Security Vulnerabilities, CVEs, (Sql injection) CVSS score >= 9
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Realtyna Realtyna Organic IDX plugin.This issue affects Realtyna Organic IDX plugin: from n/a through 4.14.4.
Max CVSS
9.3
EPSS Score
0.04%
Published
2024-04-15
Updated
2024-04-15
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Travel Engine.This issue affects WP Travel Engine: from n/a through 5.7.9.
Max CVSS
9.3
EPSS Score
0.04%
Published
2024-03-29
Updated
2024-04-01
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CRM Perks CRM Perks Forms.This issue affects CRM Perks Forms: from n/a through 1.1.4.
Max CVSS
9.3
EPSS Score
0.04%
Published
2024-03-29
Updated
2024-04-01
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.8.
Max CVSS
9.3
EPSS Score
0.04%
Published
2024-03-29
Updated
2024-04-01
SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/reports/activitylogreport, 'sortby' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted query to the server and extract all the data from it.
Max CVSS
9.8
EPSS Score
0.04%
Published
2024-03-21
Updated
2024-03-21
SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/default/reports/exportactiveuserrpt, 'sort_name' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted query to the server and extract all the data from it.
Max CVSS
9.8
EPSS Score
0.04%
Published
2024-03-21
Updated
2024-03-21
SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/default/reports/activeuserrptpdf, 'sort_name' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted query to the server and extract all the data from it.
Max CVSS
9.8
EPSS Score
0.04%
Published
2024-03-21
Updated
2024-03-21
SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/reports/businessunits/format/html, 'bunitname' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted query to the server and extract all the data from it.
Max CVSS
9.8
EPSS Score
0.04%
Published
2024-03-21
Updated
2024-03-21
SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/empscreening/add, 'agencyids' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted query to the server and extract all the data from it.
Max CVSS
9.8
EPSS Score
0.04%
Published
2024-03-21
Updated
2024-03-21
SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/index/getdepartments/sentrifugo/index.php/index/updatecontactnumber, 'id' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted query to the server and extract all the data from it.
Max CVSS
9.8
EPSS Score
0.04%
Published
2024-03-21
Updated
2024-03-21
SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/index/getdepartments/format/html, 'business_id' parameter./sentrifugo/index.php/index/getdepartments/format/html, 'business_id' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted query to the server and extract all the data from it.
Max CVSS
9.8
EPSS Score
0.04%
Published
2024-03-21
Updated
2024-03-21
A SQL Injection has been found on SCAN_VISIO eDocument Suite Web Viewer of Abast. This vulnerability allows an unauthenticated user to retrieve, update and delete all the information of database. This vulnerability was found on login page via "user" parameter.
Max CVSS
9.8
EPSS Score
0.04%
Published
2024-03-21
Updated
2024-03-21
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ValvePress Automatic allows SQL Injection.This issue affects Automatic: from n/a through 3.92.0.
Max CVSS
9.9
EPSS Score
0.04%
Published
2024-03-21
Updated
2024-03-21
pgx is a PostgreSQL driver and toolkit for Go. SQL injection can occur if an attacker can cause a single query or bind message to exceed 4 GB in size. An integer overflow in the calculated message size can cause the one large message to be sent as multiple messages under the attacker's control. The problem is resolved in v4.18.2 and v5.5.4. As a workaround, reject user input large enough to cause a single query or bind message to exceed 4 GB in size.
Max CVSS
9.8
EPSS Score
0.04%
Published
2024-03-06
Updated
2024-03-06
parse-server is a Parse Server for Node.js / Express. This vulnerability allows SQL injection when Parse Server is configured to use the PostgreSQL database. The vulnerability has been fixed in 6.5.0 and 7.0.0-alpha.20.
Max CVSS
10.0
EPSS Score
0.05%
Published
2024-03-01
Updated
2024-03-01
EBM Technologies RISWEB's specific query function parameter does not properly restrict user input, and this feature page is accessible without login. This allows remote attackers to inject SQL commands without authentication, enabling them to read, modify, and delete database records.
Max CVSS
9.8
EPSS Score
0.09%
Published
2024-02-15
Updated
2024-02-15
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Joel Starnes postMash – custom post order.This issue affects postMash – custom post order: from n/a through 1.2.0.
Max CVSS
9.3
EPSS Score
0.04%
Published
2024-02-28
Updated
2024-02-28
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Skymoonlabs MoveTo.This issue affects MoveTo: from n/a through 6.2.
Max CVSS
9.8
EPSS Score
0.04%
Published
2024-02-28
Updated
2024-02-28
Code-projects Hotel Managment System 1.0 allows SQL Injection via the 'eid' parameter in Hotel/admin/usersettingdel.php?eid=2.
Max CVSS
9.8
EPSS Score
0.11%
Published
2024-02-09
Updated
2024-02-12
Code-projects Hotel Managment System 1.0, allows SQL Injection via the 'rid' parameter in Hotel/admin/roombook.php?rid=2.
Max CVSS
9.8
EPSS Score
0.11%
Published
2024-02-09
Updated
2024-02-12
Code-projects Hotel Managment System 1.0, allows SQL Injection via the 'sid' parameter in Hotel/admin/show.php?sid=2.
Max CVSS
9.8
EPSS Score
0.11%
Published
2024-02-09
Updated
2024-02-12
Code-projects Cinema Seat Reservation System 1.0 allows SQL Injection via the 'id' parameter at "/Cinema-Reservation/booking.php?id=1."
Max CVSS
9.8
EPSS Score
0.11%
Published
2024-02-09
Updated
2024-02-12
Sourcecodester Event Student Attendance System 1.0, allows SQL Injection via the 'student' parameter.
Max CVSS
9.8
EPSS Score
0.11%
Published
2024-02-09
Updated
2024-02-22
Task Manager App v1.0 was discovered to contain a SQL injection vulnerability via the projectID parameter at /TaskManager/EditProject.php.
Max CVSS
9.8
EPSS Score
0.11%
Published
2024-02-14
Updated
2024-02-16
Task Manager App v1.0 was discovered to contain a SQL injection vulnerability via the taskID parameter at /TaskManager/EditTask.php.
Max CVSS
9.8
EPSS Score
0.11%
Published
2024-02-14
Updated
2024-02-16
4130 vulnerabilities found
1
2
3
4
5
6 ......
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166