Total
18012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-44004 | 1 Wptaskforce | 1 Track \& Trace | 2024-09-24 | N/A | 9.8 CRITICAL |
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPTaskForce WPCargo Track & Trace allows SQL Injection.This issue affects WPCargo Track & Trace: from n/a through 7.0.6.
|
|||||
| CVE-2024-8146 | 1 Pharmacy Management System Project | 1 Pharmacy Management System | 2024-09-24 | 6.5 MEDIUM | 9.8 CRITICAL |
|
A vulnerability has been found in code-projects Pharmacy Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /index.php?action=editSalesman. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2024-43978 | 1 Superstorefinder | 1 Super Store Finder | 2024-09-24 | N/A | 9.8 CRITICAL |
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in highwarden Super Store Finder allows SQL Injection.This issue affects Super Store Finder: from n/a before 6.9.8.
|
|||||
| CVE-2024-43976 | 1 Superstorefinder | 1 Super Store Finder | 2024-09-24 | N/A | 9.8 CRITICAL |
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in highwarden Super Store Finder allows SQL Injection.This issue affects Super Store Finder: from n/a through 6.9.7.
|
|||||
| CVE-2022-25775 | 1 Acquia | 1 Mautic | 2024-09-23 | N/A | 7.2 HIGH |
|
Prior to the patched version, logged in users of Mautic are vulnerable to an SQL injection vulnerability in the Reports bundle.
The user could retrieve and alter data like sensitive data, login, and depending on database permission the attacker can manipulate file systems.
|
|||||
| CVE-2024-6401 | 1 Sfs | 1 Insuree Gl | 2024-09-20 | N/A | 9.8 CRITICAL |
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SFS Consulting InsureE GL allows SQL Injection.This issue affects InsureE GL: before 4.6.2.
|
|||||
| CVE-2024-6795 | 1 Baxter | 1 Connex Health Portal | 2024-09-20 | N/A | 9.8 CRITICAL |
|
In Connex health portal released before8/30/2024, SQL injection vulnerabilities were found that could have allowed an unauthenticated attacker to gain unauthorized access to Connex portal's database.
An attacker could have submitted a crafted payload to Connex portal that could have resulted in modification and disclosure of database content
and/or perform administrative operations including shutting down the database.
|
|||||
| CVE-2024-43969 | 2024-09-20 | N/A | 7.6 HIGH | ||
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Spiffy Plugins Spiffy Calendar allows SQL Injection.This issue affects Spiffy Calendar: from n/a through 4.9.12.
|
|||||
| CVE-2024-7717 | 1 Thimpress | 1 Wp Events Manager | 2024-09-20 | N/A | 8.8 HIGH |
|
The WP Events Manager plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order’ parameter in all versions up to, and including, 2.1.11 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the databas ...
Show More |
|||||
| CVE-2024-8302 | 1 Geeeeeeeek | 1 Dingfanzu | 2024-09-19 | 6.5 MEDIUM | 9.8 CRITICAL |
|
A vulnerability was found in dingfanzu CMS up to 29d67d9044f6f93378e6eb6ff92272217ff7225c. It has been rated as critical. Affected by this issue is some unknown functionality of the file /ajax/chpwd.php. The manipulation of the argument username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases a ...
Show More |
|||||
| CVE-2024-43144 | 1 Stylemixthemes | 1 Cost Calculator Builder | 2024-09-19 | N/A | 9.8 CRITICAL |
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in StylemixThemes Cost Calculator Builder allows SQL Injection.This issue affects Cost Calculator Builder: from n/a through 3.2.15.
|
|||||
| CVE-2024-43917 | 1 Templateinvaders | 1 Ti Woocommerce Wishlist | 2024-09-19 | N/A | 9.8 CRITICAL |
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TemplateInvaders TI WooCommerce Wishlist allows SQL Injection.This issue affects TI WooCommerce Wishlist: from n/a through 2.8.2.
|
|||||
| CVE-2024-8395 | 1 Flycass | 1 Flycass | 2024-09-19 | N/A | 9.8 CRITICAL |
|
FlyCASS CASS and KCM systems did not correctly filter SQL queries, which
made them vulnerable to attack by outside attackers with no
authentication.
|
|||||
| CVE-2024-6204 | 1 Zohocorp | 1 Manageengine Exchange Reporter Plus | 2024-09-19 | N/A | 8.1 HIGH |
|
Zohocorp ManageEngine Exchange Reporter Plus versions before 5715 are vulnerable to SQL Injection in the reports module.
