Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CWE-89

CVE IDCVSSVendorExploitPatchTrends
CVE-2024-4071A vulnerability was found in Kashipara Online Furniture Shopping Ecommerce Website 1.0 and classified as critical. This issue affects some unknown processing of the file prodInfo.php. The manipulation of the argument prodId leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-261797 was assigned to this vulnerability.
CVSS 8.8Kashipara, et al

Exploit

-

Trending graph for this CVE
CVE-2024-4070A vulnerability has been found in Kashipara Online Furniture Shopping Ecommerce Website 1.0 and classified as critical. This vulnerability affects unknown code of the file prodList.php. The manipulation of the argument prodType leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-261796.
CVSS 6.3Kashipara

-

-

Trending graph for this CVE
CVE-2024-4069A vulnerability, which was classified as critical, was found in Kashipara Online Furniture Shopping Ecommerce Website 1.0. This affects an unknown part of the file search.php. The manipulation of the argument txtSearch leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-261795.
CVSS 6.3Kashipara

-

-

Trending graph for this CVE
CVE-2024-40689IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database. IBM X-Force ID: 297719.
CVSS 9.8Ibm

-

Patched

Trending graph for this CVE
CVE-2024-40638GLPI is a free asset and IT management software package. An authenticated user can exploit multiple SQL injection vulnerabilities. One of them can be used to alter another user account data and take control of it. Upgrade to 10.0.17.
CVSS 8.1Glpi-project

-

-

Trending graph for this CVE
CVE-2024-40637dbt enables data analysts and engineers to transform their data using the same practices that software engineers use to build applications. When a user installs a package in dbt, it has the ability to override macros, materializations, and other core components of dbt. This is by design, as it allows packages to extend and customize dbt's functionality. However, this also means that a malicious package could potentially override these components with harmful code. This issue has been fixed in versions 1.8.0, 1.6.14 and 1.7.14. Users are advised to upgrade. There are no kn own workarounds for this vulnerability. Users updating to either 1.6.14 or 1.7.14 will need to set `flags.require_explicit_package_overrides_for_builtin_materializations: False` in their configuration in `dbt_project.yml`.
CVSS 7.8

Exploit

Patched

Trending graph for this CVE
CVE-2024-40614EGroupware before 23.1.20240624 mishandles an ORDER BY clause. This leads to json.php?menuaction=EGroupware\Api\Etemplate\Widget\Nextmatch::ajax_get_rows sort.id SQL injection by authenticated users for Address Book or InfoLog sorting.
CVSS 9.8Egroupware

-

Patched

Trending graph for this CVE
CVE-2024-40560Tmall_demo before v2024.07.03 was discovered to contain a SQL injection vulnerability.
CVSS 7.3Alibaba

-

-

Trending graph for this CVE
CVE-2024-40542my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /api/role?offset.
CVSS 9.8

Exploit

-

Trending graph for this CVE
CVE-2024-40541my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /api/dept/build.
CVSS 9.8

Exploit

-

Trending graph for this CVE
CVE-2024-40540my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /api/dept.
CVSS 9.8

Exploit

-

Trending graph for this CVE
CVE-2024-40539my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /api/user.
CVSS 9.8

Exploit

-

Trending graph for this CVE
CVE-2024-40502SQL injection vulnerability in Hospital Management System Project in ASP.Net MVC 1 allows aremote attacker to execute arbitrary code via the btn_login_b_Click function of the Loginpage.aspx
CVSS 9.8Hospital management system project

-

-

Trending graph for this CVE
CVE-2024-40498SQL Injection vulnerability in PuneethReddyHC Online Shopping sysstem advanced v.1.0 allows an attacker to execute arbitrary code via the register.php
CVSS 9.8Puneethreddyhc

Exploit

-

Trending graph for this CVE
CVE-2024-40486A SQL injection vulnerability in "/index.php" of Kashipara Live Membership System v1.0 allows remote attackers to execute arbitrary SQL commands and bypass Login via the email or password Login parameters.
CVSS 9.8Kashipara

