Total
14188 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-4949 | 1 Esri | 1 Arcgis Server | 2024-07-11 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in ESRI ArcGIS 10.1 allows remote authenticated users to execute arbitrary SQL commands via the where parameter to a query URI for a REST service. | |||||
| CVE-2024-5606 | 1 Expresstech | 1 Quiz And Survey Master | 2024-07-08 | N/A | 8.8 HIGH |
| The Quiz and Survey Master (QSM) WordPress plugin before 9.0.2 is vulnerable does not validate and escape the question_id parameter in the qsm_bulk_delete_question_from_database AJAX action, leading to a SQL injection exploitable by Contributors and above role | |||||
| CVE-2023-45830 | 1 Adaplugin | 1 Accessibility Suite By Online Ada | 2024-07-08 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Online ADA Accessibility Suite by Online ADA allows SQL Injection.This issue affects Accessibility Suite by Online ADA: from n/a through 4.12. | |||||
| CVE-2024-3704 | 2024-07-05 | N/A | N/A | ||
| SQL Injection Vulnerability has been found on OpenGnsys product affecting version 1.1.1d (Espeto). This vulnerability allows an attacker to inject malicious SQL code into login page to bypass it or even retrieve all the information stored in the database. | |||||
| CVE-2024-6172 | 1 Icegram | 1 Email Subscribers \& Newsletters | 2024-07-03 | N/A | 9.8 CRITICAL |
| The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to time-based SQL Injection via the db parameter in all versions up to, and including, 5.7.25 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | |||||
| CVE-2024-6452 | 2024-07-03 | N/A | N/A | ||
| A vulnerability classified as critical was found in linlinjava litemall up to 1.8.0. Affected by this vulnerability is an unknown functionality of the file AdminGoodscontroller.java. The manipulation of the argument goodsId/goodsSn/name leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-270235. | |||||
| CVE-2024-4145 | 1 Wp-media | 1 Search \& Replace | 2024-07-03 | N/A | 7.2 HIGH |
| The Search & Replace WordPress plugin before 3.2.2 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks (such as within a multi-site network). | |||||
| CVE-2024-36837 | 1 Crmeb | 1 Crmeb | 2024-07-03 | N/A | 7.5 HIGH |
| SQL Injection vulnerability in CRMEB v.5.2.2 allows a remote attacker to obtain sensitive information via the getProductList function in the ProductController.php file. | |||||
| CVE-2024-0253 | 1 Zohocorp | 1 Manageengine Adaudit Plus | 2024-07-03 | N/A | 8.8 HIGH |
| ManageEngine ADAudit Plus versions 7270 and below are vulnerable to the Authenticated SQL injection in home Graph-Data. | |||||
| CVE-2024-1100 | 2024-07-03 | N/A | N/A | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Vadi Corporate Information Systems DIGIKENT GIS allows SQL Injection.This issue affects DIGIKENT GIS: through 2.23.5. | |||||
| CVE-2024-0269 | 1 Zohocorp | 1 Manageengine Adaudit Plus | 2024-07-03 | N/A | 8.8 HIGH |
| ManageEngine ADAudit Plus versions 7270 and below are vulnerable to the Authenticated SQL injection in File-Summary DrillDown. This issue has been fixed and released in version 7271. | |||||
| CVE-2023-28329 | 1 Moodle | 1 Moodle | 2024-07-03 | N/A | 8.8 HIGH |
| Insufficient validation of profile field availability condition resulted in an SQL injection risk (by default only available to teachers and managers). | |||||
| CVE-2022-46966 | 1 Revenue Collection System Project | 1 Revenue Collection System | 2024-07-03 | N/A | 9.8 CRITICAL |
| Revenue Collection System v1.0 was discovered to contain a SQL injection vulnerability at step1.php. | |||||
| CVE-2022-43279 | 1 Limesurvey | 1 Limesurvey | 2024-07-03 | N/A | 7.2 HIGH |
| LimeSurvey before v5.0.4 was discovered to contain a SQL injection vulnerability via the component /application/views/themeOptions/update.php. | |||||
| CVE-2024-6440 | 1 Home Owners Collection Management System Project | 1 Home Owners Collection Management System | 2024-07-02 | N/A | 9.8 CRITICAL |
| A vulnerability was found in SourceCodester Home Owners Collection Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /classes/Master.php?f=delete_category. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-270168. | |||||
| CVE-2024-6438 | 1 Hitout | 1 Carsale | 2024-07-02 | N/A | 6.5 MEDIUM |
| A vulnerability has been found in Hitout Carsale 1.0 and classified as critical. This vulnerability affects unknown code of the file OrderController.java. The manipulation of the argument orderBy leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-270166 is the identifier assigned to this vulnerability. | |||||
| CVE-2024-4228 | 2024-06-27 | N/A | 9.8 CRITICAL | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'), CWE - 200 - Exposure of Sensitive Information to an Unauthorized Actor, CWE - 522 - Insufficiently Protected Credentials vulnerability in Magarsus Consultancy SSO (Single Sign On) allows SQL Injection.This issue affects SSO (Single Sign On): from 1.0 before 1.1. | |||||
| CVE-2024-37252 | 2024-06-26 | N/A | N/A | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Icegram Email Subscribers & Newsletters allows SQL Injection.This issue affects Email Subscribers & Newsletters: from n/a through 5.7.25. | |||||
| CVE-2024-21514 | 1 Opencart | 1 Opencart | 2024-06-24 | N/A | 8.1 HIGH |
| This affects versions of the package opencart/opencart from 0.0.0. An SQL Injection issue was identified in the Divido payment extension for OpenCart, which is included by default in version 3.0.3.9. As an anonymous unauthenticated user, if the Divido payment module is installed (it does not have to be enabled), it is possible to exploit SQL injection to gain unauthorised access to the backend database. For any site which is vulnerable, any unauthenticated user could exploit this to dump the entire OpenCart database, including customer PII data. | |||||
| CVE-2024-6241 | 1 Pearadmin | 1 Pear Admin Boot | 2024-06-24 | N/A | 9.8 CRITICAL |
| A vulnerability was found in Pear Admin Boot up to 2.0.2 and classified as critical. This issue affects the function getDictItems of the file /system/dictData/getDictItems/. The manipulation with the input ,user(),1,1 leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-269375. | |||||