Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by CWE-89
Total 9311 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-24643 1 Judging Management System Project 1 Judging Management System 2023-03-09 N/A 9.8 CRITICAL
Judging Management System v1.0 was discovered to contain a SQL injection vulnerability via the sid parameter at /php-jms/updateBlankTxtview.php.
CVE-2014-125091 1 Codepeople 1 Polls Cp 2023-03-09 N/A 9.8 CRITICAL
A vulnerability has been found in codepeople cp-polls Plugin 1.0.1 and classified as critical. This vulnerability affects unknown code of the file cp-admin-int-message-list.inc.php. The manipulation of the argument lu leads to sql injection. The attack can be initiated remotely. Upgrading to version 1.0.2 is able to address this issue. The name of the patch is 6d7168cbf12d1c183bacc5cd5678f6f5b0d518d2. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-222268.
CVE-2008-10003 1 Flashgames Project 1 Flashgames 2023-03-09 N/A 9.8 CRITICAL
A vulnerability was found in iGamingModules flashgames 1.1.0. It has been classified as critical. Affected is an unknown function of the file game.php. The manipulation of the argument lid leads to sql injection. It is possible to launch the attack remotely. The name of the patch is 6e57683704885be32eea2ea614f80c9bb8f012c5. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-222288.
CVE-2021-4328 1 Lionfish Cms Project 1 Lionfish Cms 2023-03-09 N/A 9.8 CRITICAL
A vulnerability has been found in ???CMS and classified as critical. Affected by this vulnerability is the function goods_detail of the file ApiController.class.php. The manipulation of the argument goods_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The associated identifier of this vulnerability is VDB-222223.
CVE-2023-24258 1 Spip 1 Spip 2023-03-09 N/A 9.8 CRITICAL
SPIP v4.1.5 and earlier was discovered to contain a SQL injection vulnerability via the _oups parameter. This vulnerability allows attackers to execute arbitrary code via a crafted POST request.
CVE-2023-23155 1 Art Gallery Management System Project 1 Art Gallery Management System 2023-03-09 N/A 9.8 CRITICAL
Art Gallery Management System Project in PHP 1.0 was discovered to contain a SQL injection vulnerability via the username parameter in the Admin Login.
CVE-2015-10086 1 Server-php Project 1 Server-php 2023-03-08 N/A 9.8 CRITICAL
A vulnerability, which was classified as critical, was found in OpenCycleCompass server-php. Affected is an unknown function of the file api1/login.php. The manipulation of the argument user leads to sql injection. It is possible to launch the attack remotely. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The name of the patch is fa0d9bcf81c711a88172ad0d37a842f029ac3782. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-221808.
CVE-2022-3792 1 Gullseye 1 Gullseye Terminal Operating System 2023-03-08 N/A 9.8 CRITICAL
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in GullsEye GullsEye terminal operating system allows SQL Injection.This issue affects GullsEye terminal operating system: from unspecified before 5.0.13.
CVE-2022-4422 1 Bulutses 1 Bulutdesk Callcenter 2023-03-08 N/A 9.8 CRITICAL
Call Center System developed by Bulutses Information Technologies before version 3.0 has an unauthenticated Sql Injection vulnerability. This has been fixed in the version 3.0
CVE-2022-1531 1 Rtx Project 1 Rtx 2023-03-07 10.0 HIGH 9.8 CRITICAL
SQL injection vulnerability in ARAX-UI Synonym Lookup functionality in GitHub repository rtxteam/rtx prior to checkpoint_2022-04-20 . This vulnerability is critical as it can lead to remote code execution and thus complete server takeover.
CVE-2022-4566 1 Ruoyi 1 Ruoyi 2023-03-07 N/A 9.8 CRITICAL
A vulnerability, which was classified as critical, has been found in y_project RuoYi 4.7.5. This issue affects some unknown processing of the file com/ruoyi/generator/controller/GenController. The manipulation leads to sql injection. The name of the patch is 167970e5c4da7bb46217f576dc50622b83f32b40. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-215975.
CVE-2023-24253 1 Domoticalabs 1 Ikon Server 2023-03-07 N/A 9.8 CRITICAL
Domotica Labs srl Ikon Server before v2.8.6 was discovered to contain a SQL injection vulnerability.
CVE-2023-26032 1 Zoneminder 1 Zoneminder 2023-03-07 N/A 8.1 HIGH
ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain SQL Injection via malicious jason web token. The Username field of the JWT token was trusted when performing an SQL query to load the user. If an attacker could determine the HASH key used by ZoneMinder, they could generate a malicious JWT token and use it to execute arbitrary SQL. This issue is fixed in versions 1.36.33 and 1.37.33.
CVE-2023-26034 1 Zoneminder 1 Zoneminder 2023-03-07 N/A 8.8 HIGH
ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 are affected by a SQL Injection vulnerability. The (blind) SQL Injection vulnerability is present within the `filter[Query][terms][0][attr]` query string parameter of the `/zm/index.php` endpoint. A user with the View or Edit permissions of Events may execute arbitrary SQL. The resulting impact can include unauthorized data access (and modification), authentication and/or authorization bypass, and remote code execution.
CVE-2023-24206 1 Davinci Project 1 Davinci 2023-03-07 N/A 9.8 CRITICAL
Davinci v0.3.0-rc was discovered to contain a SQL injection vulnerability via the copyDisplay function.
CVE-2022-34909 1 Aremis 1 Aremis 4 Nomads 2023-03-07 N/A 9.1 CRITICAL
An issue was discovered in the A4N (Aremis 4 Nomad) application 1.5.0 for Android. It allows SQL Injection, by which an attacker can bypass authentication and retrieve data that is stored in the database.
CVE-2023-26037 1 Zoneminder 1 Zoneminder 2023-03-07 N/A 9.8 CRITICAL
ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain an SQL Injection. The minTime and maxTime request parameters are not properly validated and could be used execute arbitrary SQL. This issue is fixed in versions 1.36.33 and 1.37.33.
CVE-2023-26550 1 Bmc 1 Control-m 2023-03-07 N/A 9.8 CRITICAL
A SQL injection vulnerability in BMC Control-M before 9.0.20.214 allows attackers to execute arbitrary SQL commands via the memname JSON field.
CVE-2023-23156 1 Art Gallery Management System Project 1 Art Gallery Management System 2023-03-06 N/A 9.8 CRITICAL
Art Gallery Management System Project in PHP 1.0 was discovered to contain a SQL injection vulnerability via the pid parameter in the single-product page.
CVE-2023-25432 1 Online Reviewer Management System Project 1 Online Reviewer Management System 2023-03-06 N/A 7.2 HIGH
An issue was discovered in Online Reviewer Management System v1.0. There is a SQL injection that can directly issue instructions to the background database system via reviewer_0/admins/assessments/course/course-update.php.