Total
18998 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-1135 | 1 Churchcrm | 1 Churchcrm | 2025-02-25 | 7.2 High |
| A vulnerability exists in ChurchCRM 5.13.0. and prior that allows an attacker to execute arbitrary SQL queries by exploiting a boolean-based and time-based blind SQL Injection vulnerability in the BatchWinnerEntry functionality. The CurrentFundraiser parameter is directly concatenated into an SQL query without sufficient sanitization, allowing an attacker to manipulate database queries and execute arbitrary commands, potentially leading to data exfiltration, modification, or deletion. Please note the vulnerability requires Administrator privileges. | ||||
| CVE-2023-28663 | 1 Formidablepro2pdf | 1 Formidable Pro2pdf | 2025-02-25 | 8.8 High |
| The Formidable PRO2PDF WordPress Plugin, version < 3.11, is affected by an authenticated SQL injection vulnerability in the ‘fieldmap’ parameter in the fpropdf_export_file action. | ||||
| CVE-2023-28662 | 1 Codemenschen | 1 Gift Vouchers | 2025-02-25 | 9.8 Critical |
| The Gift Cards (Gift Vouchers and Packages) WordPress Plugin, version <= 4.3.1, is affected by an unauthenticated SQL injection vulnerability in the template parameter in the wpgv_doajax_voucher_pdf_save_func action. | ||||
| CVE-2023-28659 | 1 Plugin | 1 Waiting | 2025-02-25 | 8.8 High |
| The Waiting: One-click Countdowns WordPress Plugin, version <= 0.6.2, is affected by an authenticated SQL injection vulnerability in the pbc_down[meta][id] parameter of the pbc_save_downs action. | ||||
| CVE-2023-1153 | 1 Pacsrapor | 1 Pacsrapor | 2025-02-25 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Pacsrapor allows SQL Injection, Command Line Execution through SQL Injection.This issue affects Pacsrapor: before 1.22. | ||||
| CVE-2025-1188 | 1 Codezips | 1 Gym Management System | 2025-02-25 | 6.3 Medium |
| A vulnerability, which was classified as critical, has been found in Codezips Gym Management System 1.0. Affected by this issue is some unknown functionality of the file /dashboard/admin/updateroutine.php. The manipulation of the argument tid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-13480 | 1 Eniture | 1 Ltl Freight Quotes | 2025-02-25 | 7.5 High |
| The LTL Freight Quotes – For Customers of FedEx Freight plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' and 'dropship_edit_id' parameters in all versions up to, and including, 3.4.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | ||||
| CVE-2024-13483 | 1 Eniture | 1 Ltl Freight Quotes | 2025-02-25 | 7.5 High |
| The LTL Freight Quotes – SAIA Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' and 'dropship_edit_id' parameters in all versions up to, and including, 2.2.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | ||||
| CVE-2024-13475 | 1 Eniture | 1 Small Package Quotes | 2025-02-25 | 7.5 High |
| The Small Package Quotes – UPS Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' parameter in all versions up to, and including, 4.5.16 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | ||||
| CVE-2024-13533 | 1 Eniture | 1 Small Package Quotes | 2025-02-25 | 7.5 High |
| The Small Package Quotes – USPS Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' parameter in all versions up to, and including, 1.3.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | ||||
| CVE-2024-13491 | 1 Eniture | 1 Small Package Quotes | 2025-02-25 | 7.5 High |
| The Small Package Quotes – For Customers of FedEx plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' and 'dropship_edit_id' parameters in all versions up to, and including, 4.3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | ||||
| CVE-2023-27871 | 2 Ibm, Linux | 2 Aspera Faspex, Linux Kernel | 2025-02-25 | 7.5 High |
| IBM Aspera Faspex 4.4.2 could allow a remote attacker to obtain sensitive credential information for an external user, using a specially crafted SQL query. IBM X-Force ID: 249613. | ||||
| CVE-2023-1578 | 1 Pimcore | 1 Pimcore | 2025-02-25 | 8.8 High |
| SQL Injection in GitHub repository pimcore/pimcore prior to 10.5.19. | ||||
| CVE-2025-0842 | 1 Needyamin | 1 Library Card System | 2025-02-25 | 7.3 High |
| A vulnerability was found in needyamin Library Card System 1.0 and classified as critical. This issue affects some unknown processing of the file admin.php of the component Login. The manipulation of the argument email/password leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-0880 | 1 Codezips | 1 Gym Management System | 2025-02-25 | 6.3 Medium |
| A vulnerability was found in Codezips Gym Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /dashboard/admin/updateplan.php. The manipulation of the argument planid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-1183 | 1 Codezips | 1 Gym Management System | 2025-02-25 | 6.3 Medium |
| A vulnerability has been found in CodeZips Gym Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /dashboard/admin/more-userprofile.php. The manipulation of the argument login_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2023-28660 | 1 E-dynamics | 1 Events Made Easy | 2025-02-25 | 8.8 High |
| The Events Made Easy WordPress Plugin, version <= 2.3.14 is affected by an authenticated SQL injection vulnerability in the 'search_name' parameter in the eme_recurrences_list action. | ||||
| CVE-2023-28661 | 1 Accesspressthemes | 1 Wp Popup Banners | 2025-02-25 | 8.8 High |
| The WP Popup Banners WordPress Plugin, version <= 1.2.5, is affected by an authenticated SQL injection vulnerability in the 'value' parameter in the get_popup_data action. | ||||
| CVE-2024-25928 | 1 Sitepact | 1 Contact Form 7 Extension For Klaviyo | 2025-02-25 | 7.1 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Sitepact.This issue affects Sitepact: from n/a through 1.0.5. | ||||
| CVE-2023-24788 | 1 Notrinos | 1 Notrinoserp | 2025-02-25 | 8.8 High |
| NotrinosERP v0.7 was discovered to contain a SQL injection vulnerability via the OrderNumber parameter at /NotrinosERP/sales/customer_delivery.php. | ||||