-

-

Trending graph for this CVE
CVE-2024-40479A SQL injection vulnerability in "/admin/quizquestion.php" in Kashipara Online Exam System v1.0 allows remote attackers to execute arbitrary SQL commands via the "eid" parameter.
CVSS 8.1Kashipara

-

-

Trending graph for this CVE
CVE-2024-40477A SQL injection vulnerability in "/oahms/admin/forgot-password.php" in PHPGurukul Old Age Home Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "email" parameter.
CVSS 9.8Phpgurukul

-

-

Trending graph for this CVE
CVE-2024-40472Sourcecodester Daily Calories Monitoring Tool v1.0 is vulnerable to SQL Injection via "delete-calorie.php."
CVSS 9.8Sourcecodester, et al

-

-

Trending graph for this CVE
CVE-2024-40456ThinkSAAS v3.7.0 was discovered to contain a SQL injection vulnerability via the name parameter at \system\action\update.php.
CVSS 9.8Thinksaas

-

-

Trending graph for this CVE
CVE-2024-40402A SQL injection vulnerability was found in 'ajax.php' of Sourcecodester Simple Library Management System 1.0. This vulnerability stems from insufficient user input validation of the 'username' parameter, allowing attackers to inject malicious SQL queries.
CVSS 6.3Sourcecodester

-

-

Trending graph for this CVE
CVE-2024-40393Online Clinic Management System In PHP With Free Source code v1.0 was discovered to contain a SQL injection vulnerability via the user parameter at login.php.
CVSS 9.8Bigprof, et al

Exploit

-

Trending graph for this CVE
CVE-2024-40392SourceCodester Pharmacy/Medical Store Point of Sale System Using PHP/MySQL and Bootstrap Framework with Source Code 1.0 was discovered to contain a SQL injection vulnerability via the name parameter under addnew.php.
CVSS 9.8Sourcecodester

-

-

Trending graph for this CVE
CVE-2024-40322An issue was discovered in JFinalCMS v.5.0.0. There is a SQL injection vulnerablity via /admin/div_data/data
CVSS 8.8Jfinalcms project

Exploit

-

Trending graph for this CVE
CVE-2024-399111Panel is a web-based linux server management control panel. 1Panel contains an unspecified sql injection via User-Agent handling. This issue has been addressed in version 1.10.12-lts. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS 9.8Fit2cloud

Exploit

Patched

Trending graph for this CVE
CVE-2024-39909While using the Helm chart, the impact of this vulnerability is limited since it allows read access only to the kuberclarity database, to which access is already given as far as I understand to regular users anyway. On the other hand, if Kuberclarity is deployed in a less secure way, this might allow access to more data then allowed or expected (beyond the limits of the KuberClarity database) The vulnerable line was introduced as part of the initial commit of Kubeclarity, so all versions up until the latest (2.23.1) are assumed vulnerable.
CVSS 6.5

-

Patched

Trending graph for this CVE
CVE-2024-399071Panel is a web-based linux server management control panel. There are many sql injections in the project, and some of them are not well filtered, leading to arbitrary file writes, and ultimately leading to RCEs. These sql injections have been resolved in version 1.10.12-tls. Users are advised to upgrade. There are no known workarounds for these issues.
CVSS 9.8Fit2cloud

Exploit

Patched

Trending graph for this CVE
CVE-2024-39887An SQL Injection vulnerability in Apache Superset exists due to improper neutralization of special elements used in SQL commands. Specifically, certain engine-specific functions are not checked, which allows attackers to bypass Apache Superset's SQL authorization. To mitigate this, a new configuration key named DISALLOWED_SQL_FUNCTIONS has been introduced. This key disallows the use of the following PostgreSQL functions: version, query_to_xml, inet_server_addr, and inet_client_addr. Additional functions can be added to this list for increased protection. This issue affects Apache Superset: before 4.0.2. Users are recommended to upgrade to version 4.0.2, which fixes the issue.
CVSS 4.3Apache

-

Patched

Trending graph for this CVE
CVE-2024-39843A SQL injection vulnerability in Centreon 24.04.2 allows a remote high-privileged attacker to execute arbitrary SQL command via create user form inputs.
CVSS 6.7Centreon

