Total
18012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-36678 | 1 Promokit | 1 Pk Themesettings | 2024-11-21 | N/A | 9.8 CRITICAL |
|
In the module "Theme settings" (pk_themesettings) <= 1.8.8 from Promokit.eu for PrestaShop, a guest can perform SQL injection. The script ajax.php have a sensitive SQL call that can be executed with a trivial http call and exploited to forge a SQL injection.
|
|||||
| CVE-2024-36673 | 1 Pharmacy\/medical Store Point Of Sale System Project | 1 Pharmacy\/medical Store Point Of Sale System | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Sourcecodester Pharmacy/Medical Store Point of Sale System 1.0 is vulnerable SQL Injection via login.php. This vulnerability stems from inadequate validation of user inputs for the email and password parameters, allowing attackers to inject malicious SQL queries.
|
|||||
| CVE-2024-36412 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | N/A | 10.0 CRITICAL |
|
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in events response entry point allows for a SQL injection attack. Versions 7.14.4 and 8.6.1 contain a fix for this issue.
|
|||||
| CVE-2024-36411 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | N/A | 9.6 CRITICAL |
|
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in EmailUIAjax displayView controller. Versions 7.14.4 and 8.6.1 contain a fix for this issue.
|
|||||
| CVE-2024-36410 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | N/A | 9.6 CRITICAL |
|
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in EmailUIAjax messages count controller. Versions 7.14.4 and 8.6.1 contain a fix for this issue.
|
|||||
| CVE-2024-36409 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | N/A | 9.6 CRITICAL |
|
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in Tree data entry point. Versions 7.14.4 and 8.6.1 contain a fix for this issue.
|
|||||
| CVE-2024-36408 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | N/A | 9.6 CRITICAL |
|
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in the `Alerts` controller. Versions 7.14.4 and 8.6.1 contain a fix for this issue.
|
|||||
| CVE-2024-36393 | 1 Sysaid | 1 Sysaid | 2024-11-21 | N/A | 9.9 CRITICAL |
|
SysAid - CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
|
|||||
| CVE-2024-36082 | 1 Codepeople | 1 Music Store | 2024-11-21 | N/A | 6.5 MEDIUM |
|
SQL injection vulnerability in Music Store - WordPress eCommerce versions prior to 1.1.14 allows a remote authenticated attacker with an administrative privilege to execute arbitrary SQL commands. Information stored in the database may be obtained or altered by the attacker.
|
|||||
| CVE-2024-35750 | 1 Wpdevart | 1 Gallery | 2024-11-21 | N/A | 8.5 HIGH |
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpdevart Responsive Image Gallery, Gallery Album.This issue affects Responsive Image Gallery, Gallery Album: from n/a through 2.0.3.
|
|||||
| CVE-2024-35736 | 1 Themeisle | 1 Visualizer | 2024-11-21 | N/A | 8.5 HIGH |
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeisle Visualizer.This issue affects Visualizer: from n/a through 3.11.1.
|
|||||
| CVE-2024-35630 | 2024-11-21 | N/A | 7.6 HIGH | ||
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LJ Apps WP TripAdvisor Review Slider allows Blind SQL Injection.This issue affects WP TripAdvisor Review Slider: from n/a through 12.6.
|
|||||
| CVE-2024-35563 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
|
CDG-Server-V5.6.2.126.139 and earlier was discovered to contain a SQL injection vulnerability via the permissionId parameter in CDGTempPermissions.
|
|||||
| CVE-2024-35548 | 2024-11-21 | N/A | 5.4 MEDIUM | ||
|
A SQL injection vulnerability in Mybatis plus versions below 3.5.6 allows remote attackers to obtain database information via a Boolean blind injection. NOTE: the vendor's position is that this can only occur in a misconfigured application; the documentation discusses how to develop applications that avoid SQL injection.
|
|||||
| CVE-2024-35361 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
|
MTab Bookmark v1.9.5 has an SQL injection vulnerability in /LinkStore/getIcon. An attacker can execute arbitrary SQL statements through this vulnerability without requiring any user rights.
|
|||||
| CVE-2024-35359 | 1 Dino Physics School Assistant Project | 1 Dino Physics School Assistant | 2024-11-21 | N/A | 9.8 CRITICAL |
|
A vulnerability has been discovered in Diño Physics School Assistant version 2.3. The vulnerability impacts an unidentified code within the file /classes/Master.php?f=view_item. Manipulating the argument id can result in SQL injection.
|
|||||
| CVE-2024-35349 | 1 Dino Physics School Assistant Project | 1 Dino Physics School Assistant | 2024-11-21 | N/A | 9.8 CRITICAL |
|
A vulnerability has been discovered in Diño Physics School Assistant version 2.3. The vulnerability impacts an unidentified code within the file /admin/category/view_category.php. Manipulating the argument id can result in SQL injection.
|
|||||
| CVE-2024-34994 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
|
In the module "Channable" (channable) up to version 3.2.1 from Channable for PrestaShop, a guest can perform SQL injection via `ChannableFeedModuleFrontController::postProcess()`.
|
|||||
| CVE-2024-34993 | 2024-11-21 | N/A | 6.3 MEDIUM | ||
|
In the module "Bulk Export products to Google Merchant-Google Shopping" (bagoogleshopping) up to version 1.0.26 from Buy Addons for PrestaShop, a guest can perform SQL injection via`GenerateCategories::renderCategories().
