Total
12999 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-34992 | 2024-08-02 | 8.8 High | ||
| SQL Injection vulnerability in the module "Help Desk - Customer Support Management System" (helpdesk) up to version 2.4.0 from FME Modules for PrestaShop allows attackers to obtain sensitive information and cause other impacts via 'Tickets::getsearchedtickets()' | ||||
| CVE-2024-34988 | 2024-08-02 | 9.8 Critical | ||
| SQL injection vulnerability in the module "Complete for Create a Quote in Frontend + Backend Pro" (askforaquotemodul) <= 1.0.51 from Buy Addons for PrestaShop allows attackers to view sensitive information and cause other impacts via methods `AskforaquotemodulcustomernewquoteModuleFrontController::run()`, `AskforaquotemoduladdproductnewquoteModuleFrontController::run()`, `AskforaquotemodulCouponcodeModuleFrontController::run()`, `AskforaquotemodulgetshippingcostModuleFrontController::run()`, `AskforaquotemodulgetstateModuleFrontController::run().` | ||||
| CVE-2024-34955 | 2024-08-02 | 9.8 Critical | ||
| Code-projects Budget Management 1.0 is vulnerable to SQL Injection via the delete parameter. | ||||
| CVE-2024-34928 | 1 Campcodes | 1 Complete Web-based School Management System | 2024-08-02 | 7.3 High |
| A SQL injection vulnerability in /model/update_subject_routing.php in Campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the grade parameter. | ||||
| CVE-2024-34933 | 1 Campcodes | 1 Complete Web-based School Management System | 2024-08-02 | 6.3 Medium |
| A SQL injection vulnerability in /model/update_grade.php in Campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the admission_fee parameter. | ||||
| CVE-2024-34927 | 1 Campcodes | 1 Complete Web-based School Management System | 2024-08-02 | 9.8 Critical |
| A SQL injection vulnerability in /model/update_classroom.php in Campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the name parameter. | ||||
| CVE-2024-34935 | 1 Campcodes | 1 Complete Web-based School Management System | 2024-08-02 | 9.8 Critical |
| A SQL injection vulnerability in /view/conversation_history_admin.php in Campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the conversation_id parameter. | ||||
| CVE-2024-34930 | 1 Campcodes | 1 Complete Web-based School Management System | 2024-08-02 | 5.3 Medium |
| A SQL injection vulnerability in /model/all_events1.php in Campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the month parameter. | ||||
| CVE-2024-34929 | 1 Campcodes | 1 Complete Web-based School Management System | 2024-08-02 | 9.8 Critical |
| A SQL injection vulnerability in /view/find_friends.php in Campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the my_index parameter. | ||||
| CVE-2024-34533 | 2024-08-02 | 7.3 High | ||
| A SQL injection vulnerability in ZI PT Solusi Usaha Mudah Analytic Data Query module (aka izi_data) 11.0 through 17.x before 17.0.3 allows a remote attacker to gain privileges via a query to IZITools::query_check, IZITools::query_fetch, or IZITools::query_execute. | ||||
| CVE-2024-34532 | 2024-08-02 | 9.8 Critical | ||
| A SQL injection vulnerability in Yvan Dotet PostgreSQL Query Deluxe module (aka query_deluxe) 17.x before 17.0.0.4 allows a remote attacker to gain privileges via the query parameter to models/querydeluxe.py:QueryDeluxe::get_result_from_query. | ||||
| CVE-2024-34534 | 2024-08-02 | 7.3 High | ||
| A SQL injection vulnerability in Cybrosys Techno Solutions Text Commander module (aka text_commander) 16.0 through 16.0.1 allows a remote attacker to gain privileges via the data parameter to models/ir_model.py:IrModel::chech_model. | ||||
| CVE-2024-34472 | 2024-08-02 | 5.9 Medium | ||
| An issue was discovered in HSC Mailinspector 5.2.17-3 through v.5.2.18. An authenticated blind SQL injection vulnerability exists in the mliRealtimeEmails.php file. The ordemGrid parameter in a POST request to /mailinspector/mliRealtimeEmails.php does not properly sanitize input, allowing an authenticated attacker to execute arbitrary SQL commands, leading to the potential disclosure of the entire application database. | ||||
| CVE-2024-34412 | 2024-08-02 | 8.5 High | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Parcel Panel ParcelPanel.This issue affects ParcelPanel: from n/a through 3.8.1. | ||||
| CVE-2024-34386 | 2024-08-02 | 7.6 High | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Lucian Apostol Auto Affiliate Links.This issue affects Auto Affiliate Links: from n/a through 6.4.3.1. | ||||
| CVE-2024-34256 | 2024-08-02 | 9.8 Critical | ||
| OFCMS V1.1.2 is vulnerable to SQL Injection via the new table function. | ||||
| CVE-2024-34220 | 2024-08-02 | 7.5 High | ||
| Sourcecodester Human Resource Management System 1.0 is vulnerable to SQL Injection via the 'leave' parameter. | ||||
| CVE-2024-34222 | 2024-08-02 | 5.9 Medium | ||
| Sourcecodester Human Resource Management System 1.0 is vulnerable to SQL Injection via the searccountry parameter. | ||||
| CVE-2024-33911 | 2024-08-02 | 7.6 High | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Weblizar School Management Pro.This issue affects School Management Pro: from n/a through 10.3.4. | ||||
| CVE-2024-33801 | 2024-08-02 | 9.8 Critical | ||
| A SQL injection vulnerability in /model/get_subject_routing.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the id parameter. | ||||