Export limit exceeded: 19456 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (19456 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-20247 | 2 Apptha, Wordpress | 2 Pica Photo Gallery, Wordpress | 2026-06-09 | 8.2 High |
| WordPress Plugin PICA Photo Gallery 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the aid parameter. Attackers can send GET requests with crafted SQL payloads in the aid parameter to extract sensitive database information including user credentials and table contents. | ||||
| CVE-2017-20249 | 2 Apptha, Wordpress | 2 Apptha Slider Gallery, Wordpress | 2026-06-09 | 8.2 High |
| Apptha Slider Gallery 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the albid parameter. Attackers can send GET requests with crafted SQL payloads in the albid parameter to extract sensitive database information including user credentials and authentication hashes. | ||||
| CVE-2026-7486 | 1 Netcad | 1 E-imar | 2026-06-09 | 9.8 Critical |
| Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Netcad Software Inc. E-İmar allows SQL Injection. This issue affects E-İmar: from 2.10.1.0 before 3.0.2. | ||||
| CVE-2026-8025 | 1 Mosk | 1 Cbs Platform | 2026-06-09 | 9.8 Critical |
| Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in MOSK Information Technologies Ltd. CBS Platform allows SQL Injection. This issue affects CBS Platform: through 09062026. NOTE: The vendor was contacted and it was learned that the product is not supported. | ||||
| CVE-2017-20245 | 2 Wordpress, Wow-company | 2 Wordpress, Viral-signup | 2026-06-09 | 8.2 High |
| Wow Viral Signups 2.1 WordPress plugin contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by exploiting the unescaped 'idsignup' POST parameter. Attackers can send crafted requests to the admin-ajax.php endpoint with malicious SQL payloads in the 'idsignup' parameter to read arbitrary data from the database. | ||||
| CVE-2026-11559 | 1 Codeastro | 1 Payroll System | 2026-06-09 | 6.3 Medium |
| A vulnerability was detected in CodeAstro Payroll System 1.0. This affects an unknown function of the file /view_account.php. The manipulation of the argument ID results in sql injection. The attack may be performed from remote. The exploit is now public and may be used. | ||||
| CVE-2026-11472 | 1 Sourcecodester | 1 Class And Exam Timetabling System | 2026-06-09 | 7.3 High |
| A vulnerability was determined in SourceCodester Class and Exam Timetabling System 1.0. This affects an unknown function of the file /index1.php. This manipulation of the argument Password causes sql injection. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2026-11583 | 1 Codeastro | 1 Student Attendance Management System | 2026-06-09 | 6.3 Medium |
| A vulnerability has been found in CodeAstro Student Attendance Management System 1.0. This affects an unknown function of the file /attendance-php/Admin/createClass.php. The manipulation of the argument className leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2026-11531 | 1 Imvks786 | 1 Student Management System | 2026-06-09 | 7.3 High |
| A security flaw has been discovered in imvks786 student_management_system up to 9599b560ad3c3b83e75d328b76bedcd489ef1f46. This impacts an unknown function of the file admin/admin_login.php of the component Administrator Login Endpoint. Performing a manipulation of the argument a_usr/a_pwd results in sql injection. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks. This product adopts a rolling release strategy to maintain continuous delivery. Therefore, version details for affected or updated releases cannot be specified. The project was informed of the problem early through an issue report but has not responded yet. | ||||
| CVE-2026-10874 | 1 Projectworlds | 2 Online Art Gallery Shop, Online Art Gallery Shop Project | 2026-06-09 | 6.3 Medium |
| A vulnerability was identified in projectworlds Online Art Gallery Shop Project 1.0. The affected element is an unknown function of the file /admin/adminHome.php. The manipulation of the argument social_insta leads to sql injection. The attack may be initiated remotely. The exploit is publicly available and might be used. | ||||
| CVE-2026-11506 | 1 Codeastro | 1 Leave Management System | 2026-06-09 | 6.3 Medium |
| A vulnerability has been found in CodeAstro Leave Management System 1.0. This impacts an unknown function of the file /admin/search_staff_for_deletion.php. The manipulation of the argument Name leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2026-11513 | 1 Itsourcecode | 1 Hospital Management System | 2026-06-09 | 6.3 Medium |
| A vulnerability was detected in itsourcecode Hospital Management System 1.0. Impacted is an unknown function of the file /adminaccount.php. The manipulation of the argument Date results in sql injection. The attack can be launched remotely. The exploit is now public and may be used. | ||||
| CVE-2026-11508 | 1 Codeastro | 1 Leave Management System | 2026-06-09 | 6.3 Medium |
| A vulnerability was determined in CodeAstro Leave Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/search_staff_to_assign_pc.php. This manipulation of the argument Name causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2026-11584 | 1 Codeastro | 1 Student Attendance Management System | 2026-06-09 | 6.3 Medium |
| A vulnerability was found in CodeAstro Student Attendance Management System 1.0. This impacts an unknown function of the file /attendance-php/Admin/createClass.php?action=edit. The manipulation of the argument ID results in sql injection. It is possible to launch the attack remotely. The exploit has been made public and could be used. | ||||
| CVE-2026-11483 | 1 Sourcecodester | 1 Class And Exam Timetabling System | 2026-06-09 | 7.3 High |
| A security flaw has been discovered in SourceCodester Class and Exam Timetabling System 1.0. This affects an unknown function of the file /archive4.php. The manipulation of the argument sy results in sql injection. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks. | ||||
| CVE-2026-11490 | 1 Code-projects | 1 Online Music Site | 2026-06-09 | 7.3 High |
| A vulnerability was determined in code-projects Online Music Site 1.0. This issue affects some unknown processing of the file /Frontend/Search.php. This manipulation of the argument Category causes sql injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2026-11485 | 1 Sourcecodester | 1 Class And Exam Timetabling System | 2026-06-09 | 7.3 High |
| A security vulnerability has been detected in SourceCodester Class and Exam Timetabling System 1.0. Affected is an unknown function of the file /archive2.php. Such manipulation of the argument sy leads to sql injection. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. | ||||
| CVE-2017-20244 | 2 Wordpress, Wow-company | 2 Wordpress, Wow Forms | 2026-06-09 | 8.2 High |
| Wow Forms WordPress Plugin version 2.1 contains an SQL injection vulnerability that allows unauthenticated attackers to read arbitrary database information by exploiting an unescaped POST parameter. Attackers can inject SQL code through the 'mwpformid' parameter in requests to the admin-ajax.php endpoint with the 'send_mwp_form' action to extract sensitive database contents. | ||||
| CVE-2026-49741 | 1 Typo3 | 1 Typo3 | 2026-06-09 | N/A |
| Backend users with write access to the form_definition database table were able to directly create, update, or delete form definition records via DataHandler, bypassing the Form Framework's persistence validation and permission checks. This allowed injecting arbitrary form configurations, re-enabling attack vectors originally addressed in TYPO3-CORE-SA-2018-003, including SQL injection and privilege escalation. This issue affects TYPO3 CMS versions 14.0.0-14.3.3. | ||||
| CVE-2026-11585 | 1 Codeastro | 1 Student Attendance Management System | 2026-06-09 | 6.3 Medium |
| A vulnerability was determined in CodeAstro Student Attendance Management System 1.0. Affected is an unknown function of the file /attendance-php/Admin/createClassArms.php. This manipulation of the argument classId causes sql injection. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. | ||||