Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CWE-89

CVE IDCVSSVendorExploitPatchTrends
CVE-2024-44725AutoCMS v5.4 was discovered to contain a SQL injection vulnerability via the sidebar parameter at /admin/robot.php.
CVSS 7.2

-

-

Trending graph for this CVE
CVE-2024-4466SQL injection vulnerability in Gescen on the centrosdigitales.net platform. This vulnerability allows an attacker to send a specially crafted SQL query to the pass parameter and retrieve all the data stored in the database.
CVSS 9.8

-

-

Trending graph for this CVE
CVE-2024-44587itsourcecode Alton Management System 1.0 is vulnerable to SQL Injection in /noncombo_save.php via the "menu" parameter.
CVSS 8.8

-

-

Trending graph for this CVE
CVE-2024-44546Powerjob >= 3.20 is vulnerable to SQL injection via the version parameter.
CVSS 9.8Powerjob

-

-

Trending graph for this CVE
CVE-2024-44542SQL Injection vulnerability in todesk v.1.1 allows a remote attacker to execute arbitrary code via the /todesk.com/news.html parameter.
CVSS 9.8

Exploit

-

Trending graph for this CVE
CVE-2024-44541evilnapsis Inventio Lite Versions v4 and before is vulnerable to SQL Injection via the "username" parameter in "/?action=processlogin."
CVSS 9.8

Exploit

-

Trending graph for this CVE
CVE-2024-44430SQL Injection vulnerability in Best Free Law Office Management Software-v1.0 allows an attacker to execute arbitrary code and obtain sensitive information via a crafted payload to the kortex_lite/control/register_case.php interface
CVSS 9.8Mayurik

Exploit

-

Trending graph for this CVE
CVE-2024-44349A SQL injection vulnerability in login portal in AnteeoWMS before v4.7.34 allows unauthenticated attackers to execute arbitrary SQL commands via the username parameter and disclosure of some data in the underlying DB.
CVSS 9.8

-

-

Trending graph for this CVE
CVE-2024-4423The access control in CemiPark software does not properly validate user-entered data, which allows the authentication bypass. An attacker who has network access to the login panel can log in with administrator rights to the application.This issue affects CemiPark software: 4.5, 4.7, 5.03 and potentially others. The vendor refused to provide the specific range of affected products.
CVSS 7.2

-

-

Trending graph for this CVE
CVE-2024-44004Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPTaskForce WPCargo Track & Trace allows SQL Injection.This issue affects WPCargo Track & Trace: from n/a through 7.0.6.
CVSS 9.8Wptaskforce

-

-

Trending graph for this CVE
CVE-2024-43978Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in highwarden Super Store Finder allows SQL Injection.This issue affects Super Store Finder: from n/a before 6.9.8.
CVSS 9.8Superstorefinder

-

-

Trending graph for this CVE
CVE-2024-43976Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in highwarden Super Store Finder allows SQL Injection.This issue affects Super Store Finder: from n/a through 6.9.7.
CVSS 9.8Superstorefinder

-

-

Trending graph for this CVE
CVE-2024-43969Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Spiffy Plugins Spiffy Calendar allows SQL Injection.This issue affects Spiffy Calendar: from n/a through 4.9.12.
CVSS 7.6Spiffyplugins

-

-

Trending graph for this CVE
CVE-2024-43966Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Stark Digital WP Testimonial Widget.This issue affects WP Testimonial Widget: from n/a through 3.1.
CVSS 7.2Wordpress, et al

-

-

Trending graph for this CVE
CVE-2024-43965Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Smackcoders SendGrid for WordPress allows SQL Injection.This issue affects SendGrid for WordPress: from n/a through 1.4.
CVSS 9.8Smackcoders, et al

-

-

Trending graph for this CVE
CVE-2024-43943Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Wpsoul Greenshift Woocommerce Addon allows SQL Injection.This issue affects Greenshift Woocommerce Addon: from n/a before 1.9.8.
CVSS 8.8Wordpress, et al

-

-

Trending graph for this CVE
CVE-2024-43942Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Wpsoul Greenshift Query and Meta Addon allows SQL Injection.This issue affects Greenshift Query and Meta Addon: from n/a before 3.9.2.
CVSS 8.8Wordpress, et al

-

-

Trending graph for this CVE
CVE-2024-43941Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Propovoice Propovoice Pro allows SQL Injection.This issue affects Propovoice Pro: from n/a through 1.7.0.3.
CVSS 9.8Propovoice, et al

-

-

Trending graph for this CVE
CVE-2024-43918Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WBW WBW Product Table PRO allows SQL Injection.This issue affects WBW Product Table PRO: from n/a through 1.9.4.
CVSS 9.8Woobewoo, et al

Exploit

-

Trending graph for this CVE
CVE-2024-43917Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TemplateInvaders TI WooCommerce Wishlist allows SQL Injection.This issue affects TI WooCommerce Wishlist: from n/a through 2.8.2.
CVSS 9.8Templateinvaders

Exploit

-

Trending graph for this CVE
CVE-2024-43776SQL Injection in mock exam function of Easytest Online Test Platform ver.24E01 and earlier allow remote authenticated users to execute arbitrary SQL commands via the qlevel parameter.
CVSS 8.8Easy test project

-

-

Trending graph for this CVE
CVE-2024-43775SQL Injection in search course titles function of Easytest Online Test Platform ver.24E01 and earlier allow remote authenticated users to execute arbitrary SQL commands via the search parameter.
CVSS 8.8Easy test project

-

-

Trending graph for this CVE
CVE-2024-43774SQL Injection in download personal learning course function of Easytest Online Test Platform ver.24E01 and earlier allow remote authenticated users to execute arbitrary SQL commands via the uid parameter.
CVSS 8.8Easy test project

-

-

Trending graph for this CVE
CVE-2024-43773SQL Injection in download class learning course function of Easytest Online Test Platform ver.24E01 and earlier allow remote attackers to execute arbitrary SQL commands via the cstr parameter.
CVSS 9.8Easy test project

-

-

Trending graph for this CVE
CVE-2024-43772SQL Injection in download student learning course function of Easytest Online Test Platform ver.24E01 and earlier allow remote attackers to execute arbitrary SQL commands via the uid parameter.
CVSS 9.8Easy test project

-

-

Trending graph for this CVE
CVE-2024-43699Delta Electronics DIAEnergie is vulnerable to an SQL injection in the script AM_RegReport.aspx. An unauthenticated attacker may be able to exploit this issue to obtain records contained in the targeted product.
CVSS 9.8Deltaww

-

Patched

Trending graph for this CVE
CVE-2024-43468Microsoft Configuration Manager Remote Code Execution Vulnerability
CVSS 9.8Microsoft

-

Patched

Trending graph for this CVE
CVE-2024-43436A SQL injection risk flaw was found in the XMLDB editor tool available to site administrators.
CVSS 7.2Apache

-

Patched

Trending graph for this CVE
CVE-2024-43415An improper neutralization of special elements used in an SQL command in the papertrail/version- model of the decidim_awesome-module <= v0.11.1 (> 0.9.0) allows an authenticated admin user to manipulate sql queries to disclose information, read and write files or execute commands.
CVSS 9Decidim

-

Patched

Trending graph for this CVE
CVE-2024-43406LF Edge eKuiper is a lightweight IoT data analytics and stream processing engine running on resource-constraint edge devices. A user could utilize and exploit SQL Injection to allow the execution of malicious SQL query via Get method in sqlKvStore. This vulnerability is fixed in 1.14.2.
CVSS 8.8Lfedge

Exploit

Patched

Trending graph for this CVE
CVE-2024-43360ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder is affected by a time-based SQL Injection vulnerability. This vulnerability is fixed in 1.36.34 and 1.37.61.
CVSS 9.8Zoneminder

Exploit

Patched

Trending graph for this CVE
CVE-2024-43286Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Squirrly SEO Plugin by Squirrly SEO.This issue affects SEO Plugin by Squirrly SEO: from n/a through 12.3.19.
CVSS 8.5Squirrly

-

-

Trending graph for this CVE
CVE-2024-43282Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeum Tutor LMS.This issue affects Tutor LMS: from n/a through 2.7.2.
CVSS 7.6Themeum

-

-

Trending graph for this CVE
CVE-2024-43207Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Valiano Unite Gallery Lite.This issue affects Unite Gallery Lite: from n/a through 1.7.62.
CVSS 8.5Unitegallery

-

-

Trending graph for this CVE
CVE-2024-43145Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AyeCode Ltd GeoDirectory.This issue affects GeoDirectory: from n/a through 2.3.61.
CVSS 8.5Ayecode

