937 matches found
CVE-2025-14247
Product/Component : Simple Shopping Cart 1.0 (code-projects). Vulnerability : SQL injection in /Admin/additems.php caused by unvalidated manipulation of the item_name parameter. This issue enables remote execution of SQL statements and can lead to data leakage or modification as described across ...
CVE-2025-61247
indieka900 online-shopping-system-php 1.0 is vulnerable to SQL Injection in the password parameter of login.php...
EUVD-2020-25268
Malware in sbrugna...
EUVD-2025-27619
Malicious code in bioql PyPI...
EUVD-2024-2622
Malicious code in bioql PyPI...
EUVD-2022-28703
Malicious code in bioql PyPI...
EUVD-2022-40720
Malicious code in bioql PyPI...
CVE-2021-26644
SQL-Injection vulnerability caused by the lack of verification of input values for the table name of DB used by the Mangboard bulletin board. A remote attacker can use this vulnerability to execute arbitrary code on the server where the bulletin board is running...
CVE-2021-26609
A vulnerability was found in MangboardWordPress plugin. A SQL-Injection vulnerability was found in ordertype parameter. The ordertype parameter makes a SQL query using unfiltered data. This vulnerability allows a remote attacker to steal user information...
CVE-2022-23767
This vulnerability of SecureGate is SQL-Injection using login without password. A path traversal vulnerability is also identified during file transfer. An attacker can take advantage of these vulnerabilities to perform various attacks such as obtaining privileges and executing remote code, thereb...
CVE-2025-21628 Chatwoot has a Blind SQL-injection in Conversation and Contacts filters
Chatwoot is a customer engagement suite. Prior to 3.16.0, conversation and contact filters endpoints did not sanitize the input of queryoperator passed from the frontend or the API. This provided any actor who is authenticated, an attack vector to run arbitrary SQL within the filter query by addi...
CVE-2024-42357
Shopware is an open commerce platform. Prior to versions 6.6.5.1 and 6.5.8.13, the Shopware application API contains a search functionality which enables users to search through information stored within their Shopware instance. The searches performed by this function can be aggregated using the...
CVE-2024-42357 Shopware vulnerable to blind SQL-injection in DAL aggregations
Shopware is an open commerce platform. Prior to versions 6.6.5.1 and 6.5.8.13, the Shopware application API contains a search functionality which enables users to search through information stored within their Shopware instance. The searches performed by this function can be aggregated using the...
CVE-2024-42357 Shopware vulnerable to blind SQL-injection in DAL aggregations
Shopware is an open commerce platform. Prior to versions 6.6.5.1 and 6.5.8.13, the Shopware application API contains a search functionality which enables users to search through information stored within their Shopware instance. The searches performed by this function can be aggregated using the...
GHSA-P6W9-R443-R752 Shopware vulnerable to blind SQL-injection in DAL aggregations
Impact The Shopware application API contains a search functionality which enables users to search through information stored within their Shopware instance. The searches performed by this function can be aggregated using the parameters in the “aggregations” object. The ‘name’ field in this...
Shopware vulnerable to blind SQL-injection in DAL aggregations
Impact The Shopware application API contains a search functionality which enables users to search through information stored within their Shopware instance. The searches performed by this function can be aggregated using the parameters in the “aggregations” object. The ‘name’ field in this...
CVE-2024-7115 MD-MAFUJUL-HASAN Online-Payroll-Management-System designation_viewmore.php sql injection
A vulnerability was found in MD-MAFUJUL-HASAN Online-Payroll-Management-System up to 20230911. It has been declared as critical. This vulnerability affects unknown code of the file /designationviewmore.php. The manipulation of the argument id leads to sql injection. The attack can be initiated...
CVE-2024-38692 WordPress spiffy-calendar plugin <= 4.9.11 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Spiffy Plugins Spiffy Calendar allows SQL Injection.This issue affects Spiffy Calendar: from n/a through 4.9.11...
CVE-2024-22280
VMware Aria Automation does not apply correct input validation which allows for SQL-injection in the product. An authenticated malicious user could enter specially crafted SQL queries and perform unauthorised read/write operations in the database...
CVE-2024-22280 VMSA-2024-0017: VMware Aria Automation updates address SQL-injection vulnerability (CVE-2024-22280)
VMware Aria Automation does not apply correct input validation which allows for SQL-injection in the product. An authenticated malicious user could enter specially crafted SQL queries and perform unauthorised read/write operations in the database...