|
|||||
| CVE-2024-34992 | 2024-11-21 | N/A | 8.8 HIGH | ||
|
SQL Injection vulnerability in the module "Help Desk - Customer Support Management System" (helpdesk) up to version 2.4.0 from FME Modules for PrestaShop allows attackers to obtain sensitive information and cause other impacts via 'Tickets::getsearchedtickets()'
|
|||||
| CVE-2024-34989 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
|
In the module RSI PDF/HTML catalog evolution (prestapdf) <= 7.0.0 from RSI for PrestaShop, a guest can perform SQL injection via `PrestaPDFProductListModuleFrontController::queryDb().'
|
|||||
| CVE-2024-34988 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
|
SQL injection vulnerability in the module "Complete for Create a Quote in Frontend + Backend Pro" (askforaquotemodul) <= 1.0.51 from Buy Addons for PrestaShop allows attackers to view sensitive information and cause other impacts via methods `AskforaquotemodulcustomernewquoteModuleFrontController::run()`, `AskforaquotemoduladdproductnewquoteModuleFrontController::run()`, `AskforaquotemodulCouponcodeModuleFrontController::run()`, `AskforaquotemodulgetshippingcostModuleFrontController::run()`, `As ...
Show More |
|||||
| CVE-2024-34534 | 2024-11-21 | N/A | 7.3 HIGH | ||
|
A SQL injection vulnerability in Cybrosys Techno Solutions Text Commander module (aka text_commander) 16.0 through 16.0.1 allows a remote attacker to gain privileges via the data parameter to models/ir_model.py:IrModel::chech_model.
|
|||||
| CVE-2024-34533 | 2024-11-21 | N/A | 7.3 HIGH | ||
|
A SQL injection vulnerability in ZI PT Solusi Usaha Mudah Analytic Data Query module (aka izi_data) 11.0 through 17.x before 17.0.3 allows a remote attacker to gain privileges via a query to IZITools::query_check, IZITools::query_fetch, or IZITools::query_execute.
|
|||||
| CVE-2024-34532 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
|
A SQL injection vulnerability in Yvan Dotet PostgreSQL Query Deluxe module (aka query_deluxe) 17.x before 17.0.0.4 allows a remote attacker to gain privileges via the query parameter to models/querydeluxe.py:QueryDeluxe::get_result_from_query.
|
|||||
| CVE-2024-34412 | 2024-11-21 | N/A | 8.5 HIGH | ||
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Parcel Panel ParcelPanel.This issue affects ParcelPanel: from n/a through 3.8.1.
|
|||||
| CVE-2024-34386 | 2024-11-21 | N/A | 7.6 HIGH | ||
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Lucian Apostol Auto Affiliate Links.This issue affects Auto Affiliate Links: from n/a through 6.4.3.1.
|
|||||
| CVE-2024-34310 | 2024-11-21 | N/A | 8.8 HIGH | ||
|
Jin Fang Times Content Management System v3.2.3 was discovered to contain a SQL injection vulnerability via the id parameter.
|
|||||
| CVE-2024-33787 | 2024-11-21 | N/A | 8.2 HIGH | ||
|
Hengan Weighing Management Information Query Platform 2019-2021 53.25 was discovered to contain a SQL injection vulnerability via the tuser_Number parameter at search_user.aspx.
|
|||||
| CVE-2024-33559 | 2024-11-21 | N/A | 9.3 CRITICAL | ||
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in 8theme XStore allows SQL Injection.This issue affects XStore: from n/a through 9.3.5.
|
|||||
| CVE-2024-33546 | 2024-11-21 | N/A | 9.6 CRITICAL | ||
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AA-Team WZone allows SQL Injection.This issue affects WZone: from n/a through 14.0.10.
|
|||||
| CVE-2024-33544 | 2024-11-21 | N/A | 9.3 CRITICAL | ||
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AA-Team WZone allows SQL Injection.This issue affects WZone: from n/a through 14.0.10.
|
|||||
| CVE-2024-33292 | 2024-11-21 | N/A | 8.2 HIGH | ||
|
SQL Injection vulnerability in Realisation MGSD v.1.0 allows a remote attacker to obtain sensitive information via the id parameter.
|
|||||
| CVE-2024-33276 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
|
SQL Injection vulnerability in FME Modules preorderandnotication v.3.1.0 and before allows a remote attacker to run arbitrary SQL commands via the PreorderModel::getIdProductAttributesByIdAttributes() method.
|
|||||
| CVE-2024-33275 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
|
SQL injection vulnerability in Webbax supernewsletter v.1.4.21 and before allows a remote attacker to escalate privileges via the Super Newsletter module in the product_search.php components.
|
|||||
| CVE-2024-33273 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
|
SQL injection vulnerability in shipup before v.3.3.0 allows a remote attacker to escalate privileges via the getShopID function.
|
|||||
| CVE-2024-33272 | 2024-11-21 | N/A | 6.8 MEDIUM | ||
|
SQL injection vulnerability in KnowBand for PrestaShop autosuggest before 2.0.0 allows an attacker to run arbitrary SQL commands via the AutosuggestSearchModuleFrontController::initContent(), and AutosuggestSearchModuleFrontController::getKbProducts() components.
|
|||||
| CVE-2024-33269 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
|
SQL Injection vulnerability in Prestaddons flashsales 1.9.7 and before allows an attacker to run arbitrary SQL commands via the FsModel::getFlashSales method.
|
|||||
| CVE-2024-33268 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
|
SQL Injection vulnerability in Digincube mdgiftproduct before 1.4.1 allows an attacker to run arbitrary SQL commands via the MdGiftRule::addGiftToCart method.
|
|||||
| CVE-2024-33267 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
|
SQL Injection vulnerability in Hero hfheropayment v.1.2.5 and before allows an attacker to escalate privileges via the HfHeropaymentGatewayBackModuleFrontController::initContent() function.
|
|||||