CVE ID | CVSS | Vendor | Exploit | Patch | Trends |
---|---|---|---|---|---|
CVE-2024-44725AutoCMS v5.4 was discovered to contain a SQL injection vulnerability via the sidebar parameter at /admin/robot.php. | CVSS 7.2 | - | - | ||
CVE-2024-4466SQL injection vulnerability in Gescen on the centrosdigitales.net platform. This vulnerability allows an attacker to send a specially crafted SQL query to the pass parameter and retrieve all the data stored in the database. | CVSS 9.8 | - | - | ||
CVE-2024-44587itsourcecode Alton Management System 1.0 is vulnerable to SQL Injection in /noncombo_save.php via the "menu" parameter. | CVSS 8.8 | - | - | ||
CVE-2024-44546Powerjob >= 3.20 is vulnerable to SQL injection via the version parameter. | CVSS 9.8 | Powerjob | - | - | |
CVE-2024-44542SQL Injection vulnerability in todesk v.1.1 allows a remote attacker to execute arbitrary code via the /todesk.com/news.html parameter. | CVSS 9.8 | Exploit | - | ||
CVE-2024-44541evilnapsis Inventio Lite Versions v4 and before is vulnerable to SQL Injection via the "username" parameter in "/?action=processlogin." | CVSS 9.8 | Exploit | - | ||
CVE-2024-44430SQL Injection vulnerability in Best Free Law Office Management Software-v1.0 allows an attacker to execute arbitrary code and obtain sensitive information via a crafted payload to the kortex_lite/control/register_case.php interface | CVSS 9.8 | Mayurik | Exploit | - | |
CVE-2024-44349A SQL injection vulnerability in login portal in AnteeoWMS before v4.7.34 allows unauthenticated attackers to execute arbitrary SQL commands via the username parameter and disclosure of some data in the underlying DB. | CVSS 9.8 | - | - | ||
CVE-2024-4423The access control in CemiPark software does not properly validate user-entered data, which allows the authentication bypass. An attacker who has network access to the login panel can log in with administrator rights to the application.This issue affects CemiPark software: 4.5, 4.7, 5.03 and potentially others. The vendor refused to provide the specific range of affected products.
| CVSS 7.2 | - | - | ||
CVE-2024-44004Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPTaskForce WPCargo Track & Trace allows SQL Injection.This issue affects WPCargo Track & Trace: from n/a through 7.0.6. | CVSS 9.8 | Wptaskforce | - | - | |
CVE-2024-43978Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in highwarden Super Store Finder allows SQL Injection.This issue affects Super Store Finder: from n/a before 6.9.8. | CVSS 9.8 | Superstorefinder | - | - | |
CVE-2024-43976Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in highwarden Super Store Finder allows SQL Injection.This issue affects Super Store Finder: from n/a through 6.9.7. | CVSS 9.8 | Superstorefinder | - | - | |
CVE-2024-43969Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Spiffy Plugins Spiffy Calendar allows SQL Injection.This issue affects Spiffy Calendar: from n/a through 4.9.12. | CVSS 7.6 | Spiffyplugins | - | - | |
CVE-2024-43966Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Stark Digital WP Testimonial Widget.This issue affects WP Testimonial Widget: from n/a through 3.1. | CVSS 7.2 | Wordpress, et al | - | - | |
CVE-2024-43965Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Smackcoders SendGrid for WordPress allows SQL Injection.This issue affects SendGrid for WordPress: from n/a through 1.4. | CVSS 9.8 | Smackcoders, et al | - | - | |
CVE-2024-43943Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Wpsoul Greenshift Woocommerce Addon allows SQL Injection.This issue affects Greenshift Woocommerce Addon: from n/a before 1.9.8. | CVSS 8.8 | Wordpress, et al | - | - | |
CVE-2024-43942Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Wpsoul Greenshift Query and Meta Addon allows SQL Injection.This issue affects Greenshift Query and Meta Addon: from n/a before 3.9.2. | CVSS 8.8 | Wordpress, et al | - | - | |
CVE-2024-43941Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Propovoice Propovoice Pro allows SQL Injection.This issue affects Propovoice Pro: from n/a through 1.7.0.3. | CVSS 9.8 | Propovoice, et al | - | - | |
