196 matches found
Moodle 4.5.x < 4.5.2 Multiple Vulnerabilities
According to its self-reported version, the Moodle install hosted on the remote host is prior to 4.1.16 or 4.3.x prior to 4.3.10 or 4.4.x prior to 4.4.6 or 4.5.x prior to 4.5.2. It is, therefore, affected by multiple vulnerabilities. - An SQL injection risk was identified in the module list filte...
Moodle 4.1.x < 4.1.16 Multiple Vulnerabilities
According to its self-reported version, the Moodle install hosted on the remote host is prior to 4.1.16 or 4.3.x prior to 4.3.10 or 4.4.x prior to 4.4.6 or 4.5.x prior to 4.5.2. It is, therefore, affected by multiple vulnerabilities. - An SQL injection risk was identified in the module list filte...
Moodle 4.0.x < 4.0.9 Multiple Vulnerabilities
According to its self-reported version, the Moodle install hosted on the remote host is prior to 3.9.22, 3.11.x prior to 3.11.15, 4.0.x prior to 4.0.9 or 4.1.x prior to 4.1.4. It is, therefore, affected by multiple vulnerabilities. - An issue in the logic used to check 0.0.0.0 against the cURL...
PT-2025-15383 · WordPress · 3Dprint Lite
Name of the Vulnerable Software and Affected Versions: 3DPrint Lite plugin for WordPress versions up to, and including, 2.1.3.6 Description: The issue arises from insufficient escaping on the user-supplied printer text parameter and lack of sufficient preparation on the existing SQL query, making...
PT-2025-15380 · WordPress · 3Dprint Lite
Name of the Vulnerable Software and Affected Versions: 3DPrint Lite plugin for WordPress versions up to, and including, 2.1.3.6 Description: The issue arises from insufficient escaping on the user-supplied infill text parameter and lack of sufficient preparation on the existing SQL query, making ...
PT-2025-15445 · Unknown +1 · Crud-Query-Parser +1
Name of the Vulnerable Software and Affected Versions: crud-query-parser versions prior to 0.1.0 Description: The crud-query-parser library is affected by an issue where improper neutralization of the order/sort parameter in the TypeORM adapter allows SQL injection. This issue impacts users who a...
3DPrint Lite <=2.1.3.6 - Authenticated (Admin+) SQL Injection via 'material_text'
Description The 3DPrint Lite plugin for WordPress is vulnerable to SQL Injection via the 'materialtext' parameter in all versions up to, and including, 2.1.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...
CVE-2024-12410
The Front End Users plugin for WordPress is vulnerable to SQL Injection via the 'UserSearchField' parameter in all versions up to, and including, 3.2.32 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible...
BIT-DOLIBARR-2022-4093 SQL Injection in dolibarr/dolibarr
SQL injection attacks can result in unauthorized access to sensitive data, such as passwords, credit card details, or personal user information. Many high-profile data breaches in recent years have been the result of SQL injection attacks, leading to reputational damage and regulatory fines. In...
CVE-2025-25686
semcms =5.0 is vulnerable to SQL Injection in SEMCMSFuction.php...
CVE-2025-2186
The Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit plugin for WordPress is vulnerable to SQL Injection via the ‘automationId’ parameter in all versions up to, and including, 3.5.1 due to insufficient escaping on the user supplied parameter and...
CVE-2025-2186
The Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit plugin for WordPress is vulnerable to SQL Injection via the ‘automationId’ parameter in all versions up to, and including, 3.5.1 due to insufficient escaping on the user supplied parameter and...
CVE-2025-2511
The AHAthat Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the 'id' parameter in all versions up to, and including, 1.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
PT-2025-11549 · Unknown · Code-Projects Online Class/Exam Scheduling System
Name of the Vulnerable Software and Affected Versions: code-projects Online Class and Exam Scheduling System version 1.0 Description: A critical issue has been found in the system, affecting the processing of the file /pages/activate.php. The manipulation of the id argument leads to SQL injection...
CVE-2024-13321
The AnalyticsWP plugin for WordPress is vulnerable to SQL Injection via the 'customsql' parameter in all versions up to, and including, 2.0.0 due to insufficient authorization checks on the handlegetstats function. This makes it possible for unauthenticated attackers to append additional SQL...
CVE-2025-2106
CVE-2025-2106 : Technical details from connected sources confirm an unauthenticated SQL Injection in the WordPress plugin ArielBrailovsky-ViralAd, affecting all versions up to 1.0.8. The vulnerability arises from insufficient escaping of user-supplied input in the limpia() function, enabling an a...
Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities
Summary IBM QRadar SIEM includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. These have been addressed in the update. Vulnerability Details CVEID:CVE-2024-11187 DESCRIPTION: It is possible to construct a zone such that some queries ...
CVE-2024-12609
CVE-2024-12609 affects the WordPress plugin School Management System for Wordpress (
CVE-2024-13320
The CURCY - WooCommerce Multi Currency - Currency Switcher plugin for WordPress is vulnerable to SQL Injection via the 'wcfilterpricemetawhere' parameter in all versions up to, and including, 2.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on t...
Important: postgresql16
Issue Overview: Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral, PQescapeIdentifier, PQescapeString, and PQescapeStringConn allows a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the...