Total
14188 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-38788 | 1 Uipress | 1 Uipress Lite | 2024-08-02 | N/A | 7.2 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in B?i Admin 2020 UiPress lite allows SQL Injection.This issue affects UiPress lite: from n/a through 3.4.06. | |||||
| CVE-2024-37831 | 1 Itsourcecode | 1 Payroll Management System | 2024-08-01 | N/A | 9.8 CRITICAL |
| Itsourcecode Payroll Management System 1.0 is vulnerable to SQL Injection in payroll_items.php via the ID parameter. | |||||
| CVE-2024-3604 | 1 Hyumika | 1 Openstreetmap | 2024-08-01 | N/A | 8.8 HIGH |
| The OSM – OpenStreetMap plugin for WordPress is vulnerable to SQL Injection via the 'tagged_filter' attribute of the 'osm_map_v3' shortcode in all versions up to, and including, 6.0.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | |||||
| CVE-2024-6265 | 1 Ayecode | 1 Userswp | 2024-08-01 | N/A | 9.8 CRITICAL |
| The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the ‘uwp_sort_by’ parameter in all versions up to, and including, 1.2.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | |||||
| CVE-2024-6205 | 1 Payplus | 1 Payplus Payment Gateway | 2024-08-01 | N/A | 9.8 CRITICAL |
| The PayPlus Payment Gateway WordPress plugin before 6.6.9 does not properly sanitise and escape a parameter before using it in a SQL statement via a WooCommerce API route available to unauthenticated users, leading to an SQL injection vulnerability. | |||||
| CVE-2024-41551 | 1 Campcodes | 1 Supplier Management System | 2024-08-01 | N/A | 9.8 CRITICAL |
| CampCodes Supplier Management System v1.0 is vulnerable to SQL injection via Supply_Management_System/admin/view_order_items.php?id= . | |||||
| CVE-2024-40541 | 1 Codermy | 1 My-springsecurity-plus | 2024-08-01 | N/A | 9.8 CRITICAL |
| my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /api/dept/build. | |||||
| CVE-2024-40539 | 1 Codermy | 1 My-springsecurity-plus | 2024-08-01 | N/A | 9.8 CRITICAL |
| my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /api/user. | |||||
| CVE-2024-40542 | 1 Codermy | 1 My-springsecurity-plus | 2024-08-01 | N/A | 9.8 CRITICAL |
| my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /api/role?offset. | |||||
| CVE-2024-40540 | 1 Codermy | 1 My-springsecurity-plus | 2024-08-01 | N/A | 9.8 CRITICAL |
| my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /api/dept. | |||||
| CVE-2024-3816 | 1 Conceptintermedia | 1 S\@m Cms | 2024-08-01 | N/A | 9.8 CRITICAL |
| Sites managed in S@M CMS (Concept Intermedia) might be vulnerable to a blind SQL Injection executed using the search bar. Only a part of observed services is vulnerable, but since vendor has not investigated the root problem, it is hard to determine when the issue appears. | |||||
| CVE-2024-38347 | 1 Health Care Hospital Management System Project | 1 Health Care Hospital Management System | 2024-08-01 | N/A | 8.8 HIGH |
| CodeProjects Health Care hospital Management System v1.0 was discovered to contain a SQL injection vulnerability in the Room Information module via the id parameter. | |||||
| CVE-2024-37843 | 1 Craftcms | 1 Craft Cms | 2024-08-01 | N/A | 9.8 CRITICAL |
| Craft CMS up to v3.7.31 was discovered to contain a SQL injection vulnerability via the GraphQL API endpoint. | |||||
| CVE-2024-6193 | 1 Itsourcecode | 1 Vehicle Management System Project In Php And Mysql With Source Code | 2024-08-01 | N/A | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, has been found in itsourcecode Vehicle Management System 1.0. This issue affects some unknown processing of the file driverprofile.php. The manipulation of the argument driverid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-269165 was assigned to this vulnerability. | |||||
| CVE-2024-35349 | 1 Dino Physics School Assistant Project | 1 Dino Physics School Assistant | 2024-08-01 | N/A | 9.8 CRITICAL |
| A vulnerability has been discovered in Diño Physics School Assistant version 2.3. The vulnerability impacts an unidentified code within the file /admin/category/view_category.php. Manipulating the argument id can result in SQL injection. | |||||
| CVE-2024-6194 | 1 Itsourcecode | 1 Tailoring Management System In Php With Source Code | 2024-08-01 | N/A | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, was found in itsourcecode Tailoring Management System 1.0. Affected is an unknown function of the file editmeasurement.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-269166 is the identifier assigned to this vulnerability. | |||||
| CVE-2024-6195 | 1 Itsourcecode | 1 Tailoring Management System In Php With Source Code | 2024-08-01 | N/A | 9.8 CRITICAL |
| A vulnerability has been found in itsourcecode Tailoring Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file orderadd.php. The manipulation of the argument customer leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-269167. | |||||
| CVE-2024-6196 | 1 Itsourcecode | 1 Banking Management System Project In Php | 2024-08-01 | N/A | 9.8 CRITICAL |
| A vulnerability was found in itsourcecode Banking Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file admin_class.php. The manipulation of the argument username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-269168. | |||||
| CVE-2024-24017 | 1 Xxyopen | 1 Novel-plus | 2024-08-01 | N/A | 9.8 CRITICAL |
| A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass crafted offset, limit, and sort parameters to perform SQL injection via /common/dict/list | |||||
| CVE-2023-33584 | 1 Enrollment System Project | 1 Enrollment System | 2024-08-01 | N/A | 9.8 CRITICAL |
| Sourcecodester Enrollment System Project V1.0 is vulnerable to SQL Injection (SQLI) attacks, which allow an attacker to manipulate the SQL queries executed by the application. The application fails to properly validate user-supplied input in the username and password fields during the login process, enabling an attacker to inject malicious SQL code. | |||||