CVE-2024-43918Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WBW WBW Product Table PRO allows SQL Injection.This issue affects WBW Product Table PRO: from n/a through 1.9.4. | CVSS 9.8 | Woobewoo, et al | Exploit | - | |
CVE-2024-43917Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TemplateInvaders TI WooCommerce Wishlist allows SQL Injection.This issue affects TI WooCommerce Wishlist: from n/a through 2.8.2. | CVSS 9.8 | Templateinvaders | Exploit | - | |
CVE-2024-43776SQL Injection in mock exam function of Easytest Online Test Platform ver.24E01 and earlier allow remote authenticated users to execute arbitrary SQL commands via the qlevel parameter. | CVSS 8.8 | Easy test project | - | - | |
CVE-2024-43775SQL Injection in search course titles function of Easytest Online Test Platform ver.24E01 and earlier allow remote authenticated users to execute arbitrary SQL commands via the search parameter. | CVSS 8.8 | Easy test project | - | - | |
CVE-2024-43774SQL Injection in download personal learning course function of Easytest Online Test Platform ver.24E01 and earlier allow remote authenticated users to execute arbitrary SQL commands via the uid parameter. | CVSS 8.8 | Easy test project | - | - | |
CVE-2024-43773SQL Injection in download class learning course function of Easytest Online Test Platform ver.24E01 and earlier allow remote attackers to execute arbitrary SQL commands via the cstr parameter. | CVSS 9.8 | Easy test project | - | - | |
CVE-2024-43772SQL Injection in download student learning course function of Easytest Online Test Platform ver.24E01 and earlier allow remote attackers to execute arbitrary SQL commands via the uid parameter. | CVSS 9.8 | Easy test project | - | - | |
CVE-2024-43699Delta Electronics DIAEnergie is vulnerable to an SQL injection in the script AM_RegReport.aspx. An unauthenticated attacker may be able to exploit this issue to obtain records contained in the targeted product. | CVSS 9.8 | Deltaww | - | Patched | |
CVE-2024-43468Microsoft Configuration Manager Remote Code Execution Vulnerability | CVSS 9.8 | Microsoft | - | Patched | |
CVE-2024-43436A SQL injection risk flaw was found in the XMLDB editor tool available to site administrators. | CVSS 7.2 | Apache | - | Patched | |
CVE-2024-43415An improper neutralization of special elements used in an SQL command in the papertrail/version- model of the decidim_awesome-module <= v0.11.1 (> 0.9.0) allows an authenticated admin user to manipulate sql queries to disclose information, read and write files or execute commands. | CVSS 9 | Decidim | - | Patched | |
CVE-2024-43406LF Edge eKuiper is a lightweight IoT data analytics and stream processing engine running on resource-constraint edge devices. A user could utilize and exploit SQL Injection to allow the execution of malicious SQL query via Get method in sqlKvStore. This vulnerability is fixed in 1.14.2. | CVSS 8.8 | Lfedge | Exploit | Patched | |
CVE-2024-43360ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder is affected by a time-based SQL Injection vulnerability. This vulnerability is fixed in 1.36.34 and 1.37.61. | CVSS 9.8 | Zoneminder | Exploit | Patched | |
CVE-2024-43286Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Squirrly SEO Plugin by Squirrly SEO.This issue affects SEO Plugin by Squirrly SEO: from n/a through 12.3.19. | CVSS 8.5 | Squirrly | - | - | |
CVE-2024-43282Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeum Tutor LMS.This issue affects Tutor LMS: from n/a through 2.7.2. | CVSS 7.6 | Themeum | - | - | |
CVE-2024-43207Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Valiano Unite Gallery Lite.This issue affects Unite Gallery Lite: from n/a through 1.7.62. | CVSS 8.5 | Unitegallery | - | - | |
CVE-2024-43145Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AyeCode Ltd GeoDirectory.This issue affects GeoDirectory: from n/a through 2.3.61. | CVSS 8.5 | Ayecode | - | - | |
CVE-2024-43144Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in StylemixThemes Cost Calculator Builder allows SQL Injection.This issue affects Cost Calculator Builder: from n/a through 3.2.15. | CVSS 9.8 | Stylemixthemes | - | - | |
