Total
12999 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-47849 | 2 Mediawiki, Wikimedia | 2 Cargo, Mediawiki-cargo | 2024-10-16 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in The Wikimedia Foundation Mediawiki - Cargo allows SQL Injection.This issue affects Mediawiki - Cargo: from 3.6.X before 3.6.1. | ||||
| CVE-2023-3522 | 1 A2technology | 1 License Portal System | 2024-10-16 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in a2 License Portal System allows SQL Injection.This issue affects License Portal System: before 1.48. | ||||
| CVE-2024-48253 | 1 Magicbug | 1 Cloudlog | 2024-10-16 | 7.3 High |
| Cloudlog 2.6.15 allows Oqrs.php delete_oqrs_line id SQL injection. | ||||
| CVE-2024-48255 | 1 Magicbug | 1 Cloudlog | 2024-10-16 | 7.3 High |
| Cloudlog 2.6.15 allows Oqrs.php get_station_info station_id SQL injection. | ||||
| CVE-2024-48257 | 1 Wavelog | 1 Wavelog | 2024-10-16 | 7.3 High |
| Wavelog 1.8.5 allows Oqrs_model.php get_worked_modes station_id SQL injectioin. | ||||
| CVE-2023-3820 | 1 Pimcore | 1 Pimcore | 2024-10-16 | 7.2 High |
| SQL Injection in GitHub repository pimcore/pimcore prior to 10.6.4. | ||||
| CVE-2020-12104 | 1 Internet-formation | 1 Wp-advanced-search | 2024-10-16 | 8.8 High |
| The Import feature in the wp-advanced-search plugin 3.3.6 for WordPress is vulnerable to authenticated SQL injection via an uploaded .sql file. An attacker can use this to execute SQL commands without any validation. | ||||
| CVE-2024-9976 | 1 Code-projects | 1 Pharmacy Management System | 2024-10-16 | 6.3 Medium |
| A vulnerability classified as critical has been found in code-projects Pharmacy Management System 1.0. This affects an unknown part of the file /php/manage_customer.php?action=search. The manipulation of the argument text leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-8630 | 1 Alisonic | 2 Sibylla, Sibylla Firmware | 2024-10-16 | 9.4 Critical |
| Alisonic Sibylla devices are vulnerable to SQL injection attacks, which could allow complete access to the database. | ||||
| CVE-2023-22583 | 1 Danfoss | 2 Ak-em100, Ak-em100 Firmware | 2024-10-16 | 10 Critical |
| The Danfoss AK-EM100 web forms allow for SQL injection in the login forms. | ||||
| CVE-2023-3859 | 1 Phpscriptpoint | 1 Car Listing | 2024-10-15 | 6.3 Medium |
| A vulnerability was found in phpscriptpoint Car Listing 1.6 and classified as critical. This issue affects some unknown processing of the file /search.php of the component GET Parameter Handler. The manipulation of the argument brand_id/model_id/car_condition/car_category_id/body_type_id/fuel_type_id/transmission_type_id/year/mileage_start/mileage_end/country/state/city leads to sql injection. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-235211. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-48259 | 1 Magicbug | 1 Cloudlog | 2024-10-15 | 7.3 High |
| Cloudlog 2.6.15 allows Oqrs.php request_form SQL injection via station_id or callsign. | ||||
| CVE-2023-36189 | 1 Langchain | 1 Langchain | 2024-10-15 | 7.5 High |
| SQL injection vulnerability in langchain before v0.0.247 allows a remote attacker to obtain sensitive information via the SQLDatabaseChain component. | ||||
| CVE-2023-31038 | 1 Apache | 1 Log4cxx | 2024-10-15 | 8.8 High |
| SQL injection in Log4cxx when using the ODBC appender to send log messages to a database. No fields sent to the database were properly escaped for SQL injection. This has been the case since at least version 0.9.0(released 2003-08-06) Note that Log4cxx is a C++ framework, so only C++ applications are affected. Before version 1.1.0, the ODBC appender was automatically part of Log4cxx if the library was found when compiling the library. As of version 1.1.0, this must be both explicitly enabled in order to be compiled in. Three preconditions must be met for this vulnerability to be possible: 1. Log4cxx compiled with ODBC support(before version 1.1.0, this was auto-detected at compile time) 2. ODBCAppender enabled for logging messages to, generally done via a config file 3. User input is logged at some point. If your application does not have user input, it is unlikely to be affected. Users are recommended to upgrade to version 1.1.0 which properly binds the parameters to the SQL statement, or migrate to the new DBAppender class which supports an ODBC connection in addition to other databases. Note that this fix does require a configuration file update, as the old configuration files will not configure properly. An example is shown below, and more information may be found in the Log4cxx documentation on the ODBCAppender. Example of old configuration snippet: <appender name="SqlODBCAppender" class="ODBCAppender"> <param name="sql" value="INSERT INTO logs (message) VALUES ('%m')" /> ... other params here ... </appender> The migrated configuration snippet with new ColumnMapping parameters: <appender name="SqlODBCAppender" class="ODBCAppender"> <param name="sql" value="INSERT INTO logs (message) VALUES (?)" /> <param name="ColumnMapping" value="message"/> ... other params here ... </appender> | ||||
| CVE-2024-9974 | 2 Oretnom23, Sourcecodester | 2 Online Eyewear Shop, Online Eyewear Shop | 2024-10-15 | 6.3 Medium |
| A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file classes/Master.php?f=add_to_card of the component POST Request Handler. The manipulation of the argument product_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-9973 | 2 Oretnom23, Sourcecodester | 2 Online Eyewear Shop, Online Eyewear Shop | 2024-10-15 | 6.3 Medium |
| A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/?page=reports of the component Report Viewing Page. The manipulation of the argument date leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-9813 | 1 Codezips | 1 Pharmacy Management System | 2024-10-15 | 7.3 High |
| A vulnerability, which was classified as critical, has been found in Codezips Pharmacy Management System 1.0. This issue affects some unknown processing of the file product/register.php. The manipulation of the argument category leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-9812 | 1 Code-projects | 1 Crud Operation System | 2024-10-15 | 7.3 High |
| A vulnerability classified as critical was found in code-projects Crud Operation System 1.0. This vulnerability affects unknown code of the file delete.php. The manipulation of the argument sid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-9811 | 2 Code-projects, Restaurant Reservation System Project | 2 Restaurant Reservation System, Restaurant Reservation System | 2024-10-15 | 7.3 High |
| A vulnerability classified as critical has been found in code-projects Restaurant Reservation System 1.0. This affects an unknown part of the file filter3.php. The manipulation of the argument company leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2023-3875 | 1 Campcodes | 1 Beauty Salon Management System | 2024-10-15 | 6.3 Medium |
| A vulnerability has been found in Campcodes Beauty Salon Management System 0.1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/del_feedback.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-235237 was assigned to this vulnerability. | ||||