Lucene search
K

62 matches found

Vulnrichment
Vulnrichment
added 2026/03/12 3:36 p.m.3 views

CVE-2019-25473 Clinic Pro SQL Injection via monthly_expense_overview month Parameter

Clinic Pro contains a SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the month parameter. Attackers can send POST requests to the monthlyexpenseoverview endpoint with crafted month values using boolean-based blind,...

7.1CVSS6AI score0.00323EPSS
Exploits0References2
NVD
NVD
added 2026/03/02 3:16 p.m.5 views

CVE-2025-50191

Chamilo is a learning management system. Prior to version 1.11.30, there is an error-based SQL Injection via POST userFile with the /main/exercise/hotpotatoes.php script. This issue has been patched in version 1.11.30...

7.2CVSS0.00537EPSS
Exploits1References3
OSV
OSV
added 2026/03/02 2:53 p.m.5 views

CVE-2025-50191 Chamilo: Error-based SQL Injection via POST userFile with the /main/exercise/hotpotatoes.php script

Chamilo is a learning management system. Prior to version 1.11.30, there is an error-based SQL Injection via POST userFile with the /main/exercise/hotpotatoes.php script. This issue has been patched in version 1.11.30...

7CVSS5.9AI score0.00537EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/03/02 2:53 p.m.4 views

CVE-2025-50191 Chamilo: Error-based SQL Injection via POST userFile with the /main/exercise/hotpotatoes.php script

Chamilo is a learning management system. Prior to version 1.11.30, there is an error-based SQL Injection via POST userFile with the /main/exercise/hotpotatoes.php script. This issue has been patched in version 1.11.30...

7CVSS5.9AI score0.00537EPSS
Exploits1References3
CVE
CVE
added 2026/03/02 2:53 p.m.13 views

CVE-2025-50191

Chamilo LMS is affected by an error-based SQL injection in the /main/exercise/hotpotatoes.php script via POST to userFile, exploitable on versions prior to 1.11.30. The vulnerability allows an attacker to impact confidentiality and availability (HIGH severity per CVSS 4.0 metrics), with attack ve...

7.2CVSS5.9AI score0.00537EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/03/02 2:53 p.m.8 views

CVE-2025-50190 Chamilo: Error-based SQL Injection via GET openid.assoc_handle with the /index.php script

Chamilo is a learning management system. Prior to version 1.11.30, there is an error-based SQL Injection via the GET openid.assochandle parameter with the /index.php script. This issue has been patched in version 1.11.30...

8.8CVSS5.9AI score0.00587EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/02/24 12:0 a.m.6 views

PT-2026-21679

Name of the Vulnerable Software and Affected Versions Apache Superset versions prior to 6.0.0 Description An issue exists in Apache Superset that allows an authenticated user with read access to conduct error-based SQL injection. This is due to improper neutralization of special elements used in ...

6.5CVSS5.9AI score0.00503EPSS
Exploits2References10
EUVD
EUVD
added 2026/02/06 6:10 p.m.5 views

EUVD-2025-206886

OpenSTAManager is an open source management software for technical assistance and invoicing. In 2.9.8 and earlier, an authenticated SQL injection vulnerability in OpenSTAManager's Scadenzario Payment Schedule print template allows any authenticated user to extract sensitive data from the database...

8.7CVSS5.6AI score0.00354EPSS
Exploits3References1
Cvelist
Cvelist
added 2026/02/06 6:6 p.m.28 views

CVE-2026-24418 OpenSTAManager has an SQL Injection vulnerability in the Scadenzario bulk operations module

OpenSTAManager is an open source management software for technical assistance and invoicing. OpenSTAManager v2.9.8 and earlier contain a critical Error-Based SQL Injection vulnerability in the bulk operations handler for the Scadenzario Payment Schedule module. The application fails to validate...

8.7CVSS0.00356EPSS
Exploits4References1
NVD
NVD
added 2026/02/06 5:16 p.m.5 views

CVE-2019-25298

html5snmp 1.11 contains multiple SQL injection vulnerabilities that allow attackers to manipulate database queries through RouterID and RouterIP parameters. Attackers can exploit error-based, time-based, and union-based injection techniques to potentially extract or modify database information by...