-

-

Trending graph for this CVE
CVE-2024-43144Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in StylemixThemes Cost Calculator Builder allows SQL Injection.This issue affects Cost Calculator Builder: from n/a through 3.2.15.
CVSS 9.8Stylemixthemes

-

-

Trending graph for this CVE
CVE-2024-43132Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPWeb Elite Docket (WooCommerce Collections / Wishlist / Watchlist) allows SQL Injection.This issue affects Docket (WooCommerce Collections / Wishlist / Watchlist): from n/a before 1.7.0.
CVSS 9.8Woocommerce, et al

-

-

Trending graph for this CVE
CVE-2024-4309SQL injection vulnerability in HubBank affecting version 1.0.2. This vulnerability could allow an attacker to send a specially crafted SQL query to the database through different endpoints (/user/transaction.php?id=1, /user/credit-debit_transaction.php?id=1,/user/view_transaction. php?id=1 and /user/viewloantrans.php?id=1, id parameter) and retrieve the information stored in the database.
CVSS 8.1Id

-

-

Trending graph for this CVE
CVE-2024-4308SQL injection vulnerability in HubBank affecting version 1.0.2. This vulnerability could allow an attacker to send a specially crafted SQL query to the database through different endpoints (/admin/view_users.php?id=1,/admin/viewloan-trans.php?id=1,/admin/view-deposit.php?id=1,/admin/view-domtrans.php?id=1, /admin/delete_cards.php?id=1,/admin/view_cards.php?id=1 and /admin/view_users.php?id=1, id parameter) and retrieve the information stored in the database.
CVSS 8.1Id

-

-

Trending graph for this CVE
CVE-2024-4307SQL injection vulnerability in HubBank affecting version 1.0.2. This vulnerability could allow an attacker to send a specially crafted SQL query to the database through different endpoints (/accounts/activities.php?id=1, /accounts/view-deposit.php?id=1, /accounts/view_cards. php?id=1, /accounts/wire-transfer.php?id=1 and /accounts/wiretransfer-pending.php?id=1, id parameter) and retrieve the information stored in the database.
CVSS 8.1Id

-

-

Trending graph for this CVE
CVE-2024-43040Renwoxing Enterprise Intelligent Management System before v3.0 was discovered to contain a SQL injection vulnerability via the parid parameter at /fx/baseinfo/SearchInfo.
CVSS 9.1

-

-

Trending graph for this CVE
CVE-2024-42994VTiger CRM <= 8.1.0 does not properly sanitize user input before using it in a SQL statement, leading to a SQL Injection in the "CompanyDetails" operation of the "MailManager" module.
CVSS 7.2Vtiger

-

-

Trending graph for this CVE
CVE-2024-4295The Email Subscribers by Icegram Express plugin for WordPress is vulnerable to SQL Injection via the ‘hash’ parameter in all versions up to, and including, 5.7.20 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
CVSS 9.8Wordpress, et al

Exploit

Patched

Trending graph for this CVE
CVE-2024-42913RuoYi CMS v4.7.9 was discovered to contain a SQL injection vulnerability via the job_id parameter at /sasfs1.
CVSS 9.8Ruoyi

-

-

Trending graph for this CVE
CVE-2024-42885SQL Injection vulnerability in ESAFENET CDG 5.6 and before allows an attacker to execute arbitrary code via the id parameter of the data.jsp page.
CVSS 9.1Esafenet

-

-

Trending graph for this CVE
CVE-2024-42843Projectworlds Online Examination System v1.0 is vulnerable to SQL Injection via the subject parameter in feed.php.
CVSS 9.8Projectworlds

Exploit

-

Trending graph for this CVE
CVE-2024-42786A SQL injection vulnerability in "/music/view_user.php" in Kashipara Music Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "id" parameter of View User Profile Page.
CVSS 8.8Lopalopa, et al

Exploit

-

Trending graph for this CVE
CVE-2024-42785A SQL injection vulnerability in /music/index.php?page=view_playlist in Kashipara Music Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "id" parameter.
CVSS 8.8Lopalopa, et al

Exploit

-

Trending graph for this CVE
CVE-2024-42784A SQL injection vulnerability in "/music/controller.php?page=view_music" in Kashipara Music Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "id" parameter.
CVSS 9.8Lopalopa, et al

