Total
12999 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-49681 | 1 Swit | 1 Wp Sessions Time Monitoring Full Automatic | 2024-10-25 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SWIT WP Sessions Time Monitoring Full Automatic allows SQL Injection.This issue affects WP Sessions Time Monitoring Full Automatic: from n/a through 1.0.9. | ||||
| CVE-2024-5608 | 1 Manageengine | 1 Adaudit Plus | 2024-10-25 | 8.3 High |
| Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to SQL Injection in the technician reports feature. | ||||
| CVE-2024-46257 | 1 Nginxproxymanager | 1 Nginx Proxy Manager | 2024-10-24 | 6.3 Medium |
| A Command injection vulnerability in requestLetsEncryptSslWithDnsChallenge in NginxProxyManager 2.11.3 allows an attacker to achieve remote code execution via Add Let's Encrypt Certificate. NOTE: this is not part of any NGINX software shipped by F5. | ||||
| CVE-2023-26217 | 1 Tibco | 1 Ebx Add-ons | 2024-10-24 | 8.8 High |
| The Data Exchange Add-on component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains an easily exploitable vulnerability that allows a low privileged user with import permissions and network access to the EBX server to execute arbitrary SQL statements on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO EBX Add-ons: versions 4.5.17 and below, versions 5.6.2 and below, version 6.1.0. | ||||
| CVE-2023-37165 | 1 Millhouse-project Project | 1 Millhouse-project | 2024-10-24 | 9.8 Critical |
| Millhouse-Project v1.414 was discovered to contain a remote code execution (RCE) vulnerability via the component /add_post_sql.php. | ||||
| CVE-2024-49612 | 1 Infotuts | 1 Sw Contact Form | 2024-10-24 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Infotuts SW Contact Form allows Blind SQL Injection.This issue affects SW Contact Form: from n/a through 1.0. | ||||
| CVE-2024-0466 | 1 Code-projects | 1 Employee Profile Management System | 2024-10-24 | 5.5 Medium |
| A vulnerability, which was classified as critical, has been found in code-projects Employee Profile Management System 1.0. This issue affects some unknown processing of the file file_table.php. The manipulation of the argument per_id leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250571. | ||||
| CVE-2024-49609 | 1 Brandonwhite | 1 Author Discussion | 2024-10-24 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Brandon White Author Discussion allows Blind SQL Injection.This issue affects Author Discussion: from n/a through 0.2.2. | ||||
| CVE-2024-0502 | 1 Oretnom23 | 1 House Rental Management System | 2024-10-24 | 4.7 Medium |
| A vulnerability was found in SourceCodester House Rental Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file manage_user.php of the component Edit User. The manipulation of the argument id/name/username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-250610 is the identifier assigned to this vulnerability. | ||||
| CVE-2024-0528 | 1 Cxbsoft | 1 Post-office | 2024-10-24 | 5.5 Medium |
| A vulnerability, which was classified as critical, was found in CXBSoft Post-Office 1.0. Affected is an unknown function of the file /admin/pages/update_go.php of the component HTTP POST Request Handler. The manipulation of the argument version leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-250698 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-6441 | 1 Unipa | 1 University Information System | 2024-10-24 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in UNI-PA University Marketing & Computer Internet Trade Inc. University Information System allows SQL Injection.This issue affects University Information System: before 12.12.2023. | ||||
| CVE-2024-47325 | 1 Themeisle | 1 Multiple Page Generator | 2024-10-24 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeisle Multiple Page Generator Plugin – MPG allows SQL Injection.This issue affects Multiple Page Generator Plugin – MPG: from n/a through 3.4.7. | ||||
| CVE-2024-48657 | 2 Itsourcecode, Princelycesar | 2 Hospital Management System, Hospital Management System | 2024-10-24 | 8.1 High |
| SQL Injection vulnerability in hospital management system in php with source code v.1.0.0 allows a remote attacker to execute arbitrary code. | ||||
| CVE-2024-10195 | 1 Tecno-mobile | 2 4g Portable Wifi Tr118, 4g Portable Wifi Tr118 Firmware | 2024-10-24 | 4.7 Medium |
| A vulnerability was found in Tecno 4G Portable WiFi TR118 V008-20220830. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /goform/goform_get_cmd_process of the component SMS Check. The manipulation of the argument order_by leads to sql injection. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-49623 | 1 Hasanmovahed | 1 Duplicate Title Validate | 2024-10-24 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Hasan Movahed Duplicate Title Validate allows Blind SQL Injection.This issue affects Duplicate Title Validate: from n/a through 1.0. | ||||
| CVE-2024-8625 | 2 Pollbytotalsoft, Total-soft | 2 Ts Poll, Ts Poll | 2024-10-24 | 7.2 High |
| The TS Poll WordPress plugin before 2.4.0 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks | ||||
| CVE-2024-47328 | 1 Funnelkit | 1 Funnelkit Automations | 2024-10-24 | 7.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in FunnelKit Automation By Autonami allows SQL Injection.This issue affects Automation By Autonami: from n/a through 3.1.2. | ||||
| CVE-2024-9921 | 1 Teamplus | 2 Team\+, Team\+ Pro | 2024-10-24 | 9.8 Critical |
| The Team+ from TEAMPLUS TECHNOLOGY does not properly validate specific page parameter, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify and delete database contents. | ||||
| CVE-2023-37361 | 1 Vanderbilt | 1 Redcap | 2024-10-23 | 2.7 Low |
| REDCap 12.0.26 LTS and 12.3.2 Standard allows SQL Injection via scheduling, repeatforms, purpose, app_title, or randomization. | ||||
| CVE-2023-3046 | 1 Biltay | 1 Scienta | 2024-10-23 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Biltay Technology Scienta allows SQL Injection.This issue affects Scienta: before 20230630.1953. | ||||