Total
12997 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-48226 | 1 Funadmin | 1 Funadmin | 2024-10-31 | 9.8 Critical |
Funadmin 5.0.2 is vulnerable to SQL Injection in curd/table/savefield. | ||||
CVE-2023-24204 | 2024-10-31 | 5.4 Medium | ||
SQL injection vulnerability in SourceCodester Simple Customer Relationship Management System v1.0 allows attacker to execute arbitrary code via the name parameter in get-quote.php. | ||||
CVE-2024-50479 | 1 Mansurahamed | 1 Woocommerce Quote Calculator | 2024-10-31 | 9.3 Critical |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mansur Ahamed Woocommerce Quote Calculator allows Blind SQL Injection.This issue affects Woocommerce Quote Calculator: from n/a through 1.1. | ||||
CVE-2024-10449 | 1 Codezips | 1 Hospital Appointment System | 2024-10-31 | 7.3 High |
A vulnerability, which was classified as critical, was found in Codezips Hospital Appointment System 1.0. This affects an unknown part of the file /loginAction.php. The manipulation of the argument Username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
CVE-2024-50465 | 1 Squirrly | 1 Premium Seo Pack | 2024-10-31 | 8.5 High |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP SEO – Calin Vingan Premium SEO Pack allows SQL Injection.This issue affects Premium SEO Pack: from n/a through 1.6.001. | ||||
CVE-2024-10447 | 1 Projectworlds | 1 Online Time Table Generator | 2024-10-31 | 6.3 Medium |
A vulnerability classified as critical was found in Project Worlds Online Time Table Generator 1.0. Affected by this vulnerability is an unknown functionality of the file /timetable/staff/staffdashboard.php?info=updateprofile. The manipulation of the argument n leads to sql injection. The attack can be launched remotely. | ||||
CVE-2024-10440 | 2 Sun.net, Sunnet | 2 Ehdr Ctms, Ehrd Ctms | 2024-10-31 | 9.8 Critical |
The eHDR CTMS from Sunnet has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL command to read, modify, and delete database contents. | ||||
CVE-2024-48427 | 2 Oretnom23, Sourcecodester | 2 Packers And Movers Management System, Packers And Movers Management System | 2024-10-31 | 8.1 High |
A SQL injection vulnerability in Sourcecodester Packers and Movers Management System v1.0 allows remote authenticated users to execute arbitrary SQL commands via the id parameter in /mpms/admin/?page=services/manage_service&id | ||||
CVE-2024-47483 | 1 Dell | 1 Data Lakehouse | 2024-10-31 | 2.9 Low |
Dell Data Lakehouse, version(s) 1.0.0.0 and 1.1.0.0, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Information disclosure. | ||||
CVE-2024-10378 | 1 Esafenet | 1 Cdg | 2024-10-30 | 6.3 Medium |
A vulnerability classified as critical has been found in ESAFENET CDG 5. Affected is the function actionViewCDGRenewFile of the file /com/esafenet/servlet/client/CDGRenewApplicationService.java. The manipulation of the argument CDGRenewFileId leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
CVE-2019-25218 | 1 I13websolution | 1 Photo Gallery Slideshow \& Masonry Tiled Gallery | 2024-10-30 | 4.9 Medium |
The Photo Gallery Slideshow & Masonry Tiled Gallery plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 1.0.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | ||||
CVE-2024-10129 | 2 Hfo4, Shudong-share Project | 2 Shudong-share, Shudong-share | 2024-10-30 | 6.3 Medium |
A vulnerability classified as critical has been found in HFO4 shudong-share up to 2.4.7. This affects an unknown part of the file /includes/create_share.php of the component Share Handler. The manipulation of the argument fkey leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
CVE-2024-36082 | 1 Codepeople | 1 Music Store | 2024-10-30 | 6.5 Medium |
SQL injection vulnerability in Music Store - WordPress eCommerce versions prior to 1.1.14 allows a remote authenticated attacker with an administrative privilege to execute arbitrary SQL commands. Information stored in the database may be obtained or altered by the attacker. | ||||
CVE-2024-10430 | 1 Codezips | 1 Pet Shop Management System | 2024-10-30 | 7.3 High |
A vulnerability, which was classified as critical, has been found in Codezips Pet Shop Management System 1.0. This issue affects some unknown processing of the file /animalsupdate.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
CVE-2024-10432 | 1 Projectworlds | 2 Simple Web-based Chat Application, Simple Web Based Chat Application | 2024-10-30 | 7.3 High |
A vulnerability has been found in Project Worlds Simple Web-Based Chat Application 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
CVE-2024-48465 | 1 Mrbs | 1 Mrbs | 2024-10-30 | 9.8 Critical |
The MRBS version 1.5.0 has an SQL injection vulnerability in the edit_entry_handler.php file, specifically in the rooms%5B%5D parameter | ||||
CVE-2023-37472 | 1 Eng | 1 Knowage | 2024-10-30 | 7.7 High |
Knowage is an open source suite for business analytics. The application often use user supplied data to create HQL queries without prior sanitization. An attacker can create specially crafted HQL queries that will break subsequent SQL queries generated by the Hibernate engine. The endpoint `_/knowage/restful-services/2.0/documents/listDocument_` calls the `_countBIObjects_` method of the `_BIObjectDAOHibImpl_` object with the user supplied `_label_` parameter without prior sanitization. This can lead to SQL injection in the backing database. Other injections have been identified in the application as well. An authenticated attacker with low privileges could leverage this vulnerability in order to retrieve sensitive information from the database, such as account credentials or business information. This issue has been addressed in version 8.1.8. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
CVE-2024-10427 | 1 Codezips | 1 Pet Shop Management System | 2024-10-30 | 6.3 Medium |
A vulnerability was found in Codezips Pet Shop Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /deleteanimal.php. The manipulation of the argument t1 leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory mentions the parameter "refno" to be affected. But further inspection indicates that the name of the affected parameter is "t1". | ||||
CVE-2024-10426 | 1 Codezips | 1 Pet Shop Management System | 2024-10-30 | 6.3 Medium |
A vulnerability was found in Codezips Pet Shop Management System 1.0. It has been classified as critical. This affects an unknown part of the file /animalsadd.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory mentions the parameter "refno" to be affected. But further inspection indicates that the name of the affected parameter is "id". | ||||
CVE-2024-10431 | 1 Codezips | 1 Pet Shop Management System | 2024-10-30 | 7.3 High |
A vulnerability, which was classified as critical, was found in Codezips Pet Shop Management System 1.0. Affected is an unknown function of the file /deletebird.php. The manipulation of the argument t1 leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. |