9.1CVSS0.0037EPSS
Exploits1References3
EUVD
EUVD
added 2026/02/06 4:41 p.m.7 views

EUVD-2019-19401

html5snmp 1.11 contains multiple SQL injection vulnerabilities that allow attackers to manipulate database queries through RouterID and RouterIP parameters. Attackers can exploit error-based, time-based, and union-based injection techniques to potentially extract or modify database information by...

7.1CVSS5.7AI score0.0037EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/02/06 12:0 a.m.5 views

PT-2026-6851

Summary Critical Error-Based SQL Injection vulnerability in the Scadenzario Payment Schedule bulk operations module of OpenSTAManager v2.9.8 allows authenticated attackers to extract complete database contents including user credentials, customer PII, and financial records through XML error...

8.7CVSS6.4AI score
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/02/03 4:52 p.m.3 views

CVE-2020-37112 GUnet OpenEclass 1.7.3 E-learning platform - 'month' SQL Injection

GUnet OpenEclass 1.7.3 contains multiple SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries through unvalidated parameters. Attackers can exploit the 'month' parameter in the agenda module and other endpoints to extract sensitive database information...

7.1CVSS5.6AI score0.00274EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/01/15 12:0 a.m.3 views

PT-2026-3026

Name of the Vulnerable Software and Affected Versions InvoicePlane versions through 1.6.3 Description An SQL injection issue exists in InvoicePlane. The problem is found in the maxQuantity and minQuantity parameters when generating a report. A user with valid credentials can exploit this by using...

6.5CVSS7.4AI score0.00271EPSS
Exploits1References4
OSV
OSV
added 2025/12/22 10:16 p.m.3 views

CVE-2023-53972

WebTareas 2.4 contains a SQL injection vulnerability in the webTareasSID cookie parameter that allows unauthenticated attackers to manipulate database queries. Attackers can exploit error-based and time-based blind SQL injection techniques to extract database information and potentially access...

7.5CVSS5.8AI score0.0037EPSS
Exploits1References3
Packet Storm
Packet Storm
added 2025/12/09 12:0 a.m.170 views

📄 dotCMS 25.07.02-1 SQL Injection

This PHP script represents a sophisticated dual-method SQL Injection exploit targeting dotCMS version 25.07.02-1. The exploit combines time-based blind SQL injection and error-based SQL injection techniques to extract password hashes from the database, specifically targeting administrator account...

9.4CVSS8.5AI score0.01558EPSS
Exploits4
OSV
OSV
added 2025/12/01 8:26 p.m.7 views

CVE-2025-66205 Frappe has the possibility of SQL Injection due to improper validations

Frappe is a full-stack web application framework. Prior to 15.86.0 and 14.99.2, a certain endpoint was vulnerable to error-based SQL injection due to lack of validation of parameters. Some information like version could be retrieved. This vulnerability is fixed in 15.86.0 and 14.99.2...

7.1CVSS7.5AI score0.00272EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/12/01 12:0 a.m.5 views

PT-2025-48549

Name of the Vulnerable Software and Affected Versions Frappe versions prior to 15.86.0 Frappe versions prior to 14.99.2 Description Frappe, a full-stack web application framework, contains a flaw due to insufficient validation of parameters. This allows for error-based SQL injection through a...

9.8CVSS7.3AI score0.00272EPSS
Exploits0References7
Hacker One
Hacker One
added 2025/10/22 9:18 p.m.18 views

Revive Adserver: Error-Based & Time-Based SQL Injection in 'keyword' Parameter of admin-search.php Allowing Full Database Access in Revive Adserver v6.0.0

==Cricetinae== Summary: A critical SQL Injection vulnerability has been identified in Revive Adserver's administrative search functionality, specifically in the admin-search.php file. The vulnerability exists in the handling of the keyword GET parameter, which is passed to multiple database queri...

8.8CVSS9.1AI score0.00931EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/09/08 12:33 a.m.16 views

CVE-2025-58439

ERP is a free and open source Enterprise Resource Planning tool. In versions below 14.89.2 and 15.0.0 through 15.75.1, lack of validation of parameters left certain endpoints vulnerable to error-based SQL Injection. Some information like version could be retrieved. This issue is fixed in versions...

8.1CVSS7.2AI score0.00291EPSS
Exploits0References1
Rows per page
Query Builder