Total
18012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-2074 | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM | ||
|
A vulnerability was found in Mini-Tmall up to 20231017 and classified as critical. This issue affects some unknown processing of the file ?r=tmall/admin/user/1/1. The manipulation of the argument orderBy leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-255389 was assigned to this vulnerability.
|
|||||
| CVE-2024-29846 | 1 Ivanti | 1 Endpoint Manager | 2024-11-21 | N/A | 8.0 HIGH |
|
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an authenticated attacker within the same network to execute arbitrary code.
|
|||||
| CVE-2024-29830 | 1 Ivanti | 1 Endpoint Manager | 2024-11-21 | N/A | 8.0 HIGH |
|
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an authenticated attacker within the same network to execute arbitrary code.
|
|||||
| CVE-2024-29829 | 1 Ivanti | 1 Endpoint Manager | 2024-11-21 | N/A | 8.0 HIGH |
|
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an authenticated attacker within the same network to execute arbitrary code.
|
|||||
| CVE-2024-29828 | 1 Ivanti | 1 Endpoint Manager | 2024-11-21 | N/A | 8.0 HIGH |
|
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an authenticated attacker within the same network to execute arbitrary code.
|
|||||
| CVE-2024-29827 | 1 Ivanti | 1 Endpoint Manager | 2024-11-21 | N/A | 8.8 HIGH |
|
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code.
|
|||||
| CVE-2024-29826 | 1 Ivanti | 1 Endpoint Manager | 2024-11-21 | N/A | 8.8 HIGH |
|
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code.
|
|||||
| CVE-2024-29825 | 1 Ivanti | 1 Endpoint Manager | 2024-11-21 | N/A | 8.8 HIGH |
|
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code.
|
|||||
| CVE-2024-29823 | 1 Ivanti | 1 Endpoint Manager | 2024-11-21 | N/A | 8.8 HIGH |
|
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code.
|
|||||
| CVE-2024-29822 | 1 Ivanti | 1 Endpoint Manager | 2024-11-21 | N/A | 8.8 HIGH |
|
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code.
|
|||||
| CVE-2024-29732 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
|
A SQL Injection has been found on SCAN_VISIO eDocument Suite Web Viewer of Abast. This vulnerability allows an unauthenticated user to retrieve, update and delete all the information of database. This vulnerability was found on login page via "user" parameter.
|
|||||
| CVE-2024-29174 | 1 Dell | 1 Data Domain Operating System | 2024-11-21 | N/A | 4.4 MEDIUM |
|
Dell Data Domain, versions prior to 7.13.0.0, LTS 7.7.5.30, LTS 7.10.1.20 contain an SQL Injection vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application's backend database causing unauthorized access to application data.
|
|||||
| CVE-2024-29168 | 1 Dell | 1 Secure Connect Gateway | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Dell SCG, versions prior to 5.22.00.00, contain a SQL Injection Vulnerability in the SCG UI for an internal assets REST API. A remote authenticated attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application's backend database causing potential unauthorized access and modification of application data.
|
|||||
| CVE-2024-28996 | 1 Solarwinds | 1 Solarwinds Platform | 2024-11-21 | N/A | 7.5 HIGH |
|
The SolarWinds Platform was determined to be affected by a SWQL Injection Vulnerability. Attack complexity is high for this vulnerability.
|
|||||
| CVE-2024-28389 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
|
SQL injection vulnerability in KnowBand spinwheel v.3.0.3 and before allows a remote attacker to gain escalated privileges and obtain sensitive information via the SpinWheelFrameSpinWheelModuleFrontController::sendEmail() method.
|
|||||
| CVE-2024-28303 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
|
Open Source Medicine Ordering System v1.0 was discovered to contain a SQL injection vulnerability via the date parameter at /admin/reports/index.php.
|
|||||
| CVE-2024-27718 | 2024-11-21 | N/A | 7.8 HIGH | ||
|
SQL Injection vulnerability in Baizhuo Network Smart s200 Management Platform v.S200 allows a local attacker to obtain sensitive information and escalate privileges via the /importexport.php component.
|
|||||
| CVE-2024-27709 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
|
SQL Injection vulnerability in Eskooly Web Product v.3.0 allows a remote attacker to execute arbitrary code via the searchby parameter of the allstudents.php component and the id parameter of the requestmanager.php component.
|
|||||
| CVE-2024-27574 | 2024-11-21 | N/A | 9.1 CRITICAL | ||
|
SQL Injection vulnerability in Trainme Academy version Ichin v.1.3.2 allows a remote attacker to obtain sensitive information via the informacion, idcurso, and tit parameters.
|
|||||
| CVE-2024-25927 | 2024-11-21 | N/A | 9.3 CRITICAL | ||
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Joel Starnes postMash – custom post order.This issue affects postMash – custom post order: from n/a through 1.2.0.
|
|||||
| CVE-2024-25924 | 2024-11-21 | N/A | 7.6 HIGH | ||
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Trustindex.Io WP Testimonials.This issue affects WP Testimonials: from n/a through 1.4.3.
|
|||||
| CVE-2024-25902 | 2024-11-21 | N/A | 7.6 HIGH | ||
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in miniorange Malware Scanner.This issue affects Malware Scanner: from n/a through 4.7.2.
|
|||||
| CVE-2024-25316 | 1 Hotel Management System Project | 1 Hotel Management System | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Code-projects Hotel Managment System 1.0 allows SQL Injection via the 'eid' parameter in Hotel/admin/usersettingdel.php?eid=2.
|
|||||
| CVE-2024-25306 | 1 Code-projects | 1 Simple School Management System | 2024-11-21 | N/A | 8.8 HIGH |
|
Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'aname' parameter at "School/index.php".
