Total
14188 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-9972 | 2024-10-15 | N/A | 9.8 CRITICAL | ||
| Property Management System from ChanGate has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents. | |||||
| CVE-2024-48020 | 2024-10-15 | N/A | N/A | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Revmakx Backup and Staging by WP Time Capsule allows SQL Injection.This issue affects Backup and Staging by WP Time Capsule: from n/a through 1.22.21. | |||||
| CVE-2024-9982 | 2024-10-15 | N/A | 9.8 CRITICAL | ||
| AIM LINE Marketing Platform from Esi Technology does not properly validate a specific query parameter. When the LINE Campaign Module is enabled, unauthenticated remote attackers can inject arbitrary FetchXml commands to read, modify, and delete database content. | |||||
| CVE-2024-5329 | 1 Unlimited-elements | 1 Unlimited Elements For Elementor | 2024-10-14 | N/A | 8.8 HIGH |
| The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to blind SQL Injection via the ‘data[addonID]’ parameter in all versions up to, and including, 1.5.109 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | |||||
| CVE-2023-49030 | 1 32ns | 1 Klive | 2024-10-11 | N/A | 7.5 HIGH |
| SQL Injection vulnerability in32ns KLive v.2019-1-19 and before allows a remote attacker to obtain sensitive information via a crafted script to the web/user.php component. | |||||
| CVE-2024-4890 | 1 Litellm | 1 Litellm | 2024-10-10 | N/A | 4.9 MEDIUM |
| A blind SQL injection vulnerability exists in the berriai/litellm application, specifically within the '/team/update' process. The vulnerability arises due to the improper handling of the 'user_id' parameter in the raw SQL query used for deleting users. An attacker can exploit this vulnerability by injecting malicious SQL commands through the 'user_id' parameter, leading to potential unauthorized access to sensitive information such as API keys, user information, and tokens stored in the database. The affected version is 1.27.14. | |||||
| CVE-2024-9379 | 1 Ivanti | 1 Endpoint Manager Cloud Services Appliance | 2024-10-10 | N/A | 7.2 HIGH |
| SQL injection in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to run arbitrary SQL statements. | |||||
| CVE-2024-43918 | 1 Woobewoo | 1 Product Table | 2024-10-10 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WBW WBW Product Table PRO allows SQL Injection.This issue affects WBW Product Table PRO: from n/a through 1.9.4. | |||||
| CVE-2024-9286 | 2024-10-10 | N/A | N/A | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'), Improper Input Validation vulnerability in TRtek Software Distant Education Platform allows SQL Injection, Parameter Injection.This issue affects Distant Education Platform: before 3.2024.11. | |||||
| CVE-2024-47334 | 2024-10-10 | N/A | N/A | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Zoho Flow Zoho Flow for WordPress allows SQL Injection.This issue affects Zoho Flow for WordPress: from n/a through 2.7.1. | |||||
| CVE-2024-38348 | 1 Health Care Hospital Management System Project | 1 Health Care Hospital Management System | 2024-10-10 | N/A | 8.8 HIGH |
| CodeProjects Health Care hospital Management System v1.0 was discovered to contain a SQL injection vulnerability in the Staff Info module via the searvalu parameter. | |||||
| CVE-2023-39292 | 1 Mitel | 3 Mivoice Office 400, Mivoice Office 400 Smb Controller, Mivoice Office 400 Smb Controller Firmware | 2024-10-09 | N/A | 9.8 CRITICAL |
| A SQL Injection vulnerability has been identified in the MiVoice Office 400 SMB Controller through 1.2.5.23 which could allow a malicious actor to access sensitive information and execute arbitrary database and management operations. | |||||
| CVE-2024-5984 | 1 Itsourcecode | 1 Online Book Store Project | 2024-10-09 | N/A | 9.8 CRITICAL |
| A vulnerability was found in itsourcecode Online Bookstore 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file book.php. The manipulation of the argument bookisbn leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-268460. | |||||
| CVE-2024-9574 | 1 Soplanning | 1 Soplanning | 2024-10-08 | N/A | 6.5 MEDIUM |
| SQL injection vulnerability in SOPlanning <1.45, via /soplanning/www/user_groupes.php in the by parameter, which could allow a remote user to submit a specially crafted query, allowing an attacker to retrieve all the information stored in the DB. | |||||
| CVE-2024-9573 | 1 Soplanning | 1 Soplanning | 2024-10-08 | N/A | 6.5 MEDIUM |
| SQL injection vulnerability in SOPlanning <1.45, through /soplanning/www/groupe_list.php, in the by parameter, which could allow a remote user to send a specially crafted query and extract all the information stored on the server. | |||||
| CVE-2021-1636 | 1 Microsoft | 1 Sql Server | 2024-10-08 | 6.5 MEDIUM | 8.8 HIGH |
| Microsoft SQL Elevation of Privilege Vulnerability | |||||
| CVE-2024-43699 | 1 Deltaww | 1 Diaenergie | 2024-10-08 | N/A | 9.8 CRITICAL |
| Delta Electronics DIAEnergie is vulnerable to an SQL injection in the script AM_RegReport.aspx. An unauthenticated attacker may be able to exploit this issue to obtain records contained in the targeted product. | |||||
| CVE-2024-42417 | 1 Deltaww | 1 Diaenergie | 2024-10-08 | N/A | 8.8 HIGH |
| Delta Electronics DIAEnergie is vulnerable to an SQL injection in the script Handler_CFG.ashx. An authenticated attacker may be able to exploit this issue to cause delay in the targeted product. | |||||
| CVE-2023-40921 | 1 Common-services | 1 Soliberte | 2024-10-08 | N/A | 9.8 CRITICAL |
| SQL Injection vulnerability in functions/point_list.php in Common Services soliberte before v4.3.03 allows attackers to obtain sensitive information via the lat and lng parameters. | |||||
| CVE-2024-9460 | 1 Codezips | 1 Online Shopping Portal | 2024-10-08 | N/A | 9.8 CRITICAL |
| A vulnerability was found in Codezips Online Shopping Portal 1.0. It has been classified as critical. Affected is an unknown function of the file index.php. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||