Vulnerabilities (CVE)

Filtered by CWE-89
Total 12380 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-8868 1 Code-projects 1 Crud Operation System 2024-09-17 7.5 HIGH 9.8 CRITICAL
A vulnerability was found in code-projects Crud Operation System 1.0. It has been rated as critical. This issue affects some unknown processing of the file savedata.php. The manipulation of the argument sname leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2022-2177 1 Kayrasoft 1 Kayrasoft 2024-09-17 N/A 9.4 CRITICAL
Kayrasoft product before version 2 has an unauthenticated SQL Injection vulnerability. This is fixed in version 2.
CVE-2021-3958 1 Ipack 1 Scada Automation 2024-09-17 7.5 HIGH 9.8 CRITICAL
Improper Handling of Parameters vulnerability in Ipack Automation Systems Ipack SCADA Software allows : Blind SQL Injection.This issue affects Ipack SCADA Software: from unspecified before 1.1.0.
CVE-2023-47990 1 Cuppacms 1 Cuppacms 2024-09-17 N/A 9.8 CRITICAL
SQL Injection vulnerability in components/table_manager/html/edit_admin_table.php in CuppaCMS V1.0 allows attackers to run arbitrary SQL commands via the table parameter.
CVE-2022-2807 1 Algan 1 Prens Student Information System 2024-09-17 N/A 9.8 CRITICAL
SQL Injection vulnerability in Algan Software Prens Student Information System allows SQL Injection.This issue affects Prens Student Information System: before 2.1.11.
CVE-2022-0495 1 Parantezteknoloji 1 Koha Library Automation 2024-09-17 N/A 9.4 CRITICAL
The library automation system product KOHA developed by Parantez Teknoloji before version 19.05.03 has an unauthenticated SQL Injection vulnerability. This has been fixed in the version 19.05.03.01.
CVE-2024-6670 1 Progress 1 Whatsup Gold 2024-09-17 N/A 9.8 CRITICAL
In WhatsUp Gold versions released before 2024.0.0, a SQL Injection vulnerability allows an unauthenticated attacker to retrieve the users encrypted password.
CVE-2022-1277 1 Inavitas 1 Solar Log 2024-09-17 N/A 9.4 CRITICAL
Inavitas Solar Log product has an unauthenticated SQL Injection vulnerability.
CVE-2020-3936 1 Unisoon 2 Ultralog Express, Ultralog Express Firmware 2024-09-16 7.5 HIGH 9.8 CRITICAL
UltraLog Express device management interface does not properly filter user inputted string in some specific parameters, attackers can inject arbitrary SQL command.
CVE-2022-36961 1 Solarwinds 1 Orion Platform 2024-09-16 N/A 8.8 HIGH
A vulnerable component of Orion Platform was vulnerable to SQL Injection, an authenticated attacker could leverage this for privilege escalation or remote code execution.
CVE-2022-2315 1 Databank 1 Accreditation Tracking\/presentation Module 2024-09-16 N/A 9.4 CRITICAL
Database Software Accreditation Tracking/Presentation Module product before version 2 has an unauthenticated SQL Injection vulnerability. This is fixed in version 2.
CVE-2021-35234 1 Solarwinds 1 Orion Platform 2024-09-16 6.5 MEDIUM 8.8 HIGH
Numerous exposed dangerous functions within Orion Core has allows for read-only SQL injection leading to privileged escalation. An attacker with low-user privileges may steal password hashes and password salt information.
CVE-2024-7732 1 Secom 1 Dr.id Attendance System 2024-09-16 N/A 9.8 CRITICAL
Dr.ID Access Control System from SECOM does not properly validate a specific page parameter, allowing unauthenticated remote attackers to inject SQL commands to read, modify, and delete database contents.
CVE-2024-6401 2024-09-16 N/A N/A
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SFS Consulting InsureE GL allows SQL Injection.This issue affects InsureE GL: before 4.6.2.
CVE-2024-8568 1 Project Team 1 Tmall Demo 2024-09-16 6.5 MEDIUM 9.8 CRITICAL
A vulnerability, which was classified as critical, was found in Mini-Tmall up to 20240901. Affected is the function rewardMapper.select of the file tmall/admin/order/1/1. The manipulation of the argument orderBy leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-30922 2024-09-15 N/A 9.8 CRITICAL
SQL Injection vulnerability in DerbyNet v9.0 allows a remote attacker to execute arbitrary code via the where Clause in Award Document Rendering.
CVE-2024-8762 1 Code-projects 1 Crud Operation System 2024-09-14 6.5 MEDIUM 9.8 CRITICAL
A vulnerability was found in code-projects Crud Operation System 1.0. It has been classified as critical. This affects an unknown part of the file /updatedata.php. The manipulation of the argument sid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-8784 2024-09-14 6.5 MEDIUM 6.3 MEDIUM
A vulnerability classified as critical was found in QDocs Smart School Management System 7.0.0. Affected by this vulnerability is an unknown functionality of the file /user/chat/mynewuser of the component Chat. The manipulation of the argument users[] with the input 1'+AND+(SELECT+3220+FROM+(SELECT(SLEEP(5)))ZNun)+AND+'WwBM'%3d'WwBM as part of POST Request Parameter leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 7.0.1 is able to address this issue. It is recommended to upgrade the affected component.
CVE-2024-8669 2024-09-14 N/A 9.1 CRITICAL
The Backuply – Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to SQL Injection via the 'options' parameter passed to the backuply_wp_clone_sql() function in all versions up to, and including, 1.3.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
CVE-2024-43132 1 Wpwebelite 1 Docket 2024-09-13 N/A 9.8 CRITICAL
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPWeb Elite Docket (WooCommerce Collections / Wishlist / Watchlist) allows SQL Injection.This issue affects Docket (WooCommerce Collections / Wishlist / Watchlist): from n/a before 1.7.0.