Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): sql injection
- Search Type: Search All
- CPE Name Search: false
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2024-35350 |
A vulnerability has been discovered in Diño Physics School Assistant version 2.3. The vulnerability impacts an unidentified code within the file /admin/?page=borrow/view_borrow. Manipulating the argument id can result in SQL injection. Published: May 30, 2024; 1:15:33 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-35349 |
A vulnerability has been discovered in Diño Physics School Assistant version 2.3. The vulnerability impacts an unidentified code within the file /admin/category/view_category.php. Manipulating the argument id can result in SQL injection. Published: May 30, 2024; 1:15:33 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-5519 |
A vulnerability classified as critical was found in ItsourceCode Learning Management System Project In PHP 1.0. This vulnerability affects unknown code of the file login.php. The manipulation of the argument user_email leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-266590 is the identifier assigned to this vulnerability. Published: May 30, 2024; 12:15:19 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-35358 |
A vulnerability has been discovered in Diño Physics School Assistant version 2.3. The vulnerability impacts an unidentified code within the file /classes/Master.php?f=view_category. Manipulating the argument id can result in SQL injection. Published: May 30, 2024; 12:15:10 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-35357 |
A vulnerability has been discovered in Diño Physics School Assistant version 2.3. The vulnerability impacts an unidentified code within the file /classes/Master.php?f=delete_item. Manipulating the argument id can result in SQL injection. Published: May 30, 2024; 12:15:10 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-35356 |
A vulnerability has been discovered in Diño Physics School Assistant version 2.3. The vulnerability impacts an unidentified code within the file /classes/Master.php?f=save_item. Manipulating the argument id can result in SQL injection. Published: May 30, 2024; 12:15:10 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-35355 |
A vulnerability has been discovered in Diño Physics School Assistant version 2.3. The vulnerability impacts an unidentified code within the file /classes/Master.php?f=delete_category. Manipulating the argument id can result in SQL injection. Published: May 30, 2024; 12:15:10 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-35354 |
A vulnerability has been discovered in Diño Physics School Assistant version 2.3. The vulnerability impacts an unidentified code within the file /classes/Master.php?f=save_category. Manipulating the argument id can result in SQL injection. Published: May 30, 2024; 12:15:10 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-5517 |
A vulnerability was found in itsourcecode Online Blood Bank Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file changepwd.php. The manipulation of the argument useremail leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-266588. Published: May 30, 2024; 11:15:50 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-5516 |
A vulnerability was found in itsourcecode Online Blood Bank Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file massage.php. The manipulation of the argument bid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-266587. Published: May 30, 2024; 10:15:09 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-5515 |
A vulnerability was found in SourceCodester Stock Management System 1.0. It has been classified as critical. Affected is an unknown function of the file createBrand.php. The manipulation of the argument brandName leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-266586 is the identifier assigned to this vulnerability. Published: May 30, 2024; 9:15:50 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-1100 |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Vadi Corporate Information Systems DIGIKENT GIS allows SQL Injection.This issue affects DIGIKENT GIS: through 2.23.5. Published: May 30, 2024; 8:15:10 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-5207 |
The POST SMTP – The #1 WordPress SMTP Plugin with Advanced Email Logging and Delivery Failure Notifications plugin for WordPress is vulnerable to time-based SQL Injection via the selected parameter in all versions up to, and including, 2.9.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with administrator access or higher to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. Published: May 30, 2024; 2:15:09 AM -0400 |
V4.0:(not available) V3.1: 7.2 HIGH V2.0:(not available) |
CVE-2024-35548 |
A SQL injection vulnerability in Mybatis plus versions below 3.5.6 allows remote attackers to obtain database information via a Boolean blind injection. NOTE: the vendor's position is that this can only occur in a misconfigured application; the documentation discusses how to develop applications that avoid SQL injection. Published: May 28, 2024; 5:16:31 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-35511 |
phpgurukul Men Salon Management System v2.0 is vulnerable to SQL Injection via the "username" parameter of /msms/admin/index.php. Published: May 28, 2024; 5:16:31 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-33450 |
SQL Injection in Finereport v.8.0 allows a remote attacker to obtain sensitive information Published: May 28, 2024; 3:15:10 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-33402 |
A SQL injection vulnerability in /model/approve_petty_cash.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the id parameter. Published: May 28, 2024; 2:15:09 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-35563 |
CDG-Server-V5.6.2.126.139 and earlier was discovered to contain a SQL injection vulnerability via the permissionId parameter in CDGTempPermissions. Published: May 28, 2024; 1:15:11 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-33808 |
A SQL injection vulnerability in /model/get_timetable.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the id parameter. Published: May 28, 2024; 12:15:16 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-33807 |
A SQL injection vulnerability in /model/get_teacher_timetable.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the grade parameter. Published: May 28, 2024; 12:15:16 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |