Total
12999 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-27941 | 1 Siemens | 1 Ruggedcom Crossbow | 2024-08-02 | 8.8 High |
| A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The affected client systems do not properly sanitize input data before sending it to the SQL server. An attacker could use this vulnerability to compromise the whole database. | ||||
| CVE-2024-27889 | 2024-08-02 | 8.8 High | ||
| Multiple SQL Injection vulnerabilities exist in the reporting application of the Arista Edge Threat Management - Arista NG Firewall (NGFW). A user with advanced report application access rights can exploit the SQL injection, allowing them to execute commands on the underlying operating system with elevated privileges. | ||||
| CVE-2024-27709 | 1 Eskooly | 1 Web Product | 2024-08-02 | 9.8 Critical |
| SQL Injection vulnerability in Eskooly Web Product v.3.0 allows a remote attacker to execute arbitrary code via the searchby parameter of the allstudents.php component and the id parameter of the requestmanager.php component. | ||||
| CVE-2024-27574 | 1 Trainme Acadamy | 1 Ichin | 2024-08-02 | 9.1 Critical |
| SQL Injection vulnerability in Trainme Academy version Ichin v.1.3.2 allows a remote attacker to obtain sensitive information via the informacion, idcurso, and tit parameters. | ||||
| CVE-2024-27299 | 2024-08-02 | 8.8 High | ||
| phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. A SQL injection vulnerability has been discovered in the the "Add News" functionality due to improper escaping of the email address. This allows any authenticated user with the rights to add/edit FAQ news to exploit this vulnerability to exfiltrate data, take over accounts and in some cases, even achieve RCE. The vulnerable field lies in the `authorEmail` field which uses PHP's `FILTER_VALIDATE_EMAIL` filter. This filter is insufficient in protecting against SQL injection attacks and should still be properly escaped. However, in this version of phpMyFAQ (3.2.5), this field is not escaped properly can be used together with other fields to fully exploit the SQL injection vulnerability. This vulnerability is fixed in 3.2.6. | ||||
| CVE-2024-27304 | 1 Redhat | 1 Advanced Cluster Security | 2024-08-02 | 9.8 Critical |
| pgx is a PostgreSQL driver and toolkit for Go. SQL injection can occur if an attacker can cause a single query or bind message to exceed 4 GB in size. An integer overflow in the calculated message size can cause the one large message to be sent as multiple messages under the attacker's control. The problem is resolved in v4.18.2 and v5.5.4. As a workaround, reject user input large enough to cause a single query or bind message to exceed 4 GB in size. | ||||
| CVE-2024-27289 | 1 Redhat | 2 Advanced Cluster Security, Openshift | 2024-08-02 | 8.1 High |
| pgx is a PostgreSQL driver and toolkit for Go. Prior to version 4.18.2, SQL injection can occur when all of the following conditions are met: the non-default simple protocol is used; a placeholder for a numeric value must be immediately preceded by a minus; there must be a second placeholder for a string value after the first placeholder; both must be on the same line; and both parameter values must be user-controlled. The problem is resolved in v4.18.2. As a workaround, do not use the simple protocol or do not place a minus directly before a placeholder. | ||||
| CVE-2024-27096 | 2024-08-02 | 7.7 High | ||
| GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An authenticated user can exploit a SQL injection vulnerability in the search engine to extract data from the database. This issue has been patched in version 10.0.13. | ||||
| CVE-2024-25849 | 2024-08-01 | 9.8 Critical | ||
| In the module "Make an offer" (makeanoffer) <= 1.7.1 from PrestaToolKit for PrestaShop, a guest can perform SQL injection via MakeOffers::checkUserExistingOffer()` and `MakeOffers::addUserOffer()` . | ||||
| CVE-2024-25894 | 2024-08-01 | 9.8 Critical | ||
| ChurchCRM 5.5.0 /EventEditor.php is vulnerable to Blind SQL Injection (Time-based) via the EventCount POST parameter. | ||||
| CVE-2024-25924 | 2024-08-01 | 7.6 High | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Trustindex.Io WP Testimonials.This issue affects WP Testimonials: from n/a through 1.4.3. | ||||
| CVE-2024-25928 | 2024-08-01 | 7.1 High | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Sitepact.This issue affects Sitepact: from n/a through 1.0.5. | ||||
| CVE-2024-25897 | 2024-08-01 | 9.8 Critical | ||
| ChurchCRM 5.5.0 FRCatalog.php is vulnerable to Blind SQL Injection (Time-based) via the CurrentFundraiser GET parameter. | ||||
| CVE-2024-25523 | 2024-08-01 | 9.8 Critical | ||
| RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the file_id parameter at /filemanage/file_memo.aspx. | ||||
| CVE-2024-25533 | 2024-08-01 | 9.4 Critical | ||
| Error messages in RuvarOA v6.01 and v12.01 were discovered to leak the physical path of the website (/WorkFlow/OfficeFileUpdate.aspx). This vulnerability can allow attackers to write files to the server or execute arbitrary commands via crafted SQL statements. | ||||
| CVE-2024-25530 | 2024-08-01 | 9.8 Critical | ||
| RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the PageID parameter at /WebUtility/get_find_condiction.aspx. | ||||
| CVE-2024-25522 | 2024-08-01 | 9.4 Critical | ||
| RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the office_missive_id parameter at /WorkFlow/wf_work_form_save.aspx. | ||||
| CVE-2024-25574 | 2024-08-01 | 8.8 High | ||
| SQL injection vulnerability exists in GetDIAE_usListParameters. | ||||
| CVE-2024-25532 | 2024-08-01 | 9.8 Critical | ||
| RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the bt_id parameter at /include/get_dict.aspx. | ||||
| CVE-2024-25529 | 2024-08-01 | 9.8 Critical | ||
| RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /WorkFlow/wf_office_file_history_show.aspx. | ||||