|
|||||
| CVE-2024-8335 | 1 Openrapid | 1 Rapidcms | 2024-09-19 | 6.5 MEDIUM | 9.8 CRITICAL |
|
A vulnerability classified as critical has been found in OpenRapid RapidCMS up to 1.3.1. Affected is an unknown function of the file /resource/runlogon.php. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2024-5546 | 1 Zohocorp | 2 Manageengine Pam360, Manageengine Password Manager Pro | 2024-09-19 | N/A | 8.8 HIGH |
|
Zohocorp ManageEngine Password Manager Pro versions before 12431 and ManageEngine PAM360 versions before 7001 are affected by authenticated SQL Injection vulnerability via a global search option.
|
|||||
| CVE-2024-8784 | 1 Qdocs | 1 Smart School | 2024-09-19 | 6.5 MEDIUM | 8.8 HIGH |
|
A vulnerability classified as critical was found in QDocs Smart School Management System 7.0.0. Affected by this vulnerability is an unknown functionality of the file /user/chat/mynewuser of the component Chat. The manipulation of the argument users[] with the input 1'+AND+(SELECT+3220+FROM+(SELECT(SLEEP(5)))ZNun)+AND+'WwBM'%3d'WwBM as part of POST Request Parameter leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgradin ...
Show More |
|||||
| CVE-2024-44430 | 1 Mayurik | 1 Best Free Law Office Management | 2024-09-19 | N/A | 9.8 CRITICAL |
|
SQL Injection vulnerability in Best Free Law Office Management Software-v1.0 allows an attacker to execute arbitrary code and obtain sensitive information via a crafted payload to the kortex_lite/control/register_case.php interface
|
|||||
| CVE-2024-34334 | 1 Ordat | 1 Ordat.erp | 2024-09-18 | N/A | 7.5 HIGH |
|
ORDAT FOSS-Online before v2.24.01 was discovered to contain a SQL injection vulnerability via the forgot password function.
|
|||||
| CVE-2024-8749 | 1 I-doit | 1 I-doit | 2024-09-18 | N/A | 7.5 HIGH |
|
SQL injection vulnerability in idoit pro version 28. This vulnerability could allow an attacker to send a specially crafted query to the ID parameter in /var/www/html/src/classes/modules/api/model/cmdb/isys_api_model_cmdb_objects_by_relation.class.php and retrieve all the information stored in the database.
|
|||||
| CVE-2024-27112 | 1 Soplanning | 1 Soplanning | 2024-09-18 | N/A | 9.8 CRITICAL |
|
A unauthenticated SQL Injection has been found in the SO Planning tool that occurs when the public view setting is enabled. An attacker could use this vulnerability to gain access to the underlying database. The vulnerability has been remediated in version 1.52.02.
|
|||||
| CVE-2024-8611 | 1 Angeljudesuarez | 1 Tailoring Management System | 2024-09-18 | 6.5 MEDIUM | 9.8 CRITICAL |
|
A vulnerability classified as critical was found in itsourcecode Tailoring Management System 1.0. Affected by this vulnerability is an unknown functionality of the file ssms.php. The manipulation of the argument customer leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2024-6919 | 1 Nac | 1 Nacpremium | 2024-09-17 | N/A | 9.8 CRITICAL |
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NAC Telecommunication Systems Inc. NACPremium allows Blind SQL Injection.This issue affects NACPremium: through 01082024.
|
|||||
| CVE-2024-8868 | 1 Code-projects | 1 Crud Operation System | 2024-09-17 | 7.5 HIGH | 9.8 CRITICAL |
|
A vulnerability was found in code-projects Crud Operation System 1.0. It has been rated as critical. This issue affects some unknown processing of the file savedata.php. The manipulation of the argument sname leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2024-8568 | 1 Project Team | 1 Tmall Demo | 2024-09-16 | 6.5 MEDIUM | 9.8 CRITICAL |
|
A vulnerability, which was classified as critical, was found in Mini-Tmall up to 20240901. Affected is the function rewardMapper.select of the file tmall/admin/order/1/1. The manipulation of the argument orderBy leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2024-8762 | 1 Code-projects | 1 Crud Operation System | 2024-09-14 | 6.5 MEDIUM | 9.8 CRITICAL |
|
A vulnerability was found in code-projects Crud Operation System 1.0. It has been classified as critical. This affects an unknown part of the file /updatedata.php. The manipulation of the argument sid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2024-43132 | 1 Wpwebelite | 1 Docket | 2024-09-13 | N/A | 9.8 CRITICAL |
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPWeb Elite Docket (WooCommerce Collections / Wishlist / Watchlist) allows SQL Injection.This issue affects Docket (WooCommerce Collections / Wishlist / Watchlist): from n/a before 1.7.0.