Exploit

-

Trending graph for this CVE
CVE-2024-42783Kashipara Music Management System v1.0 is vulnerable to SQL Injection via /music/manage_playlist_items.php. An attacker can execute arbitrary SQL commands via the "pid" parameter.
CVSS 9.8Lopalopa, et al

Exploit

-

Trending graph for this CVE
CVE-2024-42782A SQL injection vulnerability in "/music/ajax.php?action=find_music" in Kashipara Music Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "search" parameter.
CVSS 9.8Lopalopa, et al

Exploit

-

Trending graph for this CVE
CVE-2024-42781A SQL injection vulnerability in "/music/ajax.php?action=login" of Kashipara Music Management System v1.0 allows remote attackers to execute arbitrary SQL commands and bypass Login via the email parameter.
CVSS 9.8Lopalopa, et al

Exploit

-

Trending graph for this CVE
CVE-2024-42765A SQL injection vulnerability in "/login.php" of the Kashipara Bus Ticket Reservation System v1.0 allows remote attackers to execute arbitrary SQL commands and bypass Login via the "email" or "password" Login page parameters.
CVSS 9.8Kashipara

-

-

Trending graph for this CVE
CVE-2024-42760SQL Injection vulnerability in Ellevo v.6.2.0.38160 allows a remote attacker to obtain sensitive information via the /api/mob/instrucao/conta/destinatarios component.
CVSS 7.5

-

-

Trending graph for this CVE
CVE-2024-42679SQL Injection vulnerability in Super easy enterprise management system v.1.0.0 and before allows a local attacker to execute arbitrary code via a crafted script to the/ajax/Login.ashx component.
CVSS 7.8

Exploit

-

Trending graph for this CVE
CVE-2024-42575School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at substaff.php.
CVSS 9.8Apache

Exploit

-

Trending graph for this CVE
CVE-2024-42574School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at attendance.php.
CVSS 9.8

Exploit

-

Trending graph for this CVE
CVE-2024-42573School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at dtmarks.php.
CVSS 9.8

Exploit

-

Trending graph for this CVE
CVE-2024-42572School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at unitmarks.php.
CVSS 9.8

Exploit

-

Trending graph for this CVE
CVE-2024-42571School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at insertattendance.php.
CVSS 9.8

-

-

Trending graph for this CVE
CVE-2024-42570School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at admininsert.php.
CVSS 9.8

Exploit

-

Trending graph for this CVE
CVE-2024-4257A vulnerability was found in BlueNet Technology Clinical Browsing System 1.2.1. It has been classified as critical. This affects an unknown part of the file /xds/deleteStudy.php. The manipulation of the argument documentUniqueId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-262149 was assigned to this vulnerability.
CVSS 6.3

-

-

Trending graph for this CVE
CVE-2024-42569School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at paidclass.php.
CVSS 9.8

-

-

Trending graph for this CVE
CVE-2024-42568School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the transport parameter at vehicle.php.
CVSS 9.8

Exploit

-

Trending graph for this CVE
CVE-2024-42567School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the sid parameter at /search.php?action=2.
CVSS 9.8

Exploit

-

Trending graph for this CVE
CVE-2024-42566School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the password parameter at login.php
CVSS 9.8

Exploit

-

Trending graph for this CVE
CVE-2024-42565ERP commit 44bd04 was discovered to contain a SQL injection vulnerability via the id parameter at /index.php/basedata/contact/delete?action=delete.
CVSS 9.8Sap

-

-

Trending graph for this CVE
CVE-2024-42564ERP commit 44bd04 was discovered to contain a SQL injection vulnerability via the id parameter at /index.php/basedata/inventory/delete?action=delete.
CVSS 7.6

-

-

Trending graph for this CVE
CVE-2024-42562Pharmacy Management System commit a2efc8 was discovered to contain a SQL injection vulnerability via the invoice_number parameter at preview.php.
CVSS 9.8

-

-

Trending graph for this CVE
CVE-2024-42561Pharmacy Management System commit a2efc8 was discovered to contain a SQL injection vulnerability via the invoice_number parameter at sales_report.php.
CVSS 8.8

-

-

Trending graph for this CVE
CVE-2024-42558Hotel Management System commit 91caab8 was discovered to contain a SQL injection vulnerability via the book_id parameter at admin_modify_room.php.
CVSS 9.8

