Export limit exceeded: 17908 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (17908 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-8336 | 2 Oretnom23, Sourcecodester | 2 Music Gallery Site, Music Gallery Site | 2024-09-04 | 6.3 Medium |
| A vulnerability classified as critical was found in SourceCodester Music Gallery Site 1.0. Affected by this vulnerability is an unknown functionality of the file /php-music/classes/Master.php?f=delete_music. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-41372 | 2 Causefx, Organizr | 2 Organizr, Organizr | 2024-09-04 | 9.8 Critical |
| Organizr v1.90 was discovered to contain a SQL injection vulnerability via chat/settyping.php. | ||||
| CVE-2024-41370 | 2 Causefx, Organizr | 2 Organizr, Organizr | 2024-09-04 | 9.8 Critical |
| Organizr v1.90 was discovered to contain a SQL injection vulnerability via chat/setlike.php. | ||||
| CVE-2024-44921 | 1 Seacms | 1 Seacms | 2024-09-04 | 9.8 Critical |
| SeaCMS v12.9 was discovered to contain a SQL injection vulnerability via the id parameter at /dmplayer/dmku/index.php?ac=del. | ||||
| CVE-2024-6672 | 1 Progress | 2 Whatsup Gold, Whatsupgold | 2024-09-04 | 8.8 High |
| In WhatsUp Gold versions released before 2024.0.0, a SQL Injection vulnerability allows an authenticated low-privileged attacker to achieve privilege escalation by modifying a privileged user's password. | ||||
| CVE-2024-43941 | 1 Propovoice | 2 Propovoice, Propovoice Pro | 2024-09-04 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Propovoice Propovoice Pro allows SQL Injection.This issue affects Propovoice Pro: from n/a through 1.7.0.3. | ||||
| CVE-2024-43776 | 2 Easytest, Huaju | 2 Easytest Online Test Platform, Easytest Online Learning Test Platform | 2024-09-04 | 8.8 High |
| SQL Injection in mock exam function of Easytest Online Test Platform ver.24E01 and earlier allow remote authenticated users to execute arbitrary SQL commands via the qlevel parameter. | ||||
| CVE-2024-43775 | 2 Easytest, Huaju | 2 Easytest Online Test Platform, Easytest Online Learning Test Platform | 2024-09-04 | 8.8 High |
| SQL Injection in search course titles function of Easytest Online Test Platform ver.24E01 and earlier allow remote authenticated users to execute arbitrary SQL commands via the search parameter. | ||||
| CVE-2024-43774 | 2 Easytest, Huaju | 2 Easytest Online Test Platform, Easytest Online Learning Test Platform | 2024-09-04 | 8.8 High |
| SQL Injection in download personal learning course function of Easytest Online Test Platform ver.24E01 and earlier allow remote authenticated users to execute arbitrary SQL commands via the uid parameter. | ||||
| CVE-2024-43773 | 2 Easytest, Huaju | 2 Easytest Online Test Platform, Easytest Online Learning Test Platform | 2024-09-04 | 9.8 Critical |
| SQL Injection in download class learning course function of Easytest Online Test Platform ver.24E01 and earlier allow remote attackers to execute arbitrary SQL commands via the cstr parameter. | ||||
| CVE-2024-43772 | 2 Easytest, Huaju | 2 Easytest Online Test Platform, Easytest Online Learning Test Platform | 2024-09-04 | 9.8 Critical |
| SQL Injection in download student learning course function of Easytest Online Test Platform ver.24E01 and earlier allow remote attackers to execute arbitrary SQL commands via the uid parameter. | ||||
| CVE-2024-8344 | 1 Campcodes | 1 Supplier Management System | 2024-09-03 | 6.3 Medium |
| A vulnerability has been found in Campcodes Supplier Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/edit_area.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-7936 | 2 Itsourcecode, Project Expense Monitoring System Project | 2 Project Expense Monitoring System, Project Expense Monitoring System | 2024-09-03 | 6.3 Medium |
| A vulnerability classified as critical has been found in itsourcecode Project Expense Monitoring System 1.0. This affects an unknown part of the file transferred_report.php. The manipulation of the argument start/end/employee leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-7937 | 2 Itsourcecode, Project Expense Monitoring System Project | 2 Project Expense Monitoring System, Project Expense Monitoring System | 2024-09-03 | 6.3 Medium |
| A vulnerability classified as critical was found in itsourcecode Project Expense Monitoring System 1.0. This vulnerability affects unknown code of the file printtransfer.php. The manipulation of the argument transfer_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-42568 | 1 Arajajyothibabu | 1 School Management System | 2024-09-03 | 9.8 Critical |
| School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the transport parameter at vehicle.php. | ||||
| CVE-2024-7798 | 2 Oretnom23, Sourcecodester | 2 Simple Online Bidding System, Simple Online Bidding System | 2024-09-03 | 7.3 High |
| A vulnerability was found in SourceCodester Simple Online Bidding System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /simple-online-bidding-system/bidding/admin/ajax.php?action=login2. The manipulation of the argument username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-7853 | 2 Oretnom23, Sourcecodester | 2 Yoga Class Registration System, Yoga Class Registration System | 2024-09-03 | 6.3 Medium |
| A vulnerability was found in SourceCodester Yoga Class Registration System up to 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/?page=categories/view_category. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-45622 | 1 Asis | 1 Asis | 2024-09-03 | 9.8 Critical |
| ASIS (aka Aplikasi Sistem Sekolah using CodeIgniter 3) 3.0.0 through 3.2.0 allows index.php username SQL injection for Authentication Bypass. | ||||
| CVE-2024-42361 | 1 Apache | 1 Hertzbeat | 2024-09-03 | 7.5 High |
| Hertzbeat is an open source, real-time monitoring system. Hertzbeat 1.6.0 and earlier declares a /api/monitor/{monitorId}/metric/{metricFull} endpoint to download job metrics. In the process, it executes a SQL query with user-controlled data, allowing for SQL injection. | ||||
| CVE-2024-8331 | 1 Openrapid | 1 Rapidcms | 2024-09-03 | 6.3 Medium |
| A vulnerability was found in OpenRapid RapidCMS up to 1.3.1. It has been classified as critical. This affects an unknown part of the file /admin/user/user-move-run.php. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||