CVE-2024-43132Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPWeb Elite Docket (WooCommerce Collections / Wishlist / Watchlist) allows SQL Injection.This issue affects Docket (WooCommerce Collections / Wishlist / Watchlist): from n/a before 1.7.0. | CVSS 9.8 | Woocommerce, et al | - | - | |
CVE-2024-4309SQL injection vulnerability in HubBank affecting version 1.0.2. This vulnerability could allow an attacker to send a specially crafted SQL query to the database through different endpoints (/user/transaction.php?id=1, /user/credit-debit_transaction.php?id=1,/user/view_transaction. php?id=1 and /user/viewloantrans.php?id=1, id parameter) and retrieve the information stored in the database. | CVSS 8.1 | Id | - | - | |
CVE-2024-4308SQL injection vulnerability in HubBank affecting version 1.0.2. This vulnerability could allow an attacker to send a specially crafted SQL query to the database through different endpoints (/admin/view_users.php?id=1,/admin/viewloan-trans.php?id=1,/admin/view-deposit.php?id=1,/admin/view-domtrans.php?id=1, /admin/delete_cards.php?id=1,/admin/view_cards.php?id=1 and /admin/view_users.php?id=1, id parameter) and retrieve the information stored in the database. | CVSS 8.1 | Id | - | - | |
CVE-2024-4307SQL injection vulnerability in HubBank affecting version 1.0.2. This vulnerability could allow an attacker to send a specially crafted SQL query to the database through different endpoints (/accounts/activities.php?id=1, /accounts/view-deposit.php?id=1, /accounts/view_cards. php?id=1, /accounts/wire-transfer.php?id=1 and /accounts/wiretransfer-pending.php?id=1, id parameter) and retrieve the information stored in the database. | CVSS 8.1 | Id | - | - | |
CVE-2024-43040Renwoxing Enterprise Intelligent Management System before v3.0 was discovered to contain a SQL injection vulnerability via the parid parameter at /fx/baseinfo/SearchInfo. | CVSS 9.1 | - | - | ||
CVE-2024-42994VTiger CRM <= 8.1.0 does not properly sanitize user input before using it in a SQL statement, leading to a SQL Injection in the "CompanyDetails" operation of the "MailManager" module. | CVSS 7.2 | Vtiger | - | - | |
CVE-2024-4295The Email Subscribers by Icegram Express plugin for WordPress is vulnerable to SQL Injection via the ‘hash’ parameter in all versions up to, and including, 5.7.20 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | CVSS 9.8 | Wordpress, et al | Exploit | Patched | |
CVE-2024-42913RuoYi CMS v4.7.9 was discovered to contain a SQL injection vulnerability via the job_id parameter at /sasfs1. | CVSS 9.8 | Ruoyi | - | - | |
CVE-2024-42885SQL Injection vulnerability in ESAFENET CDG 5.6 and before allows an attacker to execute arbitrary code via the id parameter of the data.jsp page. | CVSS 9.1 | Esafenet | - | - | |
CVE-2024-42843Projectworlds Online Examination System v1.0 is vulnerable to SQL Injection via the subject parameter in feed.php. | CVSS 9.8 | Projectworlds | Exploit | - | |
CVE-2024-42786A SQL injection vulnerability in "/music/view_user.php" in Kashipara Music Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "id" parameter of View User Profile Page. | CVSS 8.8 | Lopalopa, et al | Exploit | - | |
CVE-2024-42785A SQL injection vulnerability in /music/index.php?page=view_playlist in Kashipara Music Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "id" parameter. | CVSS 8.8 | Lopalopa, et al | Exploit | - | |
CVE-2024-42784A SQL injection vulnerability in "/music/controller.php?page=view_music" in Kashipara Music Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "id" parameter. | CVSS 9.8 | Lopalopa, et al | Exploit | - | |
CVE-2024-42783Kashipara Music Management System v1.0 is vulnerable to SQL Injection via /music/manage_playlist_items.php. An attacker can execute arbitrary SQL commands via the "pid" parameter. | CVSS 9.8 | Lopalopa, et al | Exploit | - | |
CVE-2024-42782A SQL injection vulnerability in "/music/ajax.php?action=find_music" in Kashipara Music Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "search" parameter. | CVSS 9.8 | Lopalopa, et al | Exploit | - | |
CVE-2024-42781A SQL injection vulnerability in "/music/ajax.php?action=login" of Kashipara Music Management System v1.0 allows remote attackers to execute arbitrary SQL commands and bypass Login via the email parameter. | CVSS 9.8 | Lopalopa, et al | Exploit | - | |