-

-

Trending graph for this CVE
CVE-2024-42556Hotel Management System commit 91caab8 was discovered to contain a SQL injection vulnerability via the room_type parameter at admin_room_removed.php.
CVSS 9.8

-

-

Trending graph for this CVE
CVE-2024-42554Hotel Management System commit 91caab8 was discovered to contain a SQL injection vulnerability via the room_type parameter at admin_room_added.php.
CVSS 8.8

-

-

Trending graph for this CVE
CVE-2024-42552Hotel Management System commit 91caab8 was discovered to contain a SQL injection vulnerability via the book_id parameter at admin_room_history.php.
CVSS 8.6

-

-

Trending graph for this CVE
CVE-2024-42417Delta Electronics DIAEnergie is vulnerable to an SQL injection in the script Handler_CFG.ashx. An authenticated attacker may be able to exploit this issue to cause delay in the targeted product.
CVSS 8.8Deltaww

-

Patched

Trending graph for this CVE
CVE-2024-42404SQL injection vulnerability in Welcart e-Commerce prior to 2.11.2 allows an attacker who can login to the product to obtain or alter the information stored in the database.
CVSS 8.8Welcart

-

-

Trending graph for this CVE
CVE-2024-42361Hertzbeat is an open source, real-time monitoring system. Hertzbeat 1.6.0 and earlier declares a /api/monitor/{monitorId}/metric/{metricFull} endpoint to download job metrics. In the process, it executes a SQL query with user-controlled data, allowing for SQL injection.
CVSS 9.8Dromara, et al

Exploit

Patched

Trending graph for this CVE
CVE-2024-42357Shopware is an open commerce platform. Prior to versions 6.6.5.1 and 6.5.8.13, the Shopware application API contains a search functionality which enables users to search through information stored within their Shopware instance. The searches performed by this function can be aggregated using the parameters in the `aggregations` object. The `name` field in this `aggregations` object is vulnerable SQL-injection and can be exploited using SQL parameters. Update to Shopware 6.6.5.1 or 6.5.8.13 to receive a patch. For older versions of 6.1, 6.2, 6.3, and 6.4, corresponding security measures are also available via a plugin.
CVSS 9.8Shopware

-

Patched

Trending graph for this CVE
CVE-2024-4228Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'), CWE - 200 - Exposure of Sensitive Information to an Unauthorized Actor, CWE - 522 - Insufficiently Protected Credentials vulnerability in Magarsus Consultancy SSO (Single Sign On) allows SQL Injection.This issue affects SSO (Single Sign On): from 1.0 before 1.1.
CVSS 9.8

-

-

Trending graph for this CVE
CVE-2024-4215pgAdmin <= 8.5 is affected by a multi-factor authentication bypass vulnerability. This vulnerability allows an attacker with knowledge of a legitimate account’s username and password may authenticate to the application and perform sensitive actions within the application, such as managing files and executing SQL queries, regardless of the account’s MFA enrollment status.
CVSS 7.4Pgadmin

-

Patched

Trending graph for this CVE
CVE-2024-42005An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. QuerySet.values() and values_list() methods on models with a JSONField are subject to SQL injection in column aliases via a crafted JSON object key as a passed *arg.
CVSS 7.3Djangoproject

-

Patched

Trending graph for this CVE
CVE-2024-41944Xibo is a content management system (CMS). An SQL injection vulnerability was discovered in the `report/data/proofofplayReport` API route inside the CMS. This allows an authenticated user to to obtain and modify arbitrary data from the Xibo database by injecting specially crafted values in to the `sortBy` parameter. Users should upgrade to version 3.3.12 or 4.0.14 which fix this issue.
CVSS 6.5Springsignage

-

-

Trending graph for this CVE
CVE-2024-41915A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An attacker could exploit this vulnerability to obtain and modify sensitive information in the underlying database potentially leading to complete compromise of the ClearPass Policy Manager cluster.
CVSS 7.2Arubanetworks

-

-

Trending graph for this CVE
CVE-2024-41804Xibo is a content management system (CMS). An SQL injection vulnerability was discovered in the API route inside the CMS responsible for Adding/Editing DataSet Column Formulas. This allows an authenticated user to to obtain and modify arbitrary data from the Xibo database by injecting specially crafted values in to the `formula` parameter. Users should upgrade to version 3.3.12 or 4.0.14 which fix this issue.
CVSS 6.5Springsignage

