Total
14188 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-45030 | 1 Rconfig | 1 Rconfig | 2025-02-06 | N/A | 8.8 HIGH |
| A SQL injection vulnerability in rConfig 3.9.7 exists via lib/ajaxHandlers/ajaxCompareGetCmdDates.php?command= (this may interact with secure-file-priv). | |||||
| CVE-2023-27844 | 1 Litextension | 1 Leurlrewrite | 2025-02-06 | N/A | 9.8 CRITICAL |
| SQL injection vulnerability found in PrestaShopleurlrewrite v.1.0 and before allow a remote attacker to gain privileges via the Dispatcher::getController component. | |||||
| CVE-2023-27733 | 1 Dedecms | 1 Dedecms | 2025-02-06 | N/A | 7.2 HIGH |
| DedeCMS v5.7.106 was discovered to contain a SQL injection vulnerability via the component /dede/sys_sql_query.php. | |||||
| CVE-2023-2094 | 1 Vehicle Service Management System Project | 1 Vehicle Service Management System | 2025-02-06 | N/A | 6.3 MEDIUM |
| A vulnerability has been found in SourceCodester Vehicle Service Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/mechanics/manage_mechanic.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-226102 is the identifier assigned to this vulnerability. | |||||
| CVE-2017-18362 | 1 Connectwise | 1 Manageditsync | 2025-02-06 | 7.5 HIGH | 9.8 CRITICAL |
| ConnectWise ManagedITSync integration through 2017 for Kaseya VSA is vulnerable to unauthenticated remote commands that allow full direct access to the Kaseya VSA database. In February 2019, attackers have actively exploited this in the wild to download and execute ransomware payloads on all endpoints managed by the VSA server. If the ManagedIT.asmx page is available via the Kaseya VSA web interface, anyone with access to the page is able to run arbitrary SQL queries, both read and write, without authentication. | |||||
| CVE-2024-11713 | 1 Wpjobportal | 1 Wp Job Portal | 2025-02-06 | N/A | 4.9 MEDIUM |
| The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to SQL Injection via the 'page_id' parameter of the wpjobportal_deactivate() function in all versions up to, and including, 2.2.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | |||||
| CVE-2024-11714 | 1 Wpjobportal | 1 Wp Job Portal | 2025-02-06 | N/A | 4.9 MEDIUM |
| The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to SQL Injection via the 'ff' parameter of the getFieldsForVisibleCombobox() function in all versions up to, and including, 2.2.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | |||||
| CVE-2024-13680 | 1 Codepeople | 1 Form Builder Cp | 2025-02-05 | N/A | 6.5 MEDIUM |
| The Form Builder CP plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter of the 'CP_EASY_FORM_WILL_APPEAR_HERE' shortcode in all versions up to, and including, 1.2.41 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | |||||
| CVE-2023-30076 | 1 Judging Management System Project | 1 Judging Management System | 2025-02-05 | N/A | 9.8 CRITICAL |
| Sourcecodester Judging Management System v1.0 is vulnerable to SQL Injection via /php-jms/print_judges.php?print_judges.php=&se_name=&sub_event_id=. | |||||
| CVE-2024-28094 | 1 Schoolbox | 1 Schoolbox | 2025-02-05 | N/A | 8.8 HIGH |
| Chat functionality in Schoolbox application before version 23.1.3 is vulnerable to blind SQL Injection enabling the authenticated attackers to read, modify, and delete database records. | |||||
| CVE-2024-13594 | 1 Neofix | 1 Simple Downloads List | 2025-02-05 | N/A | 6.5 MEDIUM |
| The Simple Downloads List plugin for WordPress is vulnerable to SQL Injection via the 'category' attribute of the 'neofix_sdl' shortcode in all versions up to, and including, 1.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | |||||
| CVE-2024-12195 | 1 Wedevs | 1 Wp Project Manager | 2025-02-05 | N/A | 6.5 MEDIUM |
| The WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts plugin for WordPress is vulnerable to SQL Injection via the 'project_id' parameter of the /wp-json/pm/v2/projects/2/task-lists REST API endpoint in all versions up to, and including, 2.6.16 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, who have been granted access to a project, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | |||||
| CVE-2023-26865 | 1 Brandsdistribution | 1 Bdroppy | 2025-02-05 | N/A | 9.8 CRITICAL |
| SQL injection vulnerability found in PrestaShop bdroppy v.2.2.12 and before allowing a remote attacker to gain privileges via the BdroppyCronModuleFrontController::importProducts component. | |||||
| CVE-2023-23753 | 1 Vi-solutions | 1 Visforms | 2025-02-05 | N/A | 9.8 CRITICAL |
| The 'Visforms Base Package for Joomla 3' extension is vulnerable to SQL Injection as concatenation is used to construct an SQL Query. An attacker can interact with the database and could be able to read, modify and delete data on it. | |||||
| CVE-2024-2344 | 1 Theme-fusion | 1 Avada | 2025-02-05 | N/A | N/A |
| The Avada theme for WordPress is vulnerable to SQL Injection via the 'entry' parameter in all versions up to, and including, 7.11.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticted attackers, with editor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | |||||
| CVE-2024-1893 | 1 Realestateconnected | 1 Easy Property Listings | 2025-02-05 | N/A | N/A |
| The Easy Property Listings plugin for WordPress is vulnerable to time-based SQL Injection via the ‘property_status’ shortcode attribute in all versions up to, and including, 3.5.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | |||||
| CVE-2024-11711 | 1 Wpjobportal | 1 Wp Job Portal | 2025-02-05 | N/A | 7.5 HIGH |
| The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to SQL Injection via the 'resumeid' parameter in all versions up to, and including, 2.2.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | |||||
| CVE-2024-11710 | 1 Wpjobportal | 1 Wp Job Portal | 2025-02-05 | N/A | 4.9 MEDIUM |
| The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to SQL Injection via the 'fieldfor', 'visibleParent' and 'id' parameters in all versions up to, and including, 2.2.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | |||||
| CVE-2024-11729 | 1 Iqonic | 1 Kivicare | 2025-02-05 | N/A | 6.5 MEDIUM |
| The KiviCare – Clinic & Patient Management System (EHR) plugin for WordPress is vulnerable to SQL Injection via the 'service_list[0][service_id]' parameter of the get_widget_payment_options AJAX action in all versions up to, and including, 3.6.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Custom-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | |||||
| CVE-2024-11730 | 1 Iqonic | 1 Kivicare | 2025-02-05 | N/A | 6.5 MEDIUM |
| The KiviCare – Clinic & Patient Management System (EHR) plugin for WordPress is vulnerable to SQL Injection via the 'sort[]' parameter of the static_data_list AJAX action in all versions up to, and including, 3.6.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with doctor/receptionist-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | |||||