CVE-2024-42765A SQL injection vulnerability in "/login.php" of the Kashipara Bus Ticket Reservation System v1.0 allows remote attackers to execute arbitrary SQL commands and bypass Login via the "email" or "password" Login page parameters. | CVSS 9.8 | Kashipara | - | - | |
CVE-2024-42760SQL Injection vulnerability in Ellevo v.6.2.0.38160 allows a remote attacker to obtain sensitive information via the /api/mob/instrucao/conta/destinatarios component. | CVSS 7.5 | - | - | ||
CVE-2024-42679SQL Injection vulnerability in Super easy enterprise management system v.1.0.0 and before allows a local attacker to execute arbitrary code via a crafted script to the/ajax/Login.ashx component. | CVSS 7.8 | Exploit | - | ||
CVE-2024-42575School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at substaff.php. | CVSS 9.8 | Apache | Exploit | - | |
CVE-2024-42574School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at attendance.php. | CVSS 9.8 | Exploit | - | ||
CVE-2024-42573School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at dtmarks.php. | CVSS 9.8 | Exploit | - | ||
CVE-2024-42572School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at unitmarks.php. | CVSS 9.8 | Exploit | - | ||
CVE-2024-42571School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at insertattendance.php. | CVSS 9.8 | - | - | ||
CVE-2024-42570School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at admininsert.php. | CVSS 9.8 | Exploit | - | ||
CVE-2024-4257A vulnerability was found in BlueNet Technology Clinical Browsing System 1.2.1. It has been classified as critical. This affects an unknown part of the file /xds/deleteStudy.php. The manipulation of the argument documentUniqueId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-262149 was assigned to this vulnerability. | CVSS 6.3 | - | - | ||
CVE-2024-42569School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at paidclass.php. | CVSS 9.8 | - | - | ||
CVE-2024-42568School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the transport parameter at vehicle.php. | CVSS 9.8 | Exploit | - | ||
CVE-2024-42567School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the sid parameter at /search.php?action=2. | CVSS 9.8 | Exploit | - | ||
CVE-2024-42566School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the password parameter at login.php | CVSS 9.8 | Exploit | - | ||
CVE-2024-42565ERP commit 44bd04 was discovered to contain a SQL injection vulnerability via the id parameter at /index.php/basedata/contact/delete?action=delete. | CVSS 9.8 | Sap | - | - | |
CVE-2024-42564ERP commit 44bd04 was discovered to contain a SQL injection vulnerability via the id parameter at /index.php/basedata/inventory/delete?action=delete. | CVSS 7.6 | - | - | ||
CVE-2024-42562Pharmacy Management System commit a2efc8 was discovered to contain a SQL injection vulnerability via the invoice_number parameter at preview.php. | CVSS 9.8 | - | - | ||
CVE-2024-42561Pharmacy Management System commit a2efc8 was discovered to contain a SQL injection vulnerability via the invoice_number parameter at sales_report.php. | CVSS 8.8 | - | - | ||
CVE-2024-42558Hotel Management System commit 91caab8 was discovered to contain a SQL injection vulnerability via the book_id parameter at admin_modify_room.php. | CVSS 9.8 | - | - | ||
CVE-2024-42556Hotel Management System commit 91caab8 was discovered to contain a SQL injection vulnerability via the room_type parameter at admin_room_removed.php. | CVSS 9.8 | - | - | ||
CVE-2024-42554Hotel Management System commit 91caab8 was discovered to contain a SQL injection vulnerability via the room_type parameter at admin_room_added.php. | CVSS 8.8 | - | - | ||
CVE-2024-42552Hotel Management System commit 91caab8 was discovered to contain a SQL injection vulnerability via the book_id parameter at admin_room_history.php. | CVSS 8.6 | - | - | ||
CVE-2024-42417Delta Electronics DIAEnergie is vulnerable to an SQL injection in the script Handler_CFG.ashx. An authenticated attacker may be able to exploit this issue to cause delay in the targeted product. | CVSS 8.8 | Deltaww | - | Patched | |
CVE-2024-42404SQL injection vulnerability in Welcart e-Commerce prior to 2.11.2 allows an attacker who can login to the product to obtain or alter the information stored in the database. | CVSS 8.8 | Welcart | - | - | |
