019-25688

CVE-2019-25688 affects Kados R10 GreenBee with an SQL injection via the menu_lev1 parameter. Unauthenticated attackers can manipulate queries to exfiltrate data or alter data. Impacts include HIGH confidentiality and HIGH integrity per CVSS data; availability is not affected. Multiple connected s...

9.1CVSS6AI score0.00338EPSS

Exploits1References4Affected Software1

8.8CVSS6AI score0.00327EPSS

CVE-2019-25684

OpenDocMan 1.3.4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'where' parameter. Attackers can send GET requests to search.php with malicious SQL payloads in the 'where' parameter to extract sensitiv...

Exploits1References3Affected Software1

CVE•added 2026/04/05 8:45 p.m.•10 views

CVE-2019-25684

OpenDocMan 1.3.4 is vulnerable to an SQL injection via the where parameter in the search.php endpoint. The issue arises from unsafely constructed SQL queries that allow unauthenticated attackers to manipulate database queries and potentially extract sensitive information. Documented impact includ...

8.8CVSS6AI score0.00327EPSS

Exploits1References3Affected Software1

Cvelist•added 2026/04/05 8:45 p.m.•28 views

CVE-2019-25680 Advance Gift Shop Pro Script 2.0.3 SQL Injection via search

8.8CVSS0.00397EPSS