Total
12380 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-8868 | 1 Code-projects | 1 Crud Operation System | 2024-09-17 | 7.5 HIGH | 9.8 CRITICAL |
A vulnerability was found in code-projects Crud Operation System 1.0. It has been rated as critical. This issue affects some unknown processing of the file savedata.php. The manipulation of the argument sname leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
CVE-2022-2177 | 1 Kayrasoft | 1 Kayrasoft | 2024-09-17 | N/A | 9.4 CRITICAL |
Kayrasoft product before version 2 has an unauthenticated SQL Injection vulnerability. This is fixed in version 2. | |||||
CVE-2021-3958 | 1 Ipack | 1 Scada Automation | 2024-09-17 | 7.5 HIGH | 9.8 CRITICAL |
Improper Handling of Parameters vulnerability in Ipack Automation Systems Ipack SCADA Software allows : Blind SQL Injection.This issue affects Ipack SCADA Software: from unspecified before 1.1.0. | |||||
CVE-2023-47990 | 1 Cuppacms | 1 Cuppacms | 2024-09-17 | N/A | 9.8 CRITICAL |
SQL Injection vulnerability in components/table_manager/html/edit_admin_table.php in CuppaCMS V1.0 allows attackers to run arbitrary SQL commands via the table parameter. | |||||
CVE-2022-2807 | 1 Algan | 1 Prens Student Information System | 2024-09-17 | N/A | 9.8 CRITICAL |
SQL Injection vulnerability in Algan Software Prens Student Information System allows SQL Injection.This issue affects Prens Student Information System: before 2.1.11. | |||||
CVE-2022-0495 | 1 Parantezteknoloji | 1 Koha Library Automation | 2024-09-17 | N/A | 9.4 CRITICAL |
The library automation system product KOHA developed by Parantez Teknoloji before version 19.05.03 has an unauthenticated SQL Injection vulnerability. This has been fixed in the version 19.05.03.01. | |||||
CVE-2024-6670 | 1 Progress | 1 Whatsup Gold | 2024-09-17 | N/A | 9.8 CRITICAL |
In WhatsUp Gold versions released before 2024.0.0, a SQL Injection vulnerability allows an unauthenticated attacker to retrieve the users encrypted password. | |||||
CVE-2022-1277 | 1 Inavitas | 1 Solar Log | 2024-09-17 | N/A | 9.4 CRITICAL |
Inavitas Solar Log product has an unauthenticated SQL Injection vulnerability. | |||||
CVE-2020-3936 | 1 Unisoon | 2 Ultralog Express, Ultralog Express Firmware | 2024-09-16 | 7.5 HIGH | 9.8 CRITICAL |
UltraLog Express device management interface does not properly filter user inputted string in some specific parameters, attackers can inject arbitrary SQL command. | |||||
CVE-2022-36961 | 1 Solarwinds | 1 Orion Platform | 2024-09-16 | N/A | 8.8 HIGH |
A vulnerable component of Orion Platform was vulnerable to SQL Injection, an authenticated attacker could leverage this for privilege escalation or remote code execution. | |||||
CVE-2022-2315 | 1 Databank | 1 Accreditation Tracking\/presentation Module | 2024-09-16 | N/A | 9.4 CRITICAL |
Database Software Accreditation Tracking/Presentation Module product before version 2 has an unauthenticated SQL Injection vulnerability. This is fixed in version 2. | |||||
CVE-2021-35234 | 1 Solarwinds | 1 Orion Platform | 2024-09-16 | 6.5 MEDIUM | 8.8 HIGH |
Numerous exposed dangerous functions within Orion Core has allows for read-only SQL injection leading to privileged escalation. An attacker with low-user privileges may steal password hashes and password salt information. | |||||
CVE-2024-7732 | 1 Secom | 1 Dr.id Attendance System | 2024-09-16 | N/A | 9.8 CRITICAL |
Dr.ID Access Control System from SECOM does not properly validate a specific page parameter, allowing unauthenticated remote attackers to inject SQL commands to read, modify, and delete database contents. | |||||
CVE-2024-6401 | 2024-09-16 | N/A | N/A | ||
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SFS Consulting InsureE GL allows SQL Injection.This issue affects InsureE GL: before 4.6.2. | |||||
CVE-2024-8568 | 1 Project Team | 1 Tmall Demo | 2024-09-16 | 6.5 MEDIUM | 9.8 CRITICAL |
A vulnerability, which was classified as critical, was found in Mini-Tmall up to 20240901. Affected is the function rewardMapper.select of the file tmall/admin/order/1/1. The manipulation of the argument orderBy leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
CVE-2024-30922 | 2024-09-15 | N/A | 9.8 CRITICAL | ||
SQL Injection vulnerability in DerbyNet v9.0 allows a remote attacker to execute arbitrary code via the where Clause in Award Document Rendering. | |||||
CVE-2024-8762 | 1 Code-projects | 1 Crud Operation System | 2024-09-14 | 6.5 MEDIUM | 9.8 CRITICAL |
A vulnerability was found in code-projects Crud Operation System 1.0. It has been classified as critical. This affects an unknown part of the file /updatedata.php. The manipulation of the argument sid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
CVE-2024-8784 | 2024-09-14 | 6.5 MEDIUM | 6.3 MEDIUM | ||
A vulnerability classified as critical was found in QDocs Smart School Management System 7.0.0. Affected by this vulnerability is an unknown functionality of the file /user/chat/mynewuser of the component Chat. The manipulation of the argument users[] with the input 1'+AND+(SELECT+3220+FROM+(SELECT(SLEEP(5)))ZNun)+AND+'WwBM'%3d'WwBM as part of POST Request Parameter leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 7.0.1 is able to address this issue. It is recommended to upgrade the affected component. | |||||
CVE-2024-8669 | 2024-09-14 | N/A | 9.1 CRITICAL | ||
The Backuply – Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to SQL Injection via the 'options' parameter passed to the backuply_wp_clone_sql() function in all versions up to, and including, 1.3.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | |||||
CVE-2024-43132 | 1 Wpwebelite | 1 Docket | 2024-09-13 | N/A | 9.8 CRITICAL |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPWeb Elite Docket (WooCommerce Collections / Wishlist / Watchlist) allows SQL Injection.This issue affects Docket (WooCommerce Collections / Wishlist / Watchlist): from n/a before 1.7.0. |