Total
12999 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-37870 | 1 Itsourcecode | 1 Learning Management System Project In Php | 2024-08-02 | 9.8 Critical |
| SQL injection vulnerability in processscore.php in Learning Management System Project In PHP With Source Code 1.0 allows attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2024-37872 | 1 Itsourcecode | 1 Billing System | 2024-08-02 | 8.1 High |
| SQL injection vulnerability in process.php in Itsourcecode Billing System in PHP 1.0 allows remote attackers to execute arbitrary SQL commands via the username parameter. | ||||
| CVE-2024-37802 | 2 Codeprojects, Health Care Hospital Management System Project | 2 Health Care Hospital Management System, Health Care Hospital Management System | 2024-08-02 | 9.4 Critical |
| CodeProjects Health Care hospital Management System v1.0 was discovered to contain a SQL injection vulnerability in the Patient Info module via the searvalu parameter. | ||||
| CVE-2024-37799 | 1 Codeprojects | 1 Restaurant Reservation System | 2024-08-02 | 5.4 Medium |
| CodeProjects Restaurant Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the reserv_id parameter at view_reservations.php. | ||||
| CVE-2024-37871 | 1 Itsourcecode | 1 Online Discussion Forum | 2024-08-02 | 8.2 High |
| SQL injection vulnerability in login.php in Itsourcecode Online Discussion Forum Project in PHP with Source Code 1.0 allows remote attackers to execute arbitrary SQL commands via the email parameter. | ||||
| CVE-2024-37848 | 1 Itsource | 1 Online Bookstore Project | 2024-08-02 | 8.4 High |
| SQL Injection vulnerability in Online-Bookstore-Project-In-PHP v1.0 allows a local attacker to execute arbitrary code via the admin_delete.php component. | ||||
| CVE-2024-37765 | 1 Machform | 1 Machform | 2024-08-02 | 8.8 High |
| Machform up to version 19 is affected by an authenticated Blind SQL injection in the user account settings page. | ||||
| CVE-2024-37831 | 1 Itsourcecode | 1 Payroll Management System | 2024-08-02 | 9.1 Critical |
| Itsourcecode Payroll Management System 1.0 is vulnerable to SQL Injection in payroll_items.php via the ID parameter. | ||||
| CVE-2024-37843 | 1 Craftcms | 1 Craft Cms | 2024-08-02 | 7.5 High |
| Craft CMS up to v3.7.31 was discovered to contain a SQL injection vulnerability via the GraphQL API endpoint. | ||||
| CVE-2024-37857 | 1 Sourcecodester | 1 Lost And Found Information System | 2024-08-02 | 8.8 High |
| SQL Injection vulnerability in Lost and Found Information System 1.0 allows a remote attacker to escalate privileges via id parameter to php-lfis/admin/categories/view_category.php. | ||||
| CVE-2024-37840 | 1 Itsourcecode | 1 Learning Management System Project In Php | 2024-08-02 | 8.8 High |
| SQL injection vulnerability in processscore.php in Itsourcecode Learning Management System Project In PHP With Source Code v1.0 allows remote attackers to execute arbitrary SQL commands via the LessonID parameter. | ||||
| CVE-2024-37699 | 1 Softnews Media Group | 1 Datalife Engine | 2024-08-02 | 9.8 Critical |
| An issue in DataLife Engine v.17.1 and before is vulnerable to SQL Injection in dboption. | ||||
| CVE-2024-37564 | 2024-08-02 | 8.5 High | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in PayPlus LTD PayPlus Payment Gateway.This issue affects PayPlus Payment Gateway: from n/a through 7.0.7. | ||||
| CVE-2024-37393 | 1 Securenvoy | 2 Mfa, Multi-factor Authentication Solutions | 2024-08-02 | 9.8 Critical |
| Multiple LDAP injections vulnerabilities exist in SecurEnvoy MFA before 9.4.514 due to improper validation of user-supplied input. An unauthenticated remote attacker could exfiltrate data from Active Directory through blind LDAP injection attacks against the DESKTOP service exposed on the /secserver HTTP endpoint. This may include ms-Mcs-AdmPwd, which has a cleartext password for the Local Administrator Password Solution (LAPS) feature. | ||||
| CVE-2024-37381 | 1 Ivanti | 1 Endpoint Manager | 2024-08-02 | N/A |
| An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2024 flat allows an authenticated attacker within the same network to execute arbitrary code. | ||||
| CVE-2024-37252 | 1 Icegram | 1 Email Subscribers \& Newsletters | 2024-08-02 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Icegram Email Subscribers & Newsletters allows SQL Injection.This issue affects Email Subscribers & Newsletters: from n/a through 5.7.25. | ||||
| CVE-2024-37148 | 2024-08-02 | 8.1 High | ||
| GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An authenticated user can exploit a SQL injection vulnerability in some AJAX scripts to alter another user account data and take control of it. Upgrade to 10.0.16. | ||||
| CVE-2024-36837 | 1 Crmeb | 1 Crmeb | 2024-08-02 | 7.5 High |
| SQL Injection vulnerability in CRMEB v.5.2.2 allows a remote attacker to obtain sensitive information via the getProductList function in the ProductController.php file. | ||||
| CVE-2024-36840 | 2024-08-02 | 9.1 Critical | ||
| SQL Injection vulnerability in Boelter Blue System Management v.1.3 allows a remote attacker to execute arbitrary code and obtain sensitive information via the id parameter to news_details.php and location_details.php; and the section parameter to services.php. | ||||
| CVE-2024-36680 | 2024-08-02 | 7.5 High | ||
| In the module "Facebook" (pkfacebook) <=1.0.1 from Promokit.eu for PrestaShop, a guest can perform SQL injection. The ajax script facebookConnect.php have a sensitive SQL call that can be executed with a trivial http call and exploited to forge a SQL injection. | ||||