Total
12892 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-10013 | 1 Strategy11 | 1 Awp Classifieds | 2024-09-25 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Another WordPress Classifieds Plugin plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the keywordphrase parameter in a dosearch action. | |||||
| CVE-2022-3254 | 1 Strategy11 | 1 Awp Classifieds | 2024-09-25 | N/A | 9.8 CRITICAL |
| The WordPress Classifieds Plugin WordPress plugin before 4.3 does not properly sanitise and escape some parameters before using them in a SQL statement via an AJAX action available to unauthenticated users and when a specific premium module is active, leading to a SQL injection | |||||
| CVE-2023-43377 | 1 Digitaldruid | 1 Hoteldruid | 2024-09-25 | N/A | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in /hoteldruid/visualizza_contratto.php of Hoteldruid v3.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the destinatario_email1 parameter. | |||||
| CVE-2023-43375 | 1 Digitaldruid | 1 Hoteldruid | 2024-09-25 | N/A | 9.8 CRITICAL |
| Hoteldruid v3.0.5 was discovered to contain multiple SQL injection vulnerabilities at /hoteldruid/clienti.php via the annonascita, annoscaddoc, giornonascita, giornoscaddoc, lingua_cli, mesenascita, and mesescaddoc parameters. | |||||
| CVE-2023-43374 | 1 Digitaldruid | 1 Hoteldruid | 2024-09-25 | N/A | 9.8 CRITICAL |
| Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the id_utente_log parameter at /hoteldruid/personalizza.php. | |||||
| CVE-2023-43373 | 1 Digitaldruid | 1 Hoteldruid | 2024-09-25 | N/A | 9.8 CRITICAL |
| Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the n_utente_agg parameter at /hoteldruid/interconnessioni.php. | |||||
| CVE-2023-43371 | 1 Digitaldruid | 1 Hoteldruid | 2024-09-25 | N/A | 9.8 CRITICAL |
| Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the numcaselle parameter at /hoteldruid/creaprezzi.php. | |||||
| CVE-2023-43274 | 1 Phpjabbers | 1 Php Shopping Cart | 2024-09-25 | N/A | 7.5 HIGH |
| Phpjabbers PHP Shopping Cart 4.2 is vulnerable to SQL Injection via the id parameter. | |||||
| CVE-2023-39640 | 1 Uplight | 1 Cookie Law | 2024-09-25 | N/A | 9.8 CRITICAL |
| UpLight cookiebanner before 1.5.1 was discovered to contain a SQL injection vulnerability via the component Hook::getHookModuleExecList(). | |||||
| CVE-2023-37069 | 1 Online Hospital Management System Project | 1 Online Hospital Management System | 2024-09-25 | N/A | 9.8 CRITICAL |
| Code-Projects Online Hospital Management System V1.0 is vulnerable to SQL Injection (SQLI) attacks, which allow an attacker to manipulate the SQL queries executed by the application. The application fails to properly validate user-supplied input in the login id and password fields during the login process, enabling an attacker to inject malicious SQL code. | |||||
| CVE-2023-37068 | 1 Sherlock | 1 Gym Management System | 2024-09-25 | N/A | 9.8 CRITICAL |
| Code-Projects Gym Management System V1.0 allows remote attackers to execute arbitrary SQL commands via the login form, leading to unauthorized access and potential data manipulation. This vulnerability arises due to insufficient validation of user-supplied input in the username and password fields, enabling SQL Injection attacks. | |||||
| CVE-2024-44004 | 1 Wptaskforce | 1 Track \& Trace | 2024-09-24 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPTaskForce WPCargo Track & Trace allows SQL Injection.This issue affects WPCargo Track & Trace: from n/a through 7.0.6. | |||||
| CVE-2024-8146 | 1 Pharmacy Management System Project | 1 Pharmacy Management System | 2024-09-24 | 6.5 MEDIUM | 9.8 CRITICAL |
| A vulnerability has been found in code-projects Pharmacy Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /index.php?action=editSalesman. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-43978 | 1 Superstorefinder | 1 Super Store Finder | 2024-09-24 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in highwarden Super Store Finder allows SQL Injection.This issue affects Super Store Finder: from n/a before 6.9.8. | |||||
| CVE-2024-43976 | 1 Superstorefinder | 1 Super Store Finder | 2024-09-24 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in highwarden Super Store Finder allows SQL Injection.This issue affects Super Store Finder: from n/a through 6.9.7. | |||||
| CVE-2022-25775 | 1 Acquia | 1 Mautic | 2024-09-23 | N/A | 7.2 HIGH |
| Prior to the patched version, logged in users of Mautic are vulnerable to an SQL injection vulnerability in the Reports bundle. The user could retrieve and alter data like sensitive data, login, and depending on database permission the attacker can manipulate file systems. | |||||
| CVE-2024-29174 | 1 Dell | 1 Data Domain Operating System | 2024-09-23 | N/A | 4.4 MEDIUM |
| Dell Data Domain, versions prior to 7.13.0.0, LTS 7.7.5.30, LTS 7.10.1.20 contain an SQL Injection vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application's backend database causing unauthorized access to application data. | |||||
| CVE-2024-5225 | 1 Litellm | 1 Litellm | 2024-09-23 | N/A | 7.2 HIGH |
| An SQL Injection vulnerability exists in the berriai/litellm repository, specifically within the `/global/spend/logs` endpoint. The vulnerability arises due to improper neutralization of special elements used in an SQL command. The affected code constructs an SQL query by concatenating an unvalidated `api_key` parameter directly into the query, making it susceptible to SQL Injection if the `api_key` contains malicious data. This issue affects the latest version of the repository. Successful exploitation of this vulnerability could lead to unauthorized access, data manipulation, exposure of confidential information, and denial of service (DoS). | |||||
| CVE-2024-8944 | 1 Fabianros | 1 Hospital Management System | 2024-09-23 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, was found in code-projects Hospital Management System 1.0. This affects an unknown part of the file check_availability.php. The manipulation of the argument email leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-5057 | 1 Sandhillsdev | 1 Easy Digital Downloads | 2024-09-20 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Easy Digital Downloads allows SQL Injection.This issue affects Easy Digital Downloads: from n/a through 3.2.12. | |||||