-

-

Trending graph for this CVE
CVE-2024-39842A SQL injection vulnerability in Centreon 24.04.2 allows a remote high-privileged attacker to execute arbitrary SQL command via user massive changes inputs.
CVSS 7.2Centreon

-

-

Trending graph for this CVE
CVE-2024-39841This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. Authentication is required to exploit this vulnerability.<br/>The specific flaw exists within the testServiceExistence function. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the apache user.<br/> <p>Fixed in centreon-web versions: 22.04.24, 22.10.22, 23.04.18, 23.10.12, 24.04.3</p><br/></td>
CVSS 8.8Centreon

Exploit

-

Trending graph for this CVE
CVE-2024-39753This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Apex One. Authentication is required to exploit this vulnerability.<br/>The specific flaw exists within the client management functionality. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of IUSR.<br/> Trend Micro has issued an update to correct this vulnerability. More details can be found at: <br/><a href="https://success.trendmicro.com/dcx/s/solution/000298063">https://success.trendmicro.com/dcx/s/solution/000298063</a> <br/></td>
CVSS 7.5Trendmicro

Exploit

-

Trending graph for this CVE
CVE-2024-39677A SQL injection vulnerability exists in some types implementing ILiteralType.ObjectToSQLString. Callers of these methods are exposed to the vulnerability, which includes: Mappings using inheritance with discriminator values: The discriminator value could be written in the mapping in a way exploiting the vulnerability of the associated discriminator type, if that type is among the vulnerable ones. The current culture settings for formatting the discriminator value type could be altered in a way resulting into SQL injections with the discriminator values. HQL queries referencing a static field of the application. Users of the SqlInsertBuilder and SqlUpdateBuilder utilities, calling their AddColumn overload taking a literal value. These overloads are unused by NHibernate but could be used by users referencing directly these utilities. Any direct use of the ObjectToSQLString methods for building SQL queries on the user side.
CVSS 9.8Nhibernate

-

Patched

Trending graph for this CVE
CVE-2024-39658Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Salon Booking System Salon booking system allows SQL Injection.This issue affects Salon booking system: from n/a through 10.7.
CVSS 7.2Salonbookingsystem

-

-

Trending graph for this CVE
CVE-2024-39653Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in E4J s.R.L. VikRentCar allows SQL Injection.This issue affects VikRentCar: from n/a through 1.4.0.
CVSS 9.8E4jconnect

-

-

Trending graph for this CVE
CVE-2024-39638Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Roundup WP Registrations for the Events Calendar allows SQL Injection.This issue affects Registrations for the Events Calendar: from n/a through 2.12.2.
CVSS 8.8Roundupwp

-

-

Trending graph for this CVE
CVE-2024-39622Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CridioStudio ListingPro.This issue affects ListingPro: from n/a through 2.9.4.
CVSS 9.8Cridio

-

-

Trending graph for this CVE
CVE-2024-39620Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CridioStudio ListingPro allows SQL Injection.This issue affects ListingPro: from n/a through 2.9.4.
CVSS 8.8Cridio

-

-

Trending graph for this CVE
CVE-2024-39368Improper neutralization of special elements used in an SQL command ('SQL Injection') in some Intel(R) Neural Compressor software before version v3.0 may allow an authenticated user to potentially enable escalation of privilege via adjacent access.
CVSS 8

-

-

Trending graph for this CVE
CVE-2024-39309This vulnerability allows remote attackers to bypass authentication on affected installations of Parse Server. Authentication is not required to exploit this vulnerability.<br/>The specific flaw exists within the literalizeRegexPart function. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to bypass authentication on the system.<br/> Parse has issued an update to correct this vulnerability. More details can be found at: <br/><a href="https://github.com/parse-community/parse-server/security/advisories/GHSA-c2hr-cqg6-8j6r">https://github.com/parse-community/parse-server/security/advisories/GHSA-c2hr-cqg6-8j6r</a> <br/></td>
CVSS 9.8Parseplatform

