Total
13005 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-9035 | 1 Code-projects | 1 Blood Bank System | 2024-09-26 | 7.3 High |
| A vulnerability was found in code-projects Blood Bank Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/login.php of the component Admin Login. The manipulation of the argument username/password leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-9034 | 1 Code-projects | 1 Patient Code Management System | 2024-09-26 | 7.3 High |
| A vulnerability was found in code-projects Patient Record Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file login.php. The manipulation of the argument username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-9037 | 1 Codezips | 1 Internal Marks Calculation | 2024-09-26 | 7.3 High |
| A vulnerability classified as critical has been found in Codezips Internal Marks Calculation 1.0. Affected is an unknown function of the file index.php. The manipulation of the argument tid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-39843 | 1 Centreon | 1 Centreon | 2024-09-26 | 6.7 Medium |
| A SQL injection vulnerability in Centreon 24.04.2 allows a remote high-privileged attacker to execute arbitrary SQL command via create user form inputs. | ||||
| CVE-2024-7735 | 1 Exnet Informatics Software | 1 Ferry Reservation System | 2024-09-26 | N/A |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Exnet Informatics Software Ferry Reservation System allows SQL Injection.This issue affects Ferry Reservation System: before 240805-002. | ||||
| CVE-2024-39842 | 1 Centreon | 1 Centreon | 2024-09-26 | 7.2 High |
| A SQL injection vulnerability in Centreon 24.04.2 allows a remote high-privileged attacker to execute arbitrary SQL command via user massive changes inputs. | ||||
| CVE-2024-8436 | 1 Hahncgdev | 1 Wp Easy Gallery Wordpress Gallery Plugin | 2024-09-26 | 9.9 Critical |
| The WP Easy Gallery – WordPress Gallery Plugin plugin for WordPress is vulnerable to SQL Injection via the 'edit_imageId' and 'edit_imageDelete' parameters in all versions up to, and including, 4.8.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | ||||
| CVE-2023-38891 | 1 Vtiger | 1 Vtiger Crm | 2024-09-25 | 8.8 High |
| SQL injection vulnerability in Vtiger CRM v.7.5.0 allows a remote authenticated attacker to escalate privileges via the getQueryColumnsList function in ReportRun.php. | ||||
| CVE-2023-38912 | 1 Superstorefinder | 1 Php Script | 2024-09-25 | 9.8 Critical |
| SQL injection vulnerability in Super Store Finder PHP Script v.3.6 allows a remote attacker to execute arbitrary code via a crafted payload to the username parameter. | ||||
| CVE-2023-39639 | 1 Leotheme | 1 Leoblog | 2024-09-25 | 9.8 Critical |
| LeoTheme leoblog up to v3.1.2 was discovered to contain a SQL injection vulnerability via the component LeoBlogBlog::getListBlogs. | ||||
| CVE-2023-39641 | 1 Activedesign | 1 Full Affiliates | 2024-09-25 | 9.8 Critical |
| Active Design psaffiliate before v1.9.8 was discovered to contain a SQL injection vulnerability via the component PsaffiliateGetaffiliatesdetailsModuleFrontController::initContent(). | ||||
| CVE-2023-39642 | 1 Carts.guru | 1 Cartsguru | 2024-09-25 | 9.8 Critical |
| Carts Guru cartsguru up to v2.4.2 was discovered to contain a SQL injection vulnerability via the component CartsGuruCatalogModuleFrontController::display(). | ||||
| CVE-2023-40955 | 1 Didotech | 1 Engineering \& Lifecycle Management | 2024-09-25 | 8.8 High |
| A SQL injection vulnerability in Didotech srl Engineering & Lifecycle Management (aka pdm) v.14.0, v.15.0 and v.16.0 fixed in pdm-14.0.1.0.0, pdm-15.0.1.0.0, and pdm-16.0.1.0.0 allows a remote authenticated attacker to execute arbitrary code via the select parameter in models/base_client.py component. | ||||
| CVE-2023-40956 | 1 Cloudroits | 1 Wesite Job Search | 2024-09-25 | 8.8 High |
| A SQL injection vulnerability in Cloudroits Website Job Search v.15.0 allows a remote authenticated attacker to execute arbitrary code via the name parameter in controllers/main.py component. | ||||
| CVE-2023-40957 | 1 Didotech | 1 Engineering \& Lifecycle Management | 2024-09-25 | 8.8 High |
| A SQL injection vulnerability in Didotech srl Engineering & Lifecycle Management (aka pdm) v.14.0, v.15.0 and v.16.0 fixed in pdm-14.0.1.0.0, pdm-15.0.1.0.0, and pdm-16.0.1.0.0 allows a remote authenticated attacker to execute arbitrary code via the request parameter in models/base_client.py component. | ||||
| CVE-2023-40958 | 1 Didotech | 1 Engineering \& Lifecycle Management | 2024-09-25 | 8.8 High |
| A SQL injection vulnerability in Didotech srl Engineering & Lifecycle Management (aka pdm) v.14.0, v.15.0 and v.16.0 fixed in pdm-14.0.1.0.0, pdm-15.0.1.0.0, and pdm-16.0.1.0.0 allows a remote authenticated attacker to execute arbitrary code via the query parameter in models/base_client.py component. | ||||
| CVE-2023-39643 | 1 Blmodules | 1 Xmlfeeds Pro | 2024-09-25 | 9.8 Critical |
| Bl Modules xmlfeeds before v3.9.8 was discovered to contain a SQL injection vulnerability via the component SearchApiXml::Xmlfeeds(). | ||||
| CVE-2023-4766 | 1 Movus | 1 Movus | 2024-09-25 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Movus allows SQL Injection.This issue affects Movus: before 20230913. | ||||
| CVE-2023-4832 | 1 Acekaholding | 1 Company Management | 2024-09-25 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Aceka Company Management allows SQL Injection.This issue affects Company Management: before 3072 . | ||||
| CVE-2024-8945 | 2 Codecanyon, Fairsketch | 2 Rise Ultimate Project Manager, Rise Ultimate Project Manager | 2024-09-25 | 5.5 Medium |
| A vulnerability has been found in CodeCanyon RISE Ultimate Project Manager 3.7.0 and classified as critical. This vulnerability affects unknown code of the file /index.php/dashboard/save. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. | ||||