Total
14188 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-43144 | 1 Stylemixthemes | 1 Cost Calculator Builder | 2024-09-19 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in StylemixThemes Cost Calculator Builder allows SQL Injection.This issue affects Cost Calculator Builder: from n/a through 3.2.15. | |||||
| CVE-2024-43917 | 1 Templateinvaders | 1 Ti Woocommerce Wishlist | 2024-09-19 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TemplateInvaders TI WooCommerce Wishlist allows SQL Injection.This issue affects TI WooCommerce Wishlist: from n/a through 2.8.2. | |||||
| CVE-2023-40920 | 1 Prixan | 1 Prixanconnect | 2024-09-19 | N/A | 9.8 CRITICAL |
| Prixan prixanconnect up to v1.62 was discovered to contain a SQL injection vulnerability via the component CartsGuruCatalogModuleFrontController::importProducts(). | |||||
| CVE-2024-39304 | 1 Churchcrm | 1 Churchcrm | 2024-09-19 | N/A | 8.8 HIGH |
| ChurchCRM is an open-source church management system. Versions of the application prior to 5.9.2 are vulnerable to an authenticated SQL injection due to an improper sanitization of user input. Authentication is required, but no elevated privileges are necessary. This allows attackers to inject SQL statements directly into the database query due to inadequate sanitization of the EID parameter in in a GET request to `/GetText.php`. Version 5.9.2 patches the issue. | |||||
| CVE-2023-43983 | 1 Presto-changeo | 1 Attribute Grid | 2024-09-19 | N/A | 9.8 CRITICAL |
| Presto Changeo attributegrid up to 2.0.3 was discovered to contain a SQL injection vulnerability via the component disable_json.php. | |||||
| CVE-2024-8395 | 1 Flycass | 1 Flycass | 2024-09-19 | N/A | 9.8 CRITICAL |
| FlyCASS CASS and KCM systems did not correctly filter SQL queries, which made them vulnerable to attack by outside attackers with no authentication. | |||||
| CVE-2024-6268 | 1 Lahirudanushka | 1 School Management System | 2024-09-19 | N/A | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, has been found in lahirudanushka School Management System 1.0.0/1.0.1. Affected by this issue is some unknown functionality of the file login.php of the component Login Page. The manipulation of the argument email leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-269480. | |||||
| CVE-2024-6266 | 1 Pearadmin | 1 Pear Admin Boot | 2024-09-19 | N/A | 9.8 CRITICAL |
| A vulnerability classified as critical has been found in Pear Admin Boot up to 2.0.2. Affected is an unknown function of the file /system/dictData/loadDictItem. The manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-269478 is the identifier assigned to this vulnerability. | |||||
| CVE-2024-6204 | 1 Zohocorp | 1 Manageengine Exchange Reporter Plus | 2024-09-19 | N/A | 8.1 HIGH |
| Zohocorp ManageEngine Exchange Reporter Plus versions before 5715 are vulnerable to SQL Injection in the reports module. | |||||
| CVE-2024-8335 | 1 Openrapid | 1 Rapidcms | 2024-09-19 | N/A | 9.8 CRITICAL |
| A vulnerability classified as critical has been found in OpenRapid RapidCMS up to 1.3.1. Affected is an unknown function of the file /resource/runlogon.php. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-5546 | 1 Zohocorp | 2 Manageengine Pam360, Manageengine Password Manager Pro | 2024-09-19 | N/A | 8.8 HIGH |
| Zohocorp ManageEngine Password Manager Pro versions before 12431 and ManageEngine PAM360 versions before 7001 are affected by authenticated SQL Injection vulnerability via a global search option. | |||||
| CVE-2020-18662 | 1 Sir | 1 Gnuboard | 2024-09-19 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection vulnerability in gnuboard5 <=v5.3.2.8 via the table_prefix parameter in install_db.php. | |||||
| CVE-2024-8784 | 1 Qdocs | 1 Smart School | 2024-09-19 | N/A | 8.8 HIGH |
| A vulnerability classified as critical was found in QDocs Smart School Management System 7.0.0. Affected by this vulnerability is an unknown functionality of the file /user/chat/mynewuser of the component Chat. The manipulation of the argument users[] with the input 1'+AND+(SELECT+3220+FROM+(SELECT(SLEEP(5)))ZNun)+AND+'WwBM'%3d'WwBM as part of POST Request Parameter leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 7.0.1 is able to address this issue. It is recommended to upgrade the affected component. | |||||
| CVE-2024-44430 | 1 Mayurik | 1 Best Free Law Office Management | 2024-09-19 | N/A | 9.8 CRITICAL |
| SQL Injection vulnerability in Best Free Law Office Management Software-v1.0 allows an attacker to execute arbitrary code and obtain sensitive information via a crafted payload to the kortex_lite/control/register_case.php interface | |||||
| CVE-2024-34334 | 1 Ordat | 1 Ordat.erp | 2024-09-18 | N/A | 7.5 HIGH |
| ORDAT FOSS-Online before v2.24.01 was discovered to contain a SQL injection vulnerability via the forgot password function. | |||||
| CVE-2024-8749 | 1 I-doit | 1 I-doit | 2024-09-18 | N/A | 7.5 HIGH |
| SQL injection vulnerability in idoit pro version 28. This vulnerability could allow an attacker to send a specially crafted query to the ID parameter in /var/www/html/src/classes/modules/api/model/cmdb/isys_api_model_cmdb_objects_by_relation.class.php and retrieve all the information stored in the database. | |||||
| CVE-2024-27112 | 1 Soplanning | 1 Soplanning | 2024-09-18 | N/A | 9.8 CRITICAL |
| A unauthenticated SQL Injection has been found in the SO Planning tool that occurs when the public view setting is enabled. An attacker could use this vulnerability to gain access to the underlying database. The vulnerability has been remediated in version 1.52.02. | |||||
| CVE-2024-8611 | 1 Angeljudesuarez | 1 Tailoring Management System | 2024-09-18 | N/A | 9.8 CRITICAL |
| A vulnerability classified as critical was found in itsourcecode Tailoring Management System 1.0. Affected by this vulnerability is an unknown functionality of the file ssms.php. The manipulation of the argument customer leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-6919 | 1 Nac | 1 Nacpremium | 2024-09-17 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NAC Telecommunication Systems Inc. NACPremium allows Blind SQL Injection.This issue affects NACPremium: through 01082024. | |||||
| CVE-2024-8868 | 1 Code-projects | 1 Crud Operation System | 2024-09-17 | N/A | 9.8 CRITICAL |
| A vulnerability was found in code-projects Crud Operation System 1.0. It has been rated as critical. This issue affects some unknown processing of the file savedata.php. The manipulation of the argument sname leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||