Total
11922 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-34927 | 2024-07-03 | N/A | 9.8 CRITICAL | ||
| A SQL injection vulnerability in /model/update_classroom.php in Campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the name parameter. | |||||
| CVE-2024-34534 | 2024-07-03 | N/A | 7.3 HIGH | ||
| A SQL injection vulnerability in Cybrosys Techno Solutions Text Commander module (aka text_commander) 16.0 through 16.0.1 allows a remote attacker to gain privileges via the data parameter to models/ir_model.py:IrModel::chech_model. | |||||
| CVE-2024-34533 | 2024-07-03 | N/A | 7.3 HIGH | ||
| A SQL injection vulnerability in ZI PT Solusi Usaha Mudah Analytic Data Query module (aka izi_data) 11.0 through 17.x before 17.0.3 allows a remote attacker to gain privileges via a query to IZITools::query_check, IZITools::query_fetch, or IZITools::query_execute. | |||||
| CVE-2024-34532 | 2024-07-03 | N/A | 9.8 CRITICAL | ||
| A SQL injection vulnerability in Yvan Dotet PostgreSQL Query Deluxe module (aka query_deluxe) 17.x before 17.0.0.4 allows a remote attacker to gain privileges via the query parameter to models/querydeluxe.py:QueryDeluxe::get_result_from_query. | |||||
| CVE-2024-34472 | 2024-07-03 | N/A | 5.9 MEDIUM | ||
| An issue was discovered in HSC Mailinspector 5.2.17-3 through v.5.2.18. An authenticated blind SQL injection vulnerability exists in the mliRealtimeEmails.php file. The ordemGrid parameter in a POST request to /mailinspector/mliRealtimeEmails.php does not properly sanitize input, allowing an authenticated attacker to execute arbitrary SQL commands, leading to the potential disclosure of the entire application database. | |||||
| CVE-2024-34256 | 2024-07-03 | N/A | 9.8 CRITICAL | ||
| OFCMS V1.1.2 is vulnerable to SQL Injection via the new table function. | |||||
| CVE-2024-34222 | 2024-07-03 | N/A | 5.9 MEDIUM | ||
| Sourcecodester Human Resource Management System 1.0 is vulnerable to SQL Injection via the searccountry parameter. | |||||
| CVE-2024-34220 | 2024-07-03 | N/A | 7.5 HIGH | ||
| Sourcecodester Human Resource Management System 1.0 is vulnerable to SQL Injection via the 'leave' parameter. | |||||
| CVE-2024-33807 | 2024-07-03 | N/A | 5.4 MEDIUM | ||
| A SQL injection vulnerability in /model/get_teacher_timetable.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the grade parameter. | |||||
| CVE-2024-33805 | 2024-07-03 | N/A | 9.8 CRITICAL | ||
| A SQL injection vulnerability in /model/get_student.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2024-33804 | 2024-07-03 | N/A | 6.3 MEDIUM | ||
| A SQL injection vulnerability in /model/get_subject.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2024-33801 | 2024-07-03 | N/A | 9.8 CRITICAL | ||
| A SQL injection vulnerability in /model/get_subject_routing.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2024-33485 | 2024-07-03 | N/A | 9.8 CRITICAL | ||
| SQL Injection vulnerability in CASAP Automated Enrollment System using PHP/MySQLi with Source Code V1.0 allows a remote attacker to obtain sensitive information via a crafted payload to the login.php component | |||||
| CVE-2024-33444 | 2024-07-03 | N/A | 9.8 CRITICAL | ||
| SQL injection vulnerability in onethink v.1.1 allows a remote attacker to escalate privileges via a crafted script to the ModelModel.class.php component. | |||||
| CVE-2024-33411 | 2024-07-03 | N/A | 9.8 CRITICAL | ||
| A SQL injection vulnerability in /model/get_admin_profile.php in Campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the my_index parameter. | |||||
| CVE-2024-33410 | 2024-07-03 | N/A | 8.1 HIGH | ||
| SQL injection vulnerability in /model/delete_range_grade.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2024-33407 | 2024-07-03 | N/A | 5.9 MEDIUM | ||
| SQL injection vulnerability in /model/delete_record.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2024-33406 | 2024-07-03 | N/A | 7.3 HIGH | ||
| SQL injection vulnerability in /model/delete_student_grade_subject.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the index parameter. | |||||
| CVE-2024-33405 | 2024-07-03 | N/A | 8.6 HIGH | ||
| SQL injection vulnerability in add_friends.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the friend_index parameter. | |||||
| CVE-2024-33404 | 2024-07-03 | N/A | 8.3 HIGH | ||
| A SQL injection vulnerability in /model/add_student_first_payment.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the index parameter. | |||||