Total
12999 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-33807 | 2024-08-02 | 5.4 Medium | ||
| A SQL injection vulnerability in /model/get_teacher_timetable.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the grade parameter. | ||||
| CVE-2024-33805 | 2024-08-02 | 9.8 Critical | ||
| A SQL injection vulnerability in /model/get_student.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2024-33802 | 2024-08-02 | 6.5 Medium | ||
| A SQL injection vulnerability in /model/get_student_subject.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the index parameter. | ||||
| CVE-2024-33804 | 2024-08-02 | 6.3 Medium | ||
| A SQL injection vulnerability in /model/get_subject.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2024-33546 | 2024-08-02 | 9.6 Critical | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AA-Team WZone allows SQL Injection.This issue affects WZone: from n/a through 14.0.10. | ||||
| CVE-2024-33559 | 2024-08-02 | 9.3 Critical | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in 8theme XStore allows SQL Injection.This issue affects XStore: from n/a through 9.3.5. | ||||
| CVE-2024-33551 | 2024-08-02 | 9.3 Critical | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in 8theme XStore Core allows SQL Injection.This issue affects XStore Core: from n/a through 5.3.5. | ||||
| CVE-2024-33485 | 2024-08-02 | 9.8 Critical | ||
| SQL Injection vulnerability in CASAP Automated Enrollment System using PHP/MySQLi with Source Code V1.0 allows a remote attacker to obtain sensitive information via a crafted payload to the login.php component | ||||
| CVE-2024-33544 | 2024-08-02 | 9.3 Critical | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AA-Team WZone allows SQL Injection.This issue affects WZone: from n/a through 14.0.10. | ||||
| CVE-2024-33444 | 1 Onethink | 1 Onethink | 2024-08-02 | 9.8 Critical |
| SQL injection vulnerability in onethink v.1.1 allows a remote attacker to escalate privileges via a crafted script to the ModelModel.class.php component. | ||||
| CVE-2024-33161 | 1 J2eefast | 1 J2eefast | 2024-08-02 | 5.3 Medium |
| J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the unallocatedList() function. | ||||
| CVE-2024-33404 | 1 School Management System Project | 1 School Management System | 2024-08-02 | 8.3 High |
| A SQL injection vulnerability in /model/add_student_first_payment.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the index parameter. | ||||
| CVE-2024-33408 | 1 Campcodes | 1 Complete Web-based School Management System | 2024-08-02 | 9.8 Critical |
| A SQL injection vulnerability in /model/get_classroom.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2024-33275 | 1 Webbax | 1 Supernewsletter | 2024-08-02 | 9.8 Critical |
| SQL injection vulnerability in Webbax supernewsletter v.1.4.21 and before allows a remote attacker to escalate privileges via the Super Newsletter module in the product_search.php components. | ||||
| CVE-2024-33268 | 1 Prestashopmodules | 1 Mdgiftproduct | 2024-08-02 | 9.8 Critical |
| SQL Injection vulnerability in Digincube mdgiftproduct before 1.4.1 allows an attacker to run arbitrary SQL commands via the MdGiftRule::addGiftToCart method. | ||||
| CVE-2024-33406 | 1 Campcodes | 1 Complete Web-based School Management System | 2024-08-02 | 7.3 High |
| SQL injection vulnerability in /model/delete_student_grade_subject.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the index parameter. | ||||
| CVE-2024-33407 | 1 Campcodes | 1 Complete Web-based School Management System | 2024-08-02 | 5.9 Medium |
| SQL injection vulnerability in /model/delete_record.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2024-33411 | 1 Campcodes | 1 Complete Web-based School Management System | 2024-08-02 | 9.8 Critical |
| A SQL injection vulnerability in /model/get_admin_profile.php in Campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the my_index parameter. | ||||
| CVE-2024-33332 | 1 Smallchill | 1 Springblade | 2024-08-02 | N/A |
| An issue discovered in SpringBlade 3.7.1 allows attackers to obtain sensitive information via crafted GET request to api/blade-system/tenant. | ||||
| CVE-2024-33402 | 1 Campcodes | 1 Complete Web-based School Management System | 2024-08-02 | 8.1 High |
| A SQL injection vulnerability in /model/approve_petty_cash.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the id parameter. | ||||