Total
12892 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-40921 | 1 Common-services | 1 Soliberte | 2024-10-08 | N/A | 9.8 CRITICAL |
| SQL Injection vulnerability in functions/point_list.php in Common Services soliberte before v4.3.03 allows attackers to obtain sensitive information via the lat and lng parameters. | |||||
| CVE-2024-9460 | 1 Codezips | 1 Online Shopping Portal | 2024-10-08 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability was found in Codezips Online Shopping Portal 1.0. It has been classified as critical. Affected is an unknown function of the file index.php. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2020-35012 | 1 Pixelite | 1 Events Manager | 2024-10-08 | 6.5 MEDIUM | 7.2 HIGH |
| The Events Manager WordPress plugin before 5.9.8 does not sanitise and escape a parameter before using it in a SQL statement, leading to an SQL Injection | |||||
| CVE-2024-9429 | 1 Code-projects | 1 Restaurant Reservation System | 2024-10-07 | 6.5 MEDIUM | 9.8 CRITICAL |
| A vulnerability has been found in code-projects Restaurant Reservation System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /filter2.php. The manipulation of the argument from/to leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory only mentions the parameter "from" to be affected. But it must be assumed that parameter "to" is affected as well. | |||||
| CVE-2024-47911 | 2024-10-07 | N/A | 6.7 MEDIUM | ||
| In SonarSource SonarQube 10.4 through 10.5 before 10.6, a vulnerability was discovered in the authorizations/group-memberships API endpoint that allows SonarQube users with the administrator role to inject blind SQL commands. | |||||
| CVE-2024-46078 | 2024-10-07 | N/A | 7.5 HIGH | ||
| itsourcecode Sports Management System Project 1.0 is vulnerable to SQL Injection in the function delete_category of the file sports_scheduling/player.php via the argument id. | |||||
| CVE-2024-41512 | 2024-10-07 | N/A | 8.8 HIGH | ||
| A SQL Injection vulnerability in "ccHandler.aspx" in all versions of CADClick v.1.11.0 and before allows remote attackers to execute arbitrary SQL commands via the "bomid" parameter. | |||||
| CVE-2023-31940 | 1 Online Travel Agency System Project | 1 Online Travel Agency System | 2024-10-07 | N/A | 7.2 HIGH |
| SQL injection vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via the page_id parameter at article_edit.php. | |||||
| CVE-2023-31939 | 1 Online Travel Agency System Project | 1 Online Travel Agency System | 2024-10-07 | N/A | 7.2 HIGH |
| SQL injection vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via the costomer_id parameter at customer_edit.php. | |||||
| CVE-2023-31938 | 1 Online Travel Agency System Project | 1 Online Travel Agency System | 2024-10-07 | N/A | 7.2 HIGH |
| SQL injection vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via the emp_id parameter at employee_detail.php. | |||||
| CVE-2024-9018 | 1 Plugingarden | 1 Wp Easy Gallery | 2024-10-07 | N/A | 8.8 HIGH |
| The WP Easy Gallery – WordPress Gallery Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the ‘key’ parameter in all versions up to, and including, 4.8.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | |||||
| CVE-2024-45999 | 1 Magicbug | 1 Cloudlog | 2024-10-07 | N/A | 9.8 CRITICAL |
| A SQL Injection vulnerability was discovered in Cloudlog 2.6.15, specifically within the get_station_info()function located in the file /application/models/Oqrs_model.php. The vulnerability is exploitable via the station_id parameter. | |||||
| CVE-2024-47338 | 2024-10-07 | N/A | 7.6 HIGH | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPExpertsio WPExperts Square For GiveWP allows SQL Injection.This issue affects WPExperts Square For GiveWP: from n/a through 1.3. | |||||
| CVE-2024-45249 | 2024-10-07 | N/A | 9.8 CRITICAL | ||
| Cavok – CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | |||||
| CVE-2024-9536 | 2024-10-07 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability was found in ESAFENET CDG V5. It has been rated as critical. Affected by this issue is some unknown functionality of the file /MultiServerBackService?path=1. The manipulation of the argument fileId leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-47350 | 2024-10-07 | N/A | 9.3 CRITICAL | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YITH YITH WooCommerce Ajax Search allows SQL Injection.This issue affects YITH WooCommerce Ajax Search: from n/a through 2.8.0. | |||||
| CVE-2024-47335 | 2024-10-07 | N/A | 7.6 HIGH | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Bit Form Bit Form – Contact Form Plugin allows SQL Injection.This issue affects Bit Form – Contact Form Plugin: from n/a through 2.13.11. | |||||
| CVE-2024-6928 | 1 Opti.marketing | 1 Opti Marketing | 2024-10-07 | N/A | 9.8 CRITICAL |
| The Opti Marketing WordPress plugin through 2.0.9 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection. | |||||
| CVE-2024-8379 | 1 Stylemixthemes | 1 Cost Calculator Builder | 2024-10-07 | N/A | 7.2 HIGH |
| The Cost Calculator Builder WordPress plugin before 3.2.29 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Admin. | |||||
| CVE-2024-9293 | 1 Skyselang | 1 Yyladmin | 2024-10-07 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability classified as critical was found in skyselang yylAdmin up to 3.0. Affected by this vulnerability is the function list of the file /app/admin/controller/file/File.php of the component Backend. The manipulation of the argument is_disable leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||