Exploit

Patched

Trending graph for this CVE
CVE-2024-39304ChurchCRM is an open-source church management system. Versions of the application prior to 5.9.2 are vulnerable to an authenticated SQL injection due to an improper sanitization of user input. Authentication is required, but no elevated privileges are necessary. This allows attackers to inject SQL statements directly into the database query due to inadequate sanitization of the EID parameter in in a GET request to `/GetText.php`. Version 5.9.2 patches the issue.
CVSS 8.8Churchcrm

Exploit

Patched

Trending graph for this CVE
CVE-2024-39250EfroTech Timetrax v8.3 was discovered to contain an unauthenticated SQL injection vulnerability via the q parameter in the search web interface.
CVSS 9.8

Exploit

-

Trending graph for this CVE
CVE-2024-3922The Dokan Pro plugin for WordPress is vulnerable to SQL Injection via the 'code' parameter in all versions up to, and including, 3.10.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
CVSS 9.8Wordpress, et al

Exploit

-

Trending graph for this CVE
CVE-2024-39072AMTT Hotel Broadband Operation System (HiBOS) v3.0.3.151204 is vulnerable to SQL injection via manager/conference/calendar_remind.php.
CVSS 5.5Amttgroup

-

-

Trending graph for this CVE
CVE-2024-39027SeaCMS v12.9 has an unauthorized SQL injection vulnerability. The vulnerability is caused by the SQL injection through the cid parameter at /js/player/dmplayer/dmku/index.php?ac=edit, which can cause sensitive database information to be leaked.
CVSS 7.5Seacms

Exploit

-

Trending graph for this CVE
CVE-2024-38889An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to perform SQL Injection due to improper neutralization of special elements used in an SQL command.
CVSS 9.8

-

-

Trending graph for this CVE
CVE-2024-38872Zohocorp ManageEngine Exchange Reporter Plus versions 5717 and below are vulnerable to the authenticated SQL injection in the monitoring module.
CVSS 8.8Zohocorp

-

Patched

Trending graph for this CVE
CVE-2024-38871Zohocorp ManageEngine Exchange Reporter Plus versions 5717 and below are vulnerable to the authenticated SQL injection in the reports module.
CVSS 8.8Zohocorp

-

Patched

Trending graph for this CVE
CVE-2024-38814An authenticated SQL injection vulnerability in VMware HCX was privately reported to VMware. A malicious authenticated user with non-administrator privileges may be able to enter specially crafted SQL queries and perform unauthorized remote code execution on the HCX manager.  Updates are available to remediate this vulnerability in affected VMware products.
CVSS 8.8Vmware

-

-

Trending graph for this CVE
CVE-2024-38795Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CridioStudio ListingPro allows SQL Injection.This issue affects ListingPro: from n/a through 2.9.4.
CVSS 9.8Cridio

-

-

Trending graph for this CVE
CVE-2024-38793Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in PriceListo Best Restaurant Menu by PriceListo allows SQL Injection.This issue affects Best Restaurant Menu by PriceListo: from n/a through 1.4.1.
CVSS 8.8Pricelisto

Exploit

-

Trending graph for this CVE
CVE-2024-38788Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Bởi Admin 2020 UiPress lite allows SQL Injection.This issue affects UiPress lite: from n/a through 3.4.06.
CVSS 7.2Wordpress, et al

-

-

Trending graph for this CVE
CVE-2024-38773Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Adrian Tobey FormLift for Infusionsoft Web Forms allows Blind SQL Injection.This issue affects FormLift for Infusionsoft Web Forms: from n/a through 7.5.17.
CVSS 9.8Formlift, et al

-

-

Trending graph for this CVE
CVE-2024-38755Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Designinvento DirectoryPress allows SQL Injection.This issue affects DirectoryPress: from n/a through 3.6.10.
CVSS 8.8Wordpress, et al

-

-

Trending graph for this CVE
CVE-2024-38708Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in UkrSolution Barcode Scanner with Inventory & Order Manager allows SQL Injection.This issue affects Barcode Scanner with Inventory & Order Manager: from n/a through 1.6.1.
CVSS 8.8Ukrsolution

