Total
12897 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-7349 | 1 Lifterlms | 1 Lifterlms | 2024-09-12 | N/A | 7.2 HIGH |
| The LifterLMS – WP LMS for eLearning, Online Courses, & Quizzes plugin for WordPress is vulnerable to blind SQL Injection via the 'order' parameter in all versions up to, and including, 7.7.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | |||||
| CVE-2024-44541 | 2024-09-12 | N/A | 9.8 CRITICAL | ||
| evilnapsis Inventio Lite Versions v4 and before is vulnerable to SQL Injection via the "username" parameter in "/?action=processlogin." | |||||
| CVE-2024-8705 | 2024-09-12 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability was found in Shandong Star Measurement and Control Equipment Heating Network Wireless Monitoring System 5.6.2 and classified as critical. Affected by this issue is the function GetDataKindByType of the file /DataSrvs/UCCGSrv.asmx. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2023-46347 | 1 Ndkdesign | 1 Ndk Steppingpack | 2024-09-11 | N/A | 9.8 CRITICAL |
| In the module "Step by Step products Pack" (ndk_steppingpack) version 1.5.6 and before from NDK Design for PrestaShop, a guest can perform SQL injection. The method `NdkSpack::getPacks()` has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection. | |||||
| CVE-2024-7505 | 1 Rainniar | 1 Bike Delivery System | 2024-09-11 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, was found in itsourcecode Bike Delivery System 1.0. Affected is an unknown function of the file contact_us_action.php. The manipulation of the argument name leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273648. | |||||
| CVE-2024-8147 | 1 Pharmacy Management System Project | 1 Pharmacy Management System | 2024-09-11 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability was found in code-projects Pharmacy Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /index.php?action=editPharmacist. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-8503 | 2024-09-11 | N/A | 9.8 CRITICAL | ||
| An unauthenticated attacker can leverage a time-based SQL injection vulnerability in VICIdial to enumerate database records. By default, VICIdial stores plaintext credentials within the database. | |||||
| CVE-2024-6924 | 1 Themetechmount | 1 Truebooker | 2024-09-11 | N/A | 9.8 CRITICAL |
| The TrueBooker WordPress plugin before 1.0.3 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection. | |||||
| CVE-2024-8570 | 1 Angeljudesuarez | 1 Tailoring Management System | 2024-09-11 | 6.5 MEDIUM | 9.8 CRITICAL |
| A vulnerability was found in itsourcecode Tailoring Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /inccatadd.php. The manipulation of the argument title leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-38871 | 1 Zohocorp | 1 Manageengine Exchange Reporter Plus | 2024-09-11 | N/A | 8.8 HIGH |
| Zohocorp ManageEngine Exchange Reporter Plus versions 5717 and below are vulnerable to the authenticated SQL injection in the reports module. | |||||
| CVE-2024-38872 | 1 Zohocorp | 1 Manageengine Exchange Reporter Plus | 2024-09-11 | N/A | 8.8 HIGH |
| Zohocorp ManageEngine Exchange Reporter Plus versions 5717 and below are vulnerable to the authenticated SQL injection in the monitoring module. | |||||
| CVE-2024-7477 | 1 Avaya | 1 Aura System Manager | 2024-09-11 | N/A | 6.7 MEDIUM |
| A SQL injection vulnerability was found which could allow a command line interface (CLI) user with administrative privileges to execute arbitrary queries against the Avaya Aura System Manager database. Affected versions include 10.1.x.x and 10.2.x.x. Versions prior to 10.1 are end of manufacturer support. | |||||
| CVE-2024-28298 | 1 E-bmsoft | 1 Bmplanning | 2024-09-11 | N/A | 8.8 HIGH |
| SQL injection vulnerability in BM SOFT BMPlanning 1.0.0.1 allows authenticated users to execute arbitrary SQL commands via the SEC_IDF, LIE_IDF, PLANF_IDF, CLI_IDF, DOS_IDF, and possibly other parameters to /BMServerR.dll/BMRest. | |||||
| CVE-2024-7461 | 1 Forip | 1 Administracao Pabx | 2024-09-11 | 6.8 MEDIUM | 9.8 CRITICAL |
| A vulnerability was found in ForIP Tecnologia Administração PABX 1.x. It has been rated as critical. Affected by this issue is some unknown functionality of the file /authMonitCallcenter of the component monitcallcenter. The manipulation of the argument user leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-273554 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-7105 | 1 Forip | 1 Administracao Pabx | 2024-09-11 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability classified as critical has been found in ForIP Tecnologia Administração PABX 1.x. Affected is an unknown function of the file /detalheIdUra of the component Lista Ura Page. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-272430 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-7201 | 1 Simopro Technology | 1 Winmatrix3 | 2024-09-10 | N/A | 9.8 CRITICAL |
| The login functionality of WinMatrix3 Web package from Simopro Technology lacks proper validation of user input, allowing unauthenticated remote attackers to inject SQL commands to read, modify, and delete database contents. | |||||
| CVE-2024-7202 | 1 Simopro Technology | 1 Winmatrix3 | 2024-09-10 | N/A | 9.8 CRITICAL |
| The query functionality of WinMatrix3 Web package from Simopro Technology lacks proper validation of user input, allowing unauthenticated remote attackers to inject SQL commands to read, modify, and delete database contents. | |||||
| CVE-2024-6898 | 1 Jkev | 1 Record Management System | 2024-09-10 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability was found in SourceCodester Record Management System 1.0. It has been classified as critical. This affects an unknown part of the file index.php. The manipulation of the argument UserName leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-271923. | |||||
| CVE-2024-39911 | 1 Fit2cloud | 1 1panel | 2024-09-10 | N/A | 9.8 CRITICAL |
| 1Panel is a web-based linux server management control panel. 1Panel contains an unspecified sql injection via User-Agent handling. This issue has been addressed in version 1.10.12-lts. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2024-39907 | 1 Fit2cloud | 1 1panel | 2024-09-10 | N/A | 9.8 CRITICAL |
| 1Panel is a web-based linux server management control panel. There are many sql injections in the project, and some of them are not well filtered, leading to arbitrary file writes, and ultimately leading to RCEs. These sql injections have been resolved in version 1.10.12-tls. Users are advised to upgrade. There are no known workarounds for these issues. | |||||