CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

155 matches found

CVE-2017-20269 Joomla! Component KissGallery 1.0.0 SQL Injection

Joomla! Component KissGallery 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to inject SQL commands through the component URL path. Attackers can supply malicious SQL code in the kissgallery endpoint to execute arbitrary database queries and extract sensitive...

8.8CVSS0.0027EPSS

Exploits0References4

CNNVD•added 2026/06/01 12:0 a.m.•7 views

Paroiciel SQL注入漏洞

Paroiciel is an parish management information system developed by the French company Paroiciel. Version 11.20 of Paroiciel contains a SQL injection vulnerability. This vulnerability stems from the zProIdPro parameter, which allows for SQL injections. This could enable authenticated attackers to...

7.1CVSS6.1AI score0.00273EPSS

Exploits0References4

CVE•added 2026/03/26 11:39 a.m.•8 views

CVE-2018-25206

KomSeo Cart 1.3 contains an SQL injection in edit.php via the my_item_search parameter. Attackers can submit POST payloads to perform boolean-based blind or error-based injections to extract sensitive database information. The vulnerability has high impact on confidentiality (C) and low impact on...

8.8CVSS5.9AI score0.00245EPSS

Exploits0References3

ATTACKERKB•added 2026/03/12 3:36 p.m.•2 views

CVE-2019-25479

Inout RealEstate contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the city parameter. Attackers can send POST requests to the agents/agentlistdetails endpoint with malicious SQL payloads in the city paramete...

8.8CVSS5.9AI score0.00377EPSS

Exploits0References2

ATTACKERKB•added 2026/02/22 2:12 p.m.•5 views

CVE-2019-25460

Web Ofisi Platinum E-Ticaret v5 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'q' GET parameter. Attackers can send requests to the arama endpoint with malicious 'q' values using time-based SQL...

8.8CVSS5.9AI score0.00363EPSS

Exploits1References3Affected Software1

Cvelist•added 2026/02/22 1:18 p.m.•25 views

CVE-2019-25452 Dolibarr ERP/CRM 10.0.1 SQL Injection via elemid

Dolibarr ERP/CRM 10.0.1 contains an SQL injection vulnerability in the elemid POST parameter of the viewcat.php endpoint that allows unauthenticated attackers to execute arbitrary SQL queries. Attackers can submit crafted POST requests with malicious SQL payloads in the elemid parameter to extrac...

8.8CVSS0.00373EPSS

Exploits1References2

RedhatCVE•added 2026/01/07 9:9 a.m.•6 views

CVE-2024-2088

The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.4.3 via the 'nxsgetExpSettings' function. This makes it possible for authenticated attackers, with subscriber access and above, to extract...

8.5CVSS6.4AI score0.00345EPSS

Exploits0References1