-

Patched

Trending graph for this CVE
CVE-2024-41803Xibo is a content management system (CMS). An SQL injection vulnerability was discovered in the API routes inside the CMS responsible for Filtering DataSets. This allows an authenticated user to to obtain arbitrary data from the Xibo database by injecting specially crafted values in to the API for viewing DataSet data. Users should upgrade to version 3.3.12 or 4.0.14 which fix this issue.
CVSS 4.9Springsignage

-

Patched

Trending graph for this CVE
CVE-2024-41802Xibo is a content management system (CMS). An SQL injection vulnerability was discovered in the API routes inside the CMS responsible for Filtering DataSets. This allows an authenticated user to to obtain and modify arbitrary data from the Xibo database by injecting specially crafted values in to the APIs for importing JSON and importing a Layout containing DataSet data. Users should upgrade to version 3.3.12 or 4.0.14 which fix this issue
CVSS 8.1Springsignage

-

Patched

Trending graph for this CVE
CVE-2024-41702SiberianCMS - CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVSS 9.8Siberiancms

-

-

Trending graph for this CVE
CVE-2024-41679GLPI is a free asset and IT management software package. An authenticated user can exploit a SQL injection vulnerability from the ticket form. Upgrade to 10.0.17.
CVSS 6.5Glpi-project

-

-

Trending graph for this CVE
CVE-2024-41618Money Manager EX WebApp (web-money-manager-ex) 1.2.2 is vulnerable to SQL Injection in the `transaction_delete_group` function. The vulnerability is due to improper sanitization of user input in the `TrDeleteArr` parameter, which is directly incorporated into an SQL query.
CVSS 9.8

-

-

Trending graph for this CVE
CVE-2024-41551CampCodes Supplier Management System v1.0 is vulnerable to SQL injection via Supply_Management_System/admin/view_order_items.php?id= .
CVSS 9.8Campcodes

Exploit

-

Trending graph for this CVE
CVE-2024-41550CampCodes Supplier Management System v1.0 is vulnerable to SQL injection via Supply_Management_System/admin/view_invoice_items.php?id= .
CVSS 7.2Campcodes

-

-

Trending graph for this CVE
CVE-2024-41512A SQL Injection vulnerability in "ccHandler.aspx" in all versions of CADClick v.1.11.0 and before allows remote attackers to execute arbitrary SQL commands via the "bomid" parameter.
CVSS 8.8

-

-

Trending graph for this CVE
CVE-2024-4145The Search & Replace WordPress plugin before 3.2.2 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks (such as within a multi-site network).
CVSS 7.2Wordpress, et al

Exploit

-

Trending graph for this CVE
CVE-2024-41444SeaCMS v12.9 has a SQL injection vulnerability in the key parameter of /js/player/dmplayer/dmku/index.php?ac=so.
CVSS 9.8Seacms

-

-

Trending graph for this CVE
CVE-2024-41372Organizr v1.90 was discovered to contain a SQL injection vulnerability via chat/settyping.php.
CVSS 9.8Organizr

Exploit

-

Trending graph for this CVE
CVE-2024-41370Organizr v1.90 was discovered to contain a SQL injection vulnerability via chat/setlike.php.
CVSS 9.8Organizr

Exploit

-

Trending graph for this CVE
CVE-2024-41238A SQL injection vulnerability in /smsa/student_login.php in Kashipara Responsive School Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "username" parameter.
CVSS 5.3Lopalopa, et al

Exploit

-

Trending graph for this CVE
CVE-2024-41237A SQL injection vulnerability in /smsa/teacher_login.php in Kashipara Responsive School Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "username" parameter.
CVSS 9.8Lopalopa, et al

Exploit

-

Trending graph for this CVE
CVE-2024-41236A SQL injection vulnerability in /smsa/admin_login.php in Kashipara Responsive School Management System v3.2.0 allows an attacker to execute arbitrary SQL commands via the "username" parameter of the Admin Login Page
CVSS 7.2Lopalopa, et al

Exploit

-

Trending graph for this CVE
CVE-2024-4093A vulnerability, which was classified as critical, was found in SourceCodester Simple Subscription Website 1.0. Affected is an unknown function of the file view_application.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-261822 is the identifier assigned to this vulnerability.
CVSS 6.3Simple subscription website project

-

-

Trending graph for this CVE