Total
14188 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-2177 | 1 Kayrasoft | 1 Kayrasoft | 2024-09-17 | N/A | 9.4 CRITICAL |
| Kayrasoft product before version 2 has an unauthenticated SQL Injection vulnerability. This is fixed in version 2. | |||||
| CVE-2021-3958 | 1 Ipack | 1 Scada Automation | 2024-09-17 | 7.5 HIGH | 9.8 CRITICAL |
| Improper Handling of Parameters vulnerability in Ipack Automation Systems Ipack SCADA Software allows : Blind SQL Injection.This issue affects Ipack SCADA Software: from unspecified before 1.1.0. | |||||
| CVE-2023-47990 | 1 Cuppacms | 1 Cuppacms | 2024-09-17 | N/A | 9.8 CRITICAL |
| SQL Injection vulnerability in components/table_manager/html/edit_admin_table.php in CuppaCMS V1.0 allows attackers to run arbitrary SQL commands via the table parameter. | |||||
| CVE-2022-2807 | 1 Algan | 1 Prens Student Information System | 2024-09-17 | N/A | 9.8 CRITICAL |
| SQL Injection vulnerability in Algan Software Prens Student Information System allows SQL Injection.This issue affects Prens Student Information System: before 2.1.11. | |||||
| CVE-2022-0495 | 1 Parantezteknoloji | 1 Koha Library Automation | 2024-09-17 | N/A | 9.4 CRITICAL |
| The library automation system product KOHA developed by Parantez Teknoloji before version 19.05.03 has an unauthenticated SQL Injection vulnerability. This has been fixed in the version 19.05.03.01. | |||||
| CVE-2024-6670 | 1 Progress | 1 Whatsup Gold | 2024-09-17 | N/A | 9.8 CRITICAL |
| In WhatsUp Gold versions released before 2024.0.0, a SQL Injection vulnerability allows an unauthenticated attacker to retrieve the users encrypted password. | |||||
| CVE-2022-1277 | 1 Inavitas | 1 Solar Log | 2024-09-17 | N/A | 9.4 CRITICAL |
| Inavitas Solar Log product has an unauthenticated SQL Injection vulnerability. | |||||
| CVE-2020-3936 | 1 Unisoon | 2 Ultralog Express, Ultralog Express Firmware | 2024-09-16 | 7.5 HIGH | 9.8 CRITICAL |
| UltraLog Express device management interface does not properly filter user inputted string in some specific parameters, attackers can inject arbitrary SQL command. | |||||
| CVE-2022-36961 | 1 Solarwinds | 1 Orion Platform | 2024-09-16 | N/A | 8.8 HIGH |
| A vulnerable component of Orion Platform was vulnerable to SQL Injection, an authenticated attacker could leverage this for privilege escalation or remote code execution. | |||||
| CVE-2022-2315 | 1 Databank | 1 Accreditation Tracking\/presentation Module | 2024-09-16 | N/A | 9.4 CRITICAL |
| Database Software Accreditation Tracking/Presentation Module product before version 2 has an unauthenticated SQL Injection vulnerability. This is fixed in version 2. | |||||
| CVE-2021-35234 | 1 Solarwinds | 1 Orion Platform | 2024-09-16 | 6.5 MEDIUM | 8.8 HIGH |
| Numerous exposed dangerous functions within Orion Core has allows for read-only SQL injection leading to privileged escalation. An attacker with low-user privileges may steal password hashes and password salt information. | |||||
| CVE-2024-8568 | 1 Project Team | 1 Tmall Demo | 2024-09-16 | N/A | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, was found in Mini-Tmall up to 20240901. Affected is the function rewardMapper.select of the file tmall/admin/order/1/1. The manipulation of the argument orderBy leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-8762 | 1 Code-projects | 1 Crud Operation System | 2024-09-14 | N/A | 9.8 CRITICAL |
| A vulnerability was found in code-projects Crud Operation System 1.0. It has been classified as critical. This affects an unknown part of the file /updatedata.php. The manipulation of the argument sid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-43132 | 1 Wpwebelite | 1 Docket | 2024-09-13 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPWeb Elite Docket (WooCommerce Collections / Wishlist / Watchlist) allows SQL Injection.This issue affects Docket (WooCommerce Collections / Wishlist / Watchlist): from n/a before 1.7.0. | |||||
| CVE-2024-39658 | 1 Salonbookingsystem | 1 Salon Booking System | 2024-09-13 | N/A | 7.2 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Salon Booking System Salon booking system allows SQL Injection.This issue affects Salon booking system: from n/a through 10.7. | |||||
| CVE-2024-39653 | 1 E4jconnect | 1 Vikrentcar | 2024-09-13 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in E4J s.R.L. VikRentCar allows SQL Injection.This issue affects VikRentCar: from n/a through 1.4.0. | |||||
| CVE-2024-39638 | 1 Roundupwp | 1 Registrations For The Events Calendar | 2024-09-13 | N/A | 8.8 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Roundup WP Registrations for the Events Calendar allows SQL Injection.This issue affects Registrations for the Events Calendar: from n/a through 2.12.2. | |||||
| CVE-2024-38793 | 1 Pricelisto | 1 Great Restaurant Menu Wp | 2024-09-13 | N/A | 8.8 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in PriceListo Best Restaurant Menu by PriceListo allows SQL Injection.This issue affects Best Restaurant Menu by PriceListo: from n/a through 1.4.1. | |||||
| CVE-2024-38693 | 1 Wedevs | 1 Wp User Frontend | 2024-09-13 | N/A | 7.2 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in weDevs WP User Frontend allows SQL Injection.This issue affects WP User Frontend: from n/a through 4.0.7. | |||||
| CVE-2024-45059 | 1 Portabilis | 1 I-educar | 2024-09-13 | N/A | 8.8 HIGH |
| i-Educar is free, fully online school management software that can be used by school secretaries, teachers, coordinators, and area managers. A SQL Injection vulnerability was found prior to the 2.9 branch in the `ieducar/intranet/funcionario_vinculo_det.php` file, which creates the query by concatenating the unsanitized GET parameter `cod_func`, allowing the attacker to obtain sensitive information such as emails and password hashes. Commit 7824b95745fa2da6476b9901041d9c854bf52ffe fixes the issue. | |||||