CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

8.8CVSS6AI score0.00398EPSS

CVE-2019-25694

Kados R10 GreenBee contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the user2reset parameter. Attackers can send crafted requests with malicious SQL payloads to extract sensitive database information or modi...

Cvelist•added 2026/04/05 8:45 p.m.•22 views

CVE-2019-25694 Kados R10 GreenBee SQL Injection via user2reset

8.8CVSS0.00398EPSS

CVE•added 2026/04/05 8:45 p.m.•16 views

CVE-2019-25692

Kados R10 GreenBee is affected by an SQL injection in the id_to_modify parameter. The vulnerability allows attackers to manipulate queries to extract sensitive data or modify data. The issue is described across multiple sources (NVD, EUVD, CIRCL, CVE lists, and vendor advisories). No explicit rem...

9.1CVSS6AI score0.00311EPSS

Exploits1References4Affected Software1

CVE-2019-25692

Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the 'idtomodify' parameter. Attackers can send crafted requests with malicious SQL statements in the idtomodify field to extract sensitive database...

CVE-2019-25690

Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the mngprofileid parameter. Attackers can send crafted requests with malicious SQL payloads in the mngprofileid parameter to extract sensitive database...

Vulnrichment•added 2026/04/05 8:45 p.m.•0 views

CVE-2019-25690 Kados R10 GreenBee SQL Injection via mng_profile_id

Cvelist•added 2026/04/05 8:45 p.m.•17 views

CVE-2019-25690 Kados R10 GreenBee SQL Injection via mng_profile_id

8.8CVSS0.00311EPSS

CVE•added 2026/04/05 8:45 p.m.•6 views

CVE-2019-25690

Kados R10 GreenBee is affected by an SQL injection vulnerability exposed via the mng_profile_id parameter. The issue allows an attacker to manipulate database queries and potentially extract sensitive data. Root cause is an injection flaw in the handling of mng_profile_id (network-accessible, low...

Exploits1References4Affected Software1

Cvelist•added 2026/04/05 8:45 p.m.•18 views

CVE-2019-25688 Kados R10 GreenBee SQL Injection via menu_lev1 Parameter

Kados R10 GreenBee contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the menulev1 parameter. Attackers can send crafted requests with malicious SQL payloads in the menulev1 parameter to extract sensitive...

8.8CVSS0.00338EPSS

Vulnrichment•added 2026/04/05 8:45 p.m.•3 views

CVE-2019-25684 OpenDocMan 1.3.4 SQL Injection via where Parameter

OpenDocMan 1.3.4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'where' parameter. Attackers can send GET requests to search.php with malicious SQL payloads in the 'where' parameter to extract sensitiv...

8.8CVSS6AI score0.00327EPSS

Cvelist•added 2026/04/05 8:45 p.m.•21 views

CVE-2019-25684 OpenDocMan 1.3.4 SQL Injection via where Parameter

8.8CVSS0.00327EPSS

ATTACKERKB•added 2026/04/05 8:45 p.m.•2 views

CVE-2019-25680

Advance Gift Shop Pro Script 2.0.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the search parameter. Attackers can submit crafted SQL payloads in the 's' parameter of search requests to extract...

8.8CVSS6.2AI score0.00397EPSS

Vulnrichment•added 2026/04/05 8:45 p.m.•3 views

CVE-2019-25680 Advance Gift Shop Pro Script 2.0.3 SQL Injection via search

8.8CVSS6.2AI score0.00397EPSS

CVE•added 2026/04/05 8:45 p.m.•8 views

CVE-2019-25680

CVE-2019-25680 corresponds to an SQL injection in Advance Gift Shop Pro Script 2.0.3. The vulnerability is triggered via the search parameter (the 's' field) and allows unauthenticated attackers to submit crafted payloads to extract sensitive data from the database (e.g., version details and othe...

9.8CVSS6.2AI score0.00397EPSS

CVE•added 2026/04/05 8:45 p.m.•7 views

CVE-2019-25678

CVE-2019-25678 affects C4G Basic Laboratory Information System 3.4 via SQL injection in the site parameter, exploitable through GET requests to users_select.php. The underlying issue allows unauthenticated attackers to execute arbitrary SQL commands and exfiltrate sensitive data such as patient r...

8.8CVSS6.2AI score0.00272EPSS

Exploits1References2Affected Software1

8.8CVSS6.2AI score0.00272EPSS

CVE-2019-25678

C4G Basic Laboratory Information System 3.4 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL commands by injecting malicious code through the site parameter. Attackers can send GET requests to the usersselect.php endpoint with crafted S...

Exploits1References2Affected Software1

8.8CVSS6.2AI score0.00465EPSS

CVE-2019-25676

Ask Expert Script 3.0.5 contains cross-site scripting and SQL injection vulnerabilities that allow unauthenticated attackers to inject malicious code by manipulating URL parameters. Attackers can inject script tags through the cateid parameter in categorysearch.php or SQL code through the view...

Cvelist•added 2026/04/05 8:45 p.m.•19 views

CVE-2019-25676 Ask Expert Script 3.0.5 Cross Site Scripting SQL Injection

8.8CVSS0.00465EPSS

CVE•added 2026/04/05 8:45 p.m.•6 views

CVE-2019-25672

PilusCart 1.4.1 is affected by a SQL injection in the send parameter. Unauthenticated attackers can craft POST requests to the comment submission endpoint using RLIKE-based boolean SQL payloads to extract data from the database. The available sources confirm the vulnerability and affected version...

8.8CVSS6.1AI score0.00377EPSS