CVE-2024-42361Hertzbeat is an open source, real-time monitoring system. Hertzbeat 1.6.0 and earlier declares a /api/monitor/{monitorId}/metric/{metricFull} endpoint to download job metrics. In the process, it executes a SQL query with user-controlled data, allowing for SQL injection. | CVSS 9.8 | Dromara, et al | Exploit | Patched | |
CVE-2024-42357Shopware is an open commerce platform. Prior to versions 6.6.5.1 and 6.5.8.13, the Shopware application API contains a search functionality which enables users to search through information stored within their Shopware instance. The searches performed by this function can be aggregated using the parameters in the `aggregations` object. The `name` field in this `aggregations` object is vulnerable SQL-injection and can be exploited using SQL parameters. Update to Shopware 6.6.5.1 or 6.5.8.13 to receive a patch. For older versions of 6.1, 6.2, 6.3, and 6.4, corresponding security measures are also available via a plugin. | CVSS 9.8 | Shopware | - | Patched | |
CVE-2024-4228Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'), CWE - 200 - Exposure of Sensitive Information to an Unauthorized Actor, CWE - 522 - Insufficiently Protected Credentials vulnerability in Magarsus Consultancy SSO (Single Sign On) allows SQL Injection.This issue affects SSO (Single Sign On): from 1.0 before 1.1. | CVSS 9.8 | - | - | ||
CVE-2024-4215pgAdmin <= 8.5 is affected by a multi-factor authentication bypass vulnerability. This vulnerability allows an attacker with knowledge of a legitimate account’s username and password may authenticate to the application and perform sensitive actions within the application, such as managing files and executing SQL queries, regardless of the account’s MFA enrollment status.
| CVSS 7.4 | Pgadmin | - | Patched | |
CVE-2024-42005An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. QuerySet.values() and values_list() methods on models with a JSONField are subject to SQL injection in column aliases via a crafted JSON object key as a passed *arg. | CVSS 7.3 | Djangoproject | - | Patched | |
CVE-2024-41944Xibo is a content management system (CMS). An SQL injection vulnerability was discovered in the `report/data/proofofplayReport` API route inside the CMS. This allows an authenticated user to to obtain and modify arbitrary data from the Xibo database by injecting specially crafted values in to the `sortBy` parameter. Users should upgrade to version 3.3.12 or 4.0.14 which fix this issue. | CVSS 6.5 | Springsignage | - | - | |
CVE-2024-41915A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An attacker could exploit this vulnerability to obtain and modify sensitive information in the underlying database potentially leading to complete compromise of the ClearPass Policy Manager cluster. | CVSS 7.2 | Arubanetworks | - | - | |
CVE-2024-41804Xibo is a content management system (CMS). An SQL injection vulnerability was discovered in the API route inside the CMS responsible for Adding/Editing DataSet Column Formulas. This allows an authenticated user to to obtain and modify arbitrary data from the Xibo database by injecting specially crafted values in to the `formula` parameter. Users should upgrade to version 3.3.12 or 4.0.14 which fix this issue. | CVSS 6.5 | Springsignage | - | Patched | |
CVE-2024-41803Xibo is a content management system (CMS). An SQL injection vulnerability was discovered in the API routes inside the CMS responsible for Filtering DataSets. This allows an authenticated user to to obtain arbitrary data from the Xibo database by injecting specially crafted values in to the API for viewing DataSet data. Users should upgrade to version 3.3.12 or 4.0.14 which fix this issue. | CVSS 4.9 | Springsignage | - | Patched | |
CVE-2024-41802Xibo is a content management system (CMS). An SQL injection vulnerability was discovered in the API routes inside the CMS responsible for Filtering DataSets. This allows an authenticated user to to obtain and modify arbitrary data from the Xibo database by injecting specially crafted values in to the APIs for importing JSON and importing a Layout containing DataSet data.
