Total
12885 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-48657 | 1 Princelycesar | 1 Hospital Management System | 2024-10-24 | N/A | 7.2 HIGH |
| SQL Injection vulnerability in hospital management system in php with source code v.1.0.0 allows a remote attacker to execute arbitrary code. | |||||
| CVE-2024-10195 | 1 Tecno-mobile | 2 4g Portable Wifi Tr118, 4g Portable Wifi Tr118 Firmware | 2024-10-24 | 5.8 MEDIUM | 9.8 CRITICAL |
| A vulnerability was found in Tecno 4G Portable WiFi TR118 V008-20220830. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /goform/goform_get_cmd_process of the component SMS Check. The manipulation of the argument order_by leads to sql injection. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-49623 | 1 Hasanmovahed | 1 Duplicate Title Validate | 2024-10-24 | N/A | 8.8 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Hasan Movahed Duplicate Title Validate allows Blind SQL Injection.This issue affects Duplicate Title Validate: from n/a through 1.0. | |||||
| CVE-2024-8625 | 1 Total-soft | 1 Ts Poll | 2024-10-24 | N/A | 7.2 HIGH |
| The TS Poll WordPress plugin before 2.4.0 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks | |||||
| CVE-2024-47328 | 1 Funnelkit | 1 Funnelkit Automations | 2024-10-24 | N/A | 7.2 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in FunnelKit Automation By Autonami allows SQL Injection.This issue affects Automation By Autonami: from n/a through 3.1.2. | |||||
| CVE-2024-9921 | 1 Teamplus | 1 Team\+ Pro | 2024-10-24 | N/A | 9.8 CRITICAL |
| The Team+ from TEAMPLUS TECHNOLOGY does not properly validate specific page parameter, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify and delete database contents. | |||||
| CVE-2024-42005 | 1 Djangoproject | 1 Django | 2024-10-23 | N/A | 7.3 HIGH |
| An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. QuerySet.values() and values_list() methods on models with a JSONField are subject to SQL injection in column aliases via a crafted JSON object key as a passed *arg. | |||||
| CVE-2024-25210 | 1 Rems | 1 Simple Expense Tracker App | 2024-10-23 | N/A | 9.8 CRITICAL |
| Simple Expense Tracker v1.0 was discovered to contain a SQL injection vulnerability via the expense parameter at /endpoint/delete_expense.php. | |||||
| CVE-2024-25211 | 1 Rems | 1 Simple Expense Tracker App | 2024-10-23 | N/A | 9.8 CRITICAL |
| Simple Expense Tracker v1.0 was discovered to contain a SQL injection vulnerability via the category parameter at /endpoint/delete_category.php. | |||||
| CVE-2024-25209 | 1 Rems | 1 Barangay Population Monitoring System | 2024-10-23 | N/A | 9.8 CRITICAL |
| Barangay Population Monitoring System 1.0 was discovered to contain a SQL injection vulnerability via the resident parameter at /endpoint/delete-resident.php. | |||||
| CVE-2024-25217 | 1 Oretnom23 | 1 Online Medicine Ordering System | 2024-10-23 | N/A | 9.8 CRITICAL |
| Online Medicine Ordering System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /omos/?p=products/view_product. | |||||
| CVE-2024-25223 | 1 Code-projects | 1 Simple Admin Panel | 2024-10-23 | N/A | 9.8 CRITICAL |
| Simple Admin Panel App v1.0 was discovered to contain a SQL injection vulnerability via the orderID parameter at /adminView/viewEachOrder.php. | |||||
| CVE-2024-47223 | 2024-10-23 | N/A | 9.4 CRITICAL | ||
| A vulnerability in the AWV (Audio, Web and Video Conferencing) component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated attacker to conduct a SQL injection attack due to insufficient sanitization of user input. A successful exploit could allow an attacker to access non-sensitive user provisioning information and execute arbitrary SQL database commands. | |||||
| CVE-2024-48597 | 2024-10-23 | N/A | 8.1 HIGH | ||
| Online Clinic Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /success/editp.php?action=edit. | |||||
| CVE-2024-39753 | 2024-10-23 | N/A | 7.5 HIGH | ||
| An modOSCE SQL Injection vulnerability in Trend Micro Apex One could allow a remote attacker to execute arbitrary code on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
| CVE-2024-35286 | 2024-10-23 | N/A | 9.8 CRITICAL | ||
| A vulnerability in NuPoint Messenger (NPM) of Mitel MiCollab through 9.8.0.33 allows an unauthenticated attacker to conduct a SQL injection attack due to insufficient sanitization of user input. A successful exploit could allow an attacker to access sensitive information and execute arbitrary database and management operations. | |||||
| CVE-2024-10169 | 1 Fabianros | 1 Hospital Management System | 2024-10-23 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability classified as critical was found in code-projects Hospital Management System 1.0. This vulnerability affects unknown code of the file change-password.php. The manipulation of the argument cpass leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-10196 | 1 Code-projects | 1 Pharmacy Management System | 2024-10-23 | 6.5 MEDIUM | 9.8 CRITICAL |
| A vulnerability was found in code-projects Pharmacy Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /add_new_invoice.php. The manipulation of the argument text leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-49620 | 1 Naudinvladimir | 1 Ferma.ru.net | 2024-10-22 | N/A | 8.8 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Naudin Vladimir FERMA.Ru.Net allows Blind SQL Injection.This issue affects FERMA.Ru.Net: from n/a through 1.3.3. | |||||
| CVE-2024-49619 | 1 Acespritech | 1 Social Link Groups | 2024-10-22 | N/A | 8.8 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Acespritech Solutions Pvt. Ltd. Social Link Groups allows Blind SQL Injection.This issue affects Social Link Groups: from n/a through 1.1.0. | |||||