-

-

Trending graph for this CVE
CVE-2024-38693Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in weDevs WP User Frontend allows SQL Injection.This issue affects WP User Frontend: from n/a through 4.0.7.
CVSS 7.2Wedevs

-

-

Trending graph for this CVE
CVE-2024-38692Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Spiffy Plugins Spiffy Calendar allows SQL Injection.This issue affects Spiffy Calendar: from n/a through 4.9.11.
CVSS 7.2Spiffyplugins

-

-

Trending graph for this CVE
CVE-2024-38348CodeProjects Health Care hospital Management System v1.0 was discovered to contain a SQL injection vulnerability in the Staff Info module via the searvalu parameter.
CVSS 8.8Anviz, et al

Exploit

-

Trending graph for this CVE
CVE-2024-38347CodeProjects Health Care hospital Management System v1.0 was discovered to contain a SQL injection vulnerability in the Room Information module via the id parameter.
CVSS 8.8Anviz, et al

Exploit

-

Trending graph for this CVE
CVE-2024-38293ALCASAR before 3.6.1 allows CSRF and remote code execution in activity.php.
CVSS 9.6Alcasar

-

-

Trending graph for this CVE
CVE-2024-38289A boolean-based SQL injection issue in the Virtual Meeting Password (VMP) endpoint in R-HUB TurboMeeting through 8.x allows unauthenticated remote attackers to extract hashed passwords from the database, and authenticate to the application, via crafted SQL input.
CVSS 9.8Rhubcom

Exploit

-

Trending graph for this CVE
CVE-2024-3816Sites managed in S@M CMS (Concept Intermedia) might be vulnerable to a blind SQL Injection executed using the search bar.  Only a part of observed services is vulnerable, but since vendor has not investigated the root problem, it is hard to determine when the issue appears.
CVSS 9.8

-

-

Trending graph for this CVE
CVE-2024-3797A vulnerability was found in SourceCodester QR Code Bookmark System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /endpoint/delete-bookmark.php?bookmark=1. The manipulation of the argument bookmark leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-260764.
CVSS 6.3Easydigitaldownloads

-

-

Trending graph for this CVE
CVE-2024-37933Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in anhvnit Woocommerce OpenPos.This issue affects Woocommerce OpenPos: from n/a through 6.4.4.
CVSS 9.3Woocommerce

-

-

Trending graph for this CVE
CVE-2024-37906Admidio is a free, open source user management system for websites of organizations and groups. In Admidio before version 4.3.9, there is an SQL Injection in the `/adm_program/modules/ecards/ecard_send.php` source file of the Admidio Application. The SQL Injection results in a compromise of the application's database. The value of `ecard_recipients `POST parameter is being directly concatenated with the SQL query in the source code causing the SQL Injection. The SQL Injection can be exploited by a member user, using blind condition-based, time-based, and Out of band interaction SQL Injection payloads. This vulnerability is fixed in 4.3.9.
CVSS 9.9Admidio

-

Patched

Trending graph for this CVE
CVE-2024-37896Gin-vue-admin is a backstage management system based on vue and gin. Gin-vue-admin <= v2.6.5 has SQL injection vulnerability. The SQL injection vulnerabilities occur when a web application allows users to input data into SQL queries without sufficiently validating or sanitizing the input. Failing to properly enforce restrictions on user input could mean that even a basic form input field can be used to inject arbitrary and potentially dangerous SQL commands. This could lead to unauthorized access to the database, data leakage, data manipulation, or even complete compromise of the database server. This vulnerability has been addressed in commit `53d033821` which has been included in release version 2.6.6. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS 8.8Gin-vue-admin project

-

-

Trending graph for this CVE
CVE-2024-37873SQL injection vulnerability in view_payslip.php in Itsourcecode Payroll Management System Project In PHP With Source Code 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVSS 9.8Payroll management system project

Exploit

-

Trending graph for this CVE
CVE-2024-37872SQL injection vulnerability in process.php in Itsourcecode Billing System in PHP 1.0 allows remote attackers to execute arbitrary SQL commands via the username parameter.
CVSS 8.1Php

