Total
17358 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-36859 | 1 Nagios | 2 Nagios Xi, Xi | 2025-11-17 | 8.8 High |
| The Core Config Manager (CCM) in Nagios XI versions prior to CCM 3.0.7 / Nagios XI 5.7.4 contains multiple SQL injection vulnerabilities in the object edit pages. Unsanitized user-supplied input was incorporated into SQL queries used by configuration object editors, allowing authenticated users to inject SQL fragments. Successful exploitation could lead to unauthorized disclosure or modification of configuration and application data, and in some environments could allow further compromise of the application or backend database. | ||||
| CVE-2016-15050 | 1 Nagios | 2 Nagios Xi, Xi | 2025-11-17 | 8.8 High |
| Nagios XI versions prior to 5.2.4 contain a SQL injection vulnerability in the notification search functionality. User-supplied search parameters were incorporated into SQL statements without adequate parameterization or sanitation, allowing an authenticated user to manipulate database queries. Successful exploitation could disclose or modify notification data and, in some cases, impact the application database more broadly. | ||||
| CVE-2024-55016 | 1 Phpgurukul | 2 Student Management System, Student Record System | 2025-11-17 | 6.5 Medium |
| PHPGurukul Student Record Management System 3.20 is vulnerable to SQL Injection via the id and password parameters in login.php. | ||||
| CVE-2024-44630 | 1 Phpgurukul | 1 Student Record System | 2025-11-17 | 6.5 Medium |
| Multiple parameters in register.php in PHPGurukul Student Record System 3.20 are vulnerable to SQL injection. These include: c-full, fname, mname,lname, gname, ocp, nation, mobno, email, board1, roll1, pyear1, board2, roll2, pyear2, sub1,marks1, sub2, course-short, income, category, ph, country, state, city, padd, cadd, and gender. | ||||
| CVE-2024-44632 | 1 Phpgurukul | 1 Student Record System | 2025-11-17 | 6.5 Medium |
| PHPGurukul Student Record System 3.20 is vulnerable to SQL Injection via the id and emailid parameters in password-recovery.php. | ||||
| CVE-2024-44633 | 1 Phpgurukul | 1 Student Record System | 2025-11-17 | 6.5 Medium |
| PHPGurukul Student Record System 3.20 is vulnerable to SQL Injection via the currentpassword parameter in change-password.php. | ||||
| CVE-2024-13973 | 1 Sophos | 2 Firewall, Firewall Firmware | 2025-11-17 | 6.8 Medium |
| A post-auth SQL injection vulnerability in WebAdmin of Sophos Firewall versions older than 21.0 MR1 (21.0.1) can potentially lead to administrators achieving arbitrary code execution. | ||||
| CVE-2025-7624 | 1 Sophos | 2 Firewall, Firewall Firmware | 2025-11-17 | 9.8 Critical |
| An SQL injection vulnerability in the legacy (transparent) SMTP proxy of Sophos Firewall versions older than 21.0 MR2 (21.0.2) can lead to remote code execution, if a quarantining policy is active for Email and SFOS was upgraded from a version older than 21.0 GA. | ||||
| CVE-2025-1389 | 1 Learningdigital | 1 Orca Hcm | 2025-11-17 | 8.8 High |
| Orca HCM from Learning Digital has a SQL Injection vulnerability, allowing attackers with regular privileges to inject arbitrary SQL commands to read, modify, and delete database contents. | ||||
| CVE-2025-12855 | 2 Codeprojects, Fabian | 2 Responsive Hotel Site, Responsive Hotel Site | 2025-11-17 | 4.7 Medium |
| A security flaw has been discovered in code-projects Responsive Hotel Site 1.0. This issue affects some unknown processing of the file /admin/newsletterdel.php. The manipulation of the argument eid results in sql injection. It is possible to launch the attack remotely. The exploit has been released to the public and may be exploited. | ||||
| CVE-2025-12856 | 2 Codeprojects, Fabian | 2 Responsive Hotel Site, Responsive Hotel Site | 2025-11-17 | 4.7 Medium |
| A weakness has been identified in code-projects Responsive Hotel Site 1.0. Impacted is an unknown function of the file /admin/reservation.php. This manipulation of the argument email causes sql injection. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited. | ||||
| CVE-2025-12857 | 2 Codeprojects, Fabian | 2 Responsive Hotel Site, Responsive Hotel Site | 2025-11-17 | 4.7 Medium |
| A security vulnerability has been detected in code-projects Responsive Hotel Site 1.0. The affected element is an unknown function of the file /admin/roombook.php. Such manipulation of the argument rid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. | ||||
| CVE-2025-12913 | 2 Codeprojects, Fabian | 2 Responsive Hotel Site, Responsive Hotel Site | 2025-11-17 | 4.7 Medium |
| A flaw has been found in code-projects Responsive Hotel Site 1.0. This affects an unknown part of the file /admin/roomdel.php. Executing manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published and may be used. | ||||
| CVE-2025-12932 | 2 Janobe, Sourcecodester | 2 Baby Care System, Baby Care System | 2025-11-17 | 4.7 Medium |
| A vulnerability was determined in SourceCodester Baby Care System 1.0. Affected by this issue is some unknown functionality of the file /admin.php?id=inbox. This manipulation of the argument msgid causes sql injection. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2025-12933 | 2 Janobe, Sourcecodester | 2 Baby Care System, Baby Care System | 2025-11-17 | 6.3 Medium |
| A vulnerability was identified in SourceCodester Baby Care System 1.0. This affects an unknown part of the file /updatewelcome.php?id=siteoptions&action=welcome. Such manipulation of the argument roleid leads to sql injection. The attack can be launched remotely. The exploit is publicly available and might be used. | ||||
| CVE-2025-12938 | 1 Projectworlds | 1 Online Admission System | 2025-11-17 | 7.3 High |
| A vulnerability was identified in projectworlds Online Admission System 1.0. Affected by this vulnerability is an unknown functionality of the file /process_login.php. The manipulation of the argument keywords leads to sql injection. The attack can be initiated remotely. The exploit is publicly available and might be used. | ||||
| CVE-2025-12939 | 2 Janobe, Sourcecodester | 2 Interview Management System, Interview Management System | 2025-11-17 | 6.3 Medium |
| A security flaw has been discovered in SourceCodester Interview Management System up to 1.0. Affected by this issue is some unknown functionality of the file /addCandidate.php. The manipulation of the argument candName results in sql injection. The attack can be launched remotely. The exploit has been released to the public and may be exploited. | ||||
| CVE-2025-13057 | 1 Campcodes | 1 School Fees Payment Management System | 2025-11-17 | 6.3 Medium |
| A vulnerability was identified in Campcodes School Fees Payment Management System 1.0. Impacted is an unknown function of the file /ajax.php?action=save_student. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit is publicly available and might be used. | ||||
| CVE-2025-13059 | 2 Oretnom23, Sourcecodester | 2 Alumni Management System, Alumni Management System | 2025-11-17 | 6.3 Medium |
| A weakness has been identified in SourceCodester Alumni Management System 1.0. The impacted element is an unknown function of the file /manage_career.php. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be exploited. | ||||
| CVE-2025-13060 | 2 Oretnom23, Sourcecodester | 2 Survey Application System, Survey Application System | 2025-11-17 | 7.3 High |
| A security vulnerability has been detected in SourceCodester Survey Application System 1.0. This affects an unknown function of the file /view_survey.php. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit has been disclosed publicly and may be used. | ||||