Search Results (37096 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-39324 1 Aimeos 1 Ai-admin-graphql 2024-11-21 3.8 Low
aimeos/ai-admin-graphql is the Aimeos GraphQL API admin interface. Starting in version 2022.04.1 and prior to versions 2022.10.10, 2023.10.6, and 2024.4.2, improper access control allows a editors to manage own services via GraphQL API which isn't allowed in the JQAdm front end. Versions 2022.10.10, 2023.10.6, and 2024.4.2 contain a patch for the issue.
CVE-2024-39322 1 Aimeos Project 1 Ai-controller-frontend 2024-11-21 5.5 Medium
aimeos/ai-admin-jsonadm is the Aimeos e-commerce JSON API for administrative tasks. In versions prior to 2020.10.13, 2021.10.6, 2022.10.3, 2023.10.4, and 2024.4.2, improper access control allows editors to remove admin group and locale configuration in the Aimeos backend. Versions 2020.10.13, 2021.10.6, 2022.10.3, 2023.10.4, and 2024.4.2 contain a fix for the issue.
CVE-2024-39304 1 Churchcrm 1 Churchcrm 2024-11-21 8.8 High
ChurchCRM is an open-source church management system. Versions of the application prior to 5.9.2 are vulnerable to an authenticated SQL injection due to an improper sanitization of user input. Authentication is required, but no elevated privileges are necessary. This allows attackers to inject SQL statements directly into the database query due to inadequate sanitization of the EID parameter in in a GET request to `/GetText.php`. Version 5.9.2 patches the issue.
CVE-2024-38872 1 Zohocorp 1 Manageengine Exchange Reporter Plus 2024-11-21 8.3 High
Zohocorp ManageEngine Exchange Reporter Plus versions 5717 and below are vulnerable to the authenticated SQL injection in the monitoring module.
CVE-2024-38871 1 Zohocorp 1 Manageengine Exchange Reporter Plus 2024-11-21 8.3 High
Zohocorp ManageEngine Exchange Reporter Plus versions 5717 and below are vulnerable to the authenticated SQL injection in the reports module.
CVE-2024-38773 1 Formlift 1 Formlift For Infusionsoft Web Forms 2024-11-21 9.3 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Adrian Tobey FormLift for Infusionsoft Web Forms allows Blind SQL Injection.This issue affects FormLift for Infusionsoft Web Forms: from n/a through 7.5.17.
CVE-2024-38755 1 Designinvento 1 Directorypress 2024-11-21 8.5 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Designinvento DirectoryPress allows SQL Injection.This issue affects DirectoryPress: from n/a through 3.6.10.
CVE-2024-38692 1 Spiffyplugins 1 Spiffy Calendar 2024-11-21 7.6 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Spiffy Plugins Spiffy Calendar allows SQL Injection.This issue affects Spiffy Calendar: from n/a through 4.9.11.
CVE-2024-38506 1 Jetbrains 1 Youtrack 2024-11-21 6.3 Medium
In JetBrains YouTrack before 2024.2.34646 user without appropriate permissions could enable the auto-attach option for workflows
CVE-2024-38504 1 Jetbrains 1 Youtrack 2024-11-21 4.3 Medium
In JetBrains YouTrack before 2024.2.34646 the Guest User Account was enabled for attaching files to articles
CVE-2024-38369 1 Xwiki 1 Xwiki 2024-11-21 10 Critical
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The content of a document included using `{{include reference="targetdocument"/}}` is executed with the right of the includer and not with the right of its author. This means that any user able to modify the target document can impersonate the author of the content which used the `include` macro. This vulnerability has been patched in XWiki 15.0 RC1 by making the default behavior safe.
CVE-2024-38348 2 Code-projects, Health Care Hospital Management System Project 2 Health Care Hospital Management System, Health Care Hospital Management System 2024-11-21 6.5 Medium
CodeProjects Health Care hospital Management System v1.0 was discovered to contain a SQL injection vulnerability in the Staff Info module via the searvalu parameter.
CVE-2024-38347 2 Codeprojects, Health Care Hospital Management System Project 2 Health Care Hospital Management System, Health Care Hospital Management System 2024-11-21 8.8 High
CodeProjects Health Care hospital Management System v1.0 was discovered to contain a SQL injection vulnerability in the Room Information module via the id parameter.
CVE-2024-38329 1 Ibm 1 Storage Protect For Virtual Environments 2024-11-21 7.7 High
IBM Storage Protect for Virtual Environments: Data Protection for VMware 8.1.0.0 through 8.1.22.0 could allow a remote authenticated attacker to bypass security restrictions, caused by improper validation of user permission. By sending a specially crafted request, an attacker could exploit this vulnerability to change its settings, trigger backups, restore backups, and also delete all previous backups via log rotation. IBM X-Force ID: 294994.
CVE-2024-38289 2 R-hub, Rhubcom 2 Turbomeeting, Turbomeeting 2024-11-21 9.8 Critical
A boolean-based SQL injection issue in the Virtual Meeting Password (VMP) endpoint in R-HUB TurboMeeting through 8.x allows unauthenticated remote attackers to extract hashed passwords from the database, and authenticate to the application, via crafted SQL input.
CVE-2024-37873 2 Itsourcecode, Payroll Management System Project 2 Payroll Management System Project In Php With Source Code, Payroll Management System 2024-11-21 9.1 Critical
SQL injection vulnerability in view_payslip.php in Itsourcecode Payroll Management System Project In PHP With Source Code 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2024-37849 1 Itsourcecode 1 Billing System 2024-11-21 9.8 Critical
A SQL Injection vulnerability in itsourcecode Billing System 1.0 allows a local attacker to execute arbitrary code in process.php via the username parameter.
CVE-2024-37843 1 Craftcms 1 Craft Cms 2024-11-21 7.5 High
Craft CMS up to v3.7.31 was discovered to contain a SQL injection vulnerability via the GraphQL API endpoint.
CVE-2024-37831 1 Itsourcecode 1 Payroll Management System 2024-11-21 9.1 Critical
Itsourcecode Payroll Management System 1.0 is vulnerable to SQL Injection in payroll_items.php via the ID parameter.
CVE-2024-37802 2 Codeprojects, Health Care Hospital Management System Project 2 Health Care Hospital Management System, Health Care Hospital Management System 2024-11-21 9.4 Critical
CodeProjects Health Care hospital Management System v1.0 was discovered to contain a SQL injection vulnerability in the Patient Info module via the searvalu parameter.