-

-

Trending graph for this CVE
CVE-2024-37871SQL injection vulnerability in login.php in Itsourcecode Online Discussion Forum Project in PHP with Source Code 1.0 allows remote attackers to execute arbitrary SQL commands via the email parameter.
CVSS 8.2Php

-

-

Trending graph for this CVE
CVE-2024-37870SQL injection vulnerability in processscore.php in Learning Management System Project In PHP With Source Code 1.0 allows attackers to execute arbitrary SQL commands via the id parameter.
CVSS 9.8

-

-

Trending graph for this CVE
CVE-2024-37857SQL Injection vulnerability in Lost and Found Information System 1.0 allows a remote attacker to escalate privileges via id parameter to php-lfis/admin/categories/view_category.php.
CVSS 8.8Sourcecodester

-

-

Trending graph for this CVE
CVE-2024-37849A SQL Injection vulnerability in itsourcecode Billing System 1.0 allows a local attacker to execute arbitrary code in process.php via the username parameter.
CVSS 9.8

Exploit

-

Trending graph for this CVE
CVE-2024-37848SQL Injection vulnerability in Online-Bookstore-Project-In-PHP v1.0 allows a local attacker to execute arbitrary code via the admin_delete.php component.
CVSS 8.4Projectworlds

-

-

Trending graph for this CVE
CVE-2024-37843Craft CMS up to v3.7.31 was discovered to contain a SQL injection vulnerability via the GraphQL API endpoint.
CVSS 9.8Craftcms

Exploit

-

Trending graph for this CVE
CVE-2024-37840SQL injection vulnerability in processscore.php in Itsourcecode Learning Management System Project In PHP With Source Code v1.0 allows remote attackers to execute arbitrary SQL commands via the LessonID parameter.
CVSS 8.8

-

-

Trending graph for this CVE
CVE-2024-37831Itsourcecode Payroll Management System 1.0 is vulnerable to SQL Injection in payroll_items.php via the ID parameter.
CVSS 9.8Payroll management system project

-

-

Trending graph for this CVE
CVE-2024-37802CodeProjects Health Care hospital Management System v1.0 was discovered to contain a SQL injection vulnerability in the Patient Info module via the searvalu parameter.
CVSS 8.8Anviz, et al

Exploit

-

Trending graph for this CVE
CVE-2024-37799CodeProjects Restaurant Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the reserv_id parameter at view_reservations.php.
CVSS 5.4

-

-

Trending graph for this CVE
CVE-2024-37791DuxCMS3 v3.1.3 was discovered to contain a SQL injection vulnerability via the keyword parameter at /article/Content/index?class_id.
CVSS 6

Exploit

-

Trending graph for this CVE
CVE-2024-37765Machform up to version 19 is affected by an authenticated Blind SQL injection in the user account settings page.
CVSS 8.8Machform

Exploit

-

Trending graph for this CVE
CVE-2024-3771A vulnerability was found in PHPGurukul Student Record System 3.20 and classified as critical. Affected by this issue is some unknown functionality of the file /edit-subject.php. The manipulation of the argument sub1/sub2/sub3/sub4/udate leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-260618 is the identifier assigned to this vulnerability.
CVSS 6.3Phpgurukul

-

-

Trending graph for this CVE
CVE-2024-3770A vulnerability has been found in PHPGurukul Student Record System 3.20 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /manage-courses.php?del=1. The manipulation of the argument del leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-260617 was assigned to this vulnerability.
CVSS 6.3Phpgurukul

-

-

Trending graph for this CVE
CVE-2024-37699An issue in DataLife Engine v.17.1 and before is vulnerable to SQL Injection in dboption.
CVSS 9.8Dleviet

-

-

Trending graph for this CVE
CVE-2024-3769A vulnerability, which was classified as critical, was found in PHPGurukul Student Record System 3.20. Affected is an unknown function of the file /login.php. The manipulation of the argument id/password leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-260616.
CVSS 7.3Phpgurukul

-

-

Trending graph for this CVE
CVE-2024-3768A vulnerability, which was classified as critical, has been found in PHPGurukul News Portal 4.1. This issue affects some unknown