Total
12999 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-33292 | 1 Realisation | 1 Mgsd | 2024-08-02 | 8.2 High |
| SQL Injection vulnerability in Realisation MGSD v.1.0 allows a remote attacker to obtain sensitive information via the id parameter. | ||||
| CVE-2024-33410 | 1 Campcodes | 1 Complete Web-based School Management System | 2024-08-02 | 8.1 High |
| SQL injection vulnerability in /model/delete_range_grade.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2024-33155 | 1 J2eefast | 1 J2eefast | 2024-08-02 | 9.8 Critical |
| J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the getDeptList() function. | ||||
| CVE-2024-33009 | 2024-08-02 | 4.2 Medium | ||
| SAP Global Label Management is vulnerable to SQL injection. On exploitation the attacker can use specially crafted inputs to modify database commands resulting in the retrieval of additional information persisted by the system. This could lead to low impact on Confidentiality and Integrity of the application. | ||||
| CVE-2024-33269 | 1 Communitydeveloper | 1 Prestaddons Flashsales | 2024-08-02 | 9.8 Critical |
| SQL Injection vulnerability in Prestaddons flashsales 1.9.7 and before allows an attacker to run arbitrary SQL commands via the FsModel::getFlashSales method. | ||||
| CVE-2024-33153 | 1 Dromara | 1 J2eefast | 2024-08-02 | 9.8 Critical |
| J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the commentList() function. | ||||
| CVE-2024-33276 | 1 Prestashop | 1 Prestashop | 2024-08-02 | 9.8 Critical |
| SQL Injection vulnerability in FME Modules preorderandnotication v.3.1.0 and before allows a remote attacker to run arbitrary SQL commands via the PreorderModel::getIdProductAttributesByIdAttributes() method. | ||||
| CVE-2024-33405 | 1 Campcodes | 1 Complete Web-based School Management System | 2024-08-02 | 8.6 High |
| SQL injection vulnerability in add_friends.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the friend_index parameter. | ||||
| CVE-2024-33149 | 1 J2eefast | 1 J2eefast | 2024-08-02 | 8.1 High |
| J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the myProcessList function. | ||||
| CVE-2024-33272 | 1 Prestashop | 1 Prestashop | 2024-08-02 | 6.8 Medium |
| SQL injection vulnerability in KnowBand for PrestaShop autosuggest before 2.0.0 allows an attacker to run arbitrary SQL commands via the AutosuggestSearchModuleFrontController::initContent(), and AutosuggestSearchModuleFrontController::getKbProducts() components. | ||||
| CVE-2024-33139 | 1 J2eefast | 1 J2eefast | 2024-08-02 | 7.5 High |
| J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the findpage function. | ||||
| CVE-2024-33124 | 1 Roothub | 1 Roothub | 2024-08-02 | 9.8 Critical |
| Roothub v2.6 was discovered to contain a SQL injection vulnerability via the nodeTitle parameter in the parentNode() function.. | ||||
| CVE-2024-33144 | 1 J2eefast | 1 J2eefast | 2024-08-02 | 8.8 High |
| J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the findApplyedTasksPage function in BpmTaskMapper.xml. | ||||
| CVE-2024-33267 | 1 Htc | 1 Hero | 2024-08-02 | 9.8 Critical |
| SQL Injection vulnerability in Hero hfheropayment v.1.2.5 and before allows an attacker to escalate privileges via the HfHeropaymentGatewayBackModuleFrontController::initContent() function. | ||||
| CVE-2024-33121 | 1 Roothub | 1 Roothub | 2024-08-02 | N/A |
| Roothub v2.6 was discovered to contain a SQL injection vulnerability via the 's' parameter in the search() function. | ||||
| CVE-2024-32888 | 1 Aws | 1 Amazon-redshift-jdbc-driver | 2024-08-02 | 10 Critical |
| The Amazon JDBC Driver for Redshift is a Type 4 JDBC driver that provides database connectivity through the standard JDBC application program interfaces (APIs) available in the Java Platform, Enterprise Editions. Prior to version 2.1.0.28, SQL injection is possible when using the non-default connection property `preferQueryMode=simple` in combination with application code which has a vulnerable SQL that negates a parameter value. There is no vulnerability in the driver when using the default, extended query mode. Note that `preferQueryMode` is not a supported parameter in Redshift JDBC driver, and is inherited code from Postgres JDBC driver. Users who do not override default settings to utilize this unsupported query mode are not affected. This issue is patched in driver version 2.1.0.28. As a workaround, do not use the connection property `preferQueryMode=simple`. (NOTE: Those who do not explicitly specify a query mode use the default of extended query mode and are not affected by this issue.) | ||||
| CVE-2024-32872 | 2024-08-02 | 5.5 Medium | ||
| Umbraco workflow provides workflows for the Umbraco content management system. Prior to versions 10.3.9, 12.2.6, and 13.0.6, an Umbraco Backoffice user can modify requests to a particular API endpoint to include SQL, which will be executed by the server. Umbraco Workflow versions 10.3.9, 12.2.6, 13.0.6, as well as Umbraco Plumber version 10.1.2, contain a patch for this issue. | ||||
| CVE-2024-32738 | 2024-08-02 | 7.5 High | ||
| A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to v2.8.3. An unauthenticated remote attacker can leak sensitive information via the "query_ptask_lean" function within MCUDBHelper. | ||||
| CVE-2024-32737 | 2024-08-02 | 7.5 High | ||
| A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to v2.8.3. An unauthenticated remote attacker can leak sensitive information via the "query_contract_result" function within MCUDBHelper. | ||||
| CVE-2024-32710 | 2024-08-02 | 8.5 High | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Plechev Andrey WP-Recall.This issue affects WP-Recall: from n/a through 16.26.5. | ||||