|
|||||
| CVE-2024-39658 | 1 Salonbookingsystem | 1 Salon Booking System | 2024-09-13 | N/A | 7.2 HIGH |
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Salon Booking System Salon booking system allows SQL Injection.This issue affects Salon booking system: from n/a through 10.7.
|
|||||
| CVE-2024-39653 | 1 E4jconnect | 1 Vikrentcar | 2024-09-13 | N/A | 9.8 CRITICAL |
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in E4J s.R.L. VikRentCar allows SQL Injection.This issue affects VikRentCar: from n/a through 1.4.0.
|
|||||
| CVE-2024-39638 | 1 Roundupwp | 1 Registrations For The Events Calendar | 2024-09-13 | N/A | 8.8 HIGH |
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Roundup WP Registrations for the Events Calendar allows SQL Injection.This issue affects Registrations for the Events Calendar: from n/a through 2.12.2.
|
|||||
| CVE-2024-38793 | 1 Pricelisto | 1 Great Restaurant Menu Wp | 2024-09-13 | N/A | 8.8 HIGH |
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in PriceListo Best Restaurant Menu by PriceListo allows SQL Injection.This issue affects Best Restaurant Menu by PriceListo: from n/a through 1.4.1.
|
|||||
| CVE-2024-38693 | 1 Wedevs | 1 Wp User Frontend | 2024-09-13 | N/A | 7.2 HIGH |
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in weDevs WP User Frontend allows SQL Injection.This issue affects WP User Frontend: from n/a through 4.0.7.
|
|||||
| CVE-2024-45059 | 1 Portabilis | 1 I-educar | 2024-09-13 | N/A | 8.8 HIGH |
|
i-Educar is free, fully online school management software that can be used by school secretaries, teachers, coordinators, and area managers. A SQL Injection vulnerability was found prior to the 2.9 branch in the `ieducar/intranet/funcionario_vinculo_det.php` file, which creates the query by concatenating the unsanitized GET parameter `cod_func`, allowing the attacker to obtain sensitive information such as emails and password hashes. Commit 7824b95745fa2da6476b9901041d9c854bf52ffe fixes the issu ...
Show More |
|||||
| CVE-2024-8709 | 1 Mayurik | 1 Best House Rental Management System | 2024-09-13 | 6.5 MEDIUM | 8.8 HIGH |
|
A vulnerability classified as critical has been found in SourceCodester Best House Rental Management System 1.0. Affected is the function delete_user/save_user of the file /admin_class.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2024-8710 | 1 Code-projects | 1 Inventory Management | 2024-09-13 | 6.5 MEDIUM | 8.8 HIGH |
|
A vulnerability classified as critical was found in code-projects Inventory Management 1.0. Affected by this vulnerability is an unknown functionality of the file /model/viewProduct.php of the component Products Table Page. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2024-8522 | 1 Thimpress | 1 Learnpress | 2024-09-13 | N/A | 7.5 HIGH |
|
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to SQL Injection via the 'c_only_fields' parameter of the /wp-json/learnpress/v1/courses REST API endpoint in all versions up to, and including, 4.2.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive ...
Show More |
|||||
| CVE-2024-8529 | 1 Thimpress | 1 Learnpress | 2024-09-13 | N/A | 7.5 HIGH |
|
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to SQL Injection via the 'c_fields' parameter of the /wp-json/lp/v1/courses/archive-course REST API endpoint in all versions up to, and including, 4.2.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensiti ...
Show More |
|||||
| CVE-2024-43966 | 1 Starkdigital | 1 Wp Testimonial Widget | 2024-09-13 | N/A | 7.2 HIGH |
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Stark Digital WP Testimonial Widget.This issue affects WP Testimonial Widget: from n/a through 3.1.
|
|||||
| CVE-2023-41884 | 1 Zoneminder | 1 Zoneminder | 2024-09-13 | N/A | 6.5 MEDIUM |
|
ZoneMinder is a free, open source Closed-circuit television software application. In WWW/AJAX/watch.php, Line: 51 takes a few parameter in sql query without sanitizing it which makes it vulnerable to sql injection. This vulnerability is fixed in 1.36.34.
|
|||||
| CVE-2024-34785 | 1 Ivanti | 1 Endpoint Manager | 2024-09-12 | N/A | 7.2 HIGH |
|
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
|
|||||