|
|||||
| CVE-2024-25214 | 1 Sherlock | 1 Employee Management System | 2024-11-21 | N/A | 9.8 CRITICAL |
|
An issue in Employee Managment System v1.0 allows attackers to bypass authentication via injecting a crafted payload into the E-mail and Password parameters at /alogin.html.
|
|||||
| CVE-2024-25212 | 1 Sherlock | 1 Employee Management System | 2024-11-21 | N/A | 7.2 HIGH |
|
Employee Managment System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /delete.php.
|
|||||
| CVE-2024-24868 | 2024-11-21 | N/A | 8.5 HIGH | ||
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Smartypants SP Project & Document Manager.This issue affects SP Project & Document Manager: from n/a through 4.69.
|
|||||
| CVE-2024-24811 | 1 Zope | 1 Sqlalchemyda | 2024-11-21 | N/A | 9.8 CRITICAL |
|
SQLAlchemyDA is a generic database adapter for ZSQL methods. A vulnerability found in versions prior to 2.2 allows unauthenticated execution of arbitrary SQL statements on the database to which the SQLAlchemyDA instance is connected. All users are affected. The problem has been patched in version 2.2. There is no workaround for the problem.
|
|||||
| CVE-2024-24572 | 1 Facilemanager | 1 Facilemanager | 2024-11-21 | N/A | 6.5 MEDIUM |
|
facileManager is a modular suite of web apps built with the sysadmin in mind. In versions 4.5.0 and earlier, the $_REQUEST global array was unsafely called inside an extract() function in admin-logs.php. The PHP file fm-init.php prevents arbitrary manipulation of $_SESSION via the GET/POST parameters. However, it does not prevent manipulation of any other sensitive variables such as $search_sql. Knowing this, an authenticated user with privileges to view site logs can manipulate the search_sql
v ...
Show More |
|||||
| CVE-2024-24308 | 1 Boostmyshop | 1 Boostmyshop | 2024-11-21 | N/A | 9.8 CRITICAL |
|
SQL Injection vulnerability in Boostmyshop (boostmyshopagent) module for Prestashop versions 1.1.9 and before, allows remote attackers to escalate privileges and obtain sensitive information via changeOrderCarrier.php, relayPoint.php, and shippingConfirmation.php.
|
|||||
| CVE-2024-24303 | 1 Hipresta | 1 Gift Wrapping Pro | 2024-11-21 | N/A | 9.8 CRITICAL |
|
SQL Injection vulnerability in HiPresta "Gift Wrapping Pro" (hiadvancedgiftwrapping) module for PrestaShop before version 1.4.1, allows remote attackers to escalate privileges and obtain sensitive information via the HiAdvancedGiftWrappingGiftWrappingModuleFrontController::addGiftWrappingCartValue() method.
|
|||||
| CVE-2024-24213 | 1 Supabase | 1 Postgres | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Supabase PostgreSQL v15.1 was discovered to contain a SQL injection vulnerability via the component /pg_meta/default/query. NOTE: the vendor's position is that this is an intended feature; also, it exists in the Supabase dashboard product, not the Supabase PostgreSQL product. Specifically, /pg_meta/default/query is for SQL queries that are entered in an intended UI by an authorized user. Nothing is injected.
|
|||||
| CVE-2024-24141 | 1 Remyandrade | 1 School Task Manager | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Sourcecodester School Task Manager App 1.0 allows SQL Injection via the 'task' parameter.
|
|||||
| CVE-2024-24139 | 1 Remyandrade | 1 Login System With Email Verification | 2024-11-21 | N/A | 7.2 HIGH |
|
Sourcecodester Login System with Email Verification 1.0 allows SQL Injection via the 'user' parameter.
|
|||||
| CVE-2024-24133 | 1 Atmail | 1 Atmail | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Atmail v6.6.0 was discovered to contain a SQL injection vulnerability via the username parameter on the login page.
|
|||||
| CVE-2024-24023 | 1 Xxyopen | 1 Novel-plus | 2024-11-21 | N/A | 9.8 CRITICAL |
|
A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior. An attacker can pass specially crafted offset, limit, and sort parameters to perform SQL injection via /novel/bookContent/list.
|
|||||
| CVE-2024-24017 | 1 Xxyopen | 1 Novel-plus | 2024-11-21 | N/A | 9.8 CRITICAL |
|
A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass crafted offset, limit, and sort parameters to perform SQL injection via /common/dict/list
|
|||||
| CVE-2024-24004 | 1 Jishenghua | 1 Jsherp | 2024-11-21 | N/A | 9.8 CRITICAL |
|
jshERP v3.3 is vulnerable to SQL Injection. The com.jsh.erp.controller.DepotHeadController: com.jsh.erp.utils.BaseResponseInfo findInOutDetail() function of jshERP does not filter `column` and `order` parameters well enough, and an attacker can construct malicious payload to bypass jshERP's protection mechanism in `safeSqlParse` method for sql injection.
|
|||||
| CVE-2024-24002 | 1 Jishenghua | 1 Jsherp | 2024-11-21 | N/A | 9.8 CRITICAL |
|
jshERP v3.3 is vulnerable to SQL Injection. The com.jsh.erp.controller.MaterialController: com.jsh.erp.utils.BaseResponseInfo getListWithStock() function of jshERP does not filter `column` and `order` parameters well enough, and an attacker can construct malicious payload to bypass jshERP's protection mechanism in `safeSqlParse` method for sql injection.
|
|||||
| CVE-2024-23810 | 1 Siemens | 1 Sinec Nms | 2024-11-21 | N/A | 8.8 HIGH |
|
A vulnerability has been identified in SINEC NMS (All versions < V2.0 SP1). The affected application is vulnerable to SQL injection. This could allow an unauthenticated remote attacker to execute arbitrary SQL queries on the server database.
|
|||||