Users should upgrade to version 3.3.12 or 4.0.14 which fix this issue | CVSS 8.1 | Springsignage | - | Patched | |
CVE-2024-41702SiberianCMS - CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | CVSS 9.8 | Siberiancms | - | - | |
CVE-2024-41679GLPI is a free asset and IT management software package. An authenticated user can exploit a SQL injection vulnerability from the ticket form. Upgrade to 10.0.17. | CVSS 6.5 | Glpi-project | - | - | |
CVE-2024-41618Money Manager EX WebApp (web-money-manager-ex) 1.2.2 is vulnerable to SQL Injection in the `transaction_delete_group` function. The vulnerability is due to improper sanitization of user input in the `TrDeleteArr` parameter, which is directly incorporated into an SQL query. | CVSS 9.8 | - | - | ||
CVE-2024-41551CampCodes Supplier Management System v1.0 is vulnerable to SQL injection via Supply_Management_System/admin/view_order_items.php?id= . | CVSS 9.8 | Campcodes | Exploit | - | |
CVE-2024-41550CampCodes Supplier Management System v1.0 is vulnerable to SQL injection via Supply_Management_System/admin/view_invoice_items.php?id= . | CVSS 7.2 | Campcodes | - | - | |
CVE-2024-41512A SQL Injection vulnerability in "ccHandler.aspx" in all versions of CADClick v.1.11.0 and before allows remote attackers to execute arbitrary SQL commands via the "bomid" parameter. | CVSS 8.8 | - | - | ||
CVE-2024-4145The Search & Replace WordPress plugin before 3.2.2 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks (such as within a multi-site network). | CVSS 7.2 | Wordpress, et al | Exploit | - | |
CVE-2024-41444SeaCMS v12.9 has a SQL injection vulnerability in the key parameter of /js/player/dmplayer/dmku/index.php?ac=so. | CVSS 9.8 | Seacms | - | - | |
CVE-2024-41372Organizr v1.90 was discovered to contain a SQL injection vulnerability via chat/settyping.php. | CVSS 9.8 | Organizr | Exploit | - | |
CVE-2024-41370Organizr v1.90 was discovered to contain a SQL injection vulnerability via chat/setlike.php. | CVSS 9.8 | Organizr | Exploit | - | |
CVE-2024-41238A SQL injection vulnerability in /smsa/student_login.php in Kashipara Responsive School Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "username" parameter. | CVSS 5.3 | Lopalopa, et al | Exploit | - | |
CVE-2024-41237A SQL injection vulnerability in /smsa/teacher_login.php in Kashipara Responsive School Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "username" parameter. | CVSS 9.8 | Lopalopa, et al | Exploit | - | |
CVE-2024-41236A SQL injection vulnerability in /smsa/admin_login.php in Kashipara Responsive School Management System v3.2.0 allows an attacker to execute arbitrary SQL commands via the "username" parameter of the Admin Login Page | CVSS 7.2 | Lopalopa, et al | Exploit | - | |
CVE-2024-4093A vulnerability, which was classified as critical, was found in SourceCodester Simple Subscription Website 1.0. Affected is an unknown function of the file view_application.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-261822 is the identifier assigned to this vulnerability. | CVSS 6.3 | Simple subscription website project | - | - |