CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2025/05/23 8:34 a.m.•7 views

CVE-2024-50972

A SQL injection vulnerability in printtool.php of Itsourcecode Construction Management System 1.0 allows remote attackers to execute arbitrary SQL commands via the borrowid parameter...

7.2CVSS8.8AI score0.00732EPSS

RedhatCVE•added 2025/05/23 5:0 a.m.•6 views

CVE-2023-51828

A SQL Injection vulnerability in /admin/convert/export.class.php in PMB 7.4.7 and earlier versions allows remote unauthenticated attackers to execute arbitrary SQL commands via the query parameter in getnextnotice function...

9.8CVSS9AI score0.00947EPSS

RedhatCVE•added 2025/05/22 9:8 p.m.•5 views

CVE-2021-45811

A SQL injection vulnerability in the "Search" functionality of "tickets.php" page in osTicket 1.15.x allows authenticated attackers to execute arbitrary SQL commands via the "keywords" and "topicid" URL parameters combination...

6.5CVSS8.3AI score0.02808EPSS

RedhatCVE•added 2025/05/22 7:58 p.m.•9 views

CVE-2021-36433

SQL injection vulnerability in jocms 0.8 allows remote attackers to run arbitrary SQL commands and view sentivie information via jodeletemask function in jocms/apps/mask/mask.php...

9.1CVSS8.1AI score0.00864EPSS

RedhatCVE•added 2025/05/22 7:35 p.m.•5 views

CVE-2021-29053

Multiple SQL injection vulnerabilities in Liferay Portal 7.3.5 and Liferay DXP 7.3 before fix pack 1 allow remote authenticated users to execute arbitrary SQL commands via the classPKField parameter to 1 CommerceChannelRelFinder.countByCC, or 2 CommerceChannelRelFinder.findByCC...

8.8CVSS8.4AI score0.01182EPSS

RedhatCVE•added 2025/05/22 6:53 p.m.•6 views

CVE-2021-43971

A SQL injection vulnerability in /mobile/SelectUsers.jsp in SysAid ITIL 20.4.74 b10 allows a remote authenticated attacker to execute arbitrary SQL commands via the filterText parameter...

8.8CVSS8.3AI score0.01744EPSS

RedhatCVE•added 2025/05/22 6:48 p.m.•10 views

CVE-2021-40595

SQL injection vulnerability in Sourcecodester Online Leave Management System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username parameter to /leavesystem/classes/Login.php...

9.8CVSS8.6AI score0.01356EPSS

RedhatCVE•added 2025/05/22 5:45 p.m.•7 views

CVE-2020-29139

A SQL injection vulnerability in interface/main/finder/patientselect.php from library/patient.inc in OpenEMR before 5.0.2.5 allows a remote authenticated attacker to execute arbitrary SQL commands via the searchFields parameter...

7.2CVSS8.3AI score0.01777EPSS

RedhatCVE•added 2025/05/22 4:17 p.m.•11 views

CVE-2020-13640

A SQL injection issue in the gVectors wpDiscuz plugin 5.3.5 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the order parameter of a wpdLoadMoreComments request. No 7.x versions are affected...

9.8CVSS8.8AI score0.12706EPSS

RedhatCVE•added 2025/05/22 3:39 p.m.•5 views

CVE-2020-5651

SQL injection vulnerability in Simple Download Monitor 3.8.8 and earlier allows remote attackers to execute arbitrary SQL commands via a specially crafted URL...

8.8CVSS8.7AI score0.01487EPSS

RedhatCVE•added 2025/05/22 3:28 p.m.•7 views

CVE-2020-29142

A SQL injection vulnerability in interface/usergroup/usergroupadmin.php in OpenEMR before 5.0.2.5 allows a remote authenticated attacker to execute arbitrary SQL commands via the schedulefacility parameter when restrictuserfacility=on is in global settings...

7.2CVSS8.3AI score0.01777EPSS

RedhatCVE•added 2025/05/22 3:14 p.m.•5 views

CVE-2020-15884

A SQL injection vulnerability in TableQuery.php in MunkiReport before 5.6.3 allows attackers to execute arbitrary SQL commands via the order0dir field on POST requests to /datatables/data...

8.8CVSS8.6AI score0.01234EPSS

Exploits0

RedhatCVE•added 2025/05/22 1:44 p.m.•3 views

CVE-2014-9345

SQL injection vulnerability in Guruperl.net Advertise With Pleasure! Professional aka AWP PRO 6.6 and earlier allows remote attackers to execute arbitrary SQL commands via the groupid parameter in a listzone action to cgi/client.cgi...

7.5CVSS8.8AI score0.02348EPSS

RedhatCVE•added 2025/05/22 1:26 p.m.•7 views

CVE-2018-16116

SQL injection vulnerability in AccountStatus.jsp in Admin Portal of Sophos XG firewall 17.0.8 MR-8 allow remote authenticated attackers to execute arbitrary SQL commands via the "username" GET parameter...

8.8CVSS8.4AI score0.01873EPSS

RedhatCVE•added 2025/05/22 12:39 p.m.•6 views

CVE-2010-5063

SQL injection vulnerability in article.php in Virtual War aka VWar 1.6.1 R2 allows remote attackers to execute arbitrary SQL commands via the ratearticleselect parameter...

7.5CVSS8.8AI score0.01113EPSS

RedhatCVE•added 2025/05/22 12:38 p.m.•7 views

CVE-2010-1012

SQL injection vulnerability in the CleanDB nfcleandb extension 1.0.7 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...

7.5CVSS8.9AI score0.01001EPSS

RedhatCVE•added 2025/05/22 12:34 p.m.•8 views

CVE-2010-1013

SQL injection vulnerability in the Diocese of Portsmouth Database pddiocesedatabase extension before 0.7.13 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...

7.5CVSS8.9AI score0.01096EPSS

RedhatCVE•added 2025/05/22 12:12 p.m.•7 views

CVE-2012-2332

SQL injection vulnerability in serendipity/serendipityadmin.php in Serendipity before 1.6.1 allows remote attackers to execute arbitrary SQL commands via the serendipityplugintoconf parameter. NOTE: this issue might be resultant from cross-site request forgery CSRF...

7.5CVSS8.6AI score0.01664EPSS

Exploits5References1

RedhatCVE•added 2025/05/22 12:8 p.m.•7 views

CVE-2012-4279

Multiple SQL injection vulnerabilities in Free Realty 3.1-0.6 allow remote attackers to execute arbitrary SQL commands via the 1 view parameter to agentdisplay.php or 2 edit parameter to admin/admin.php...

7.5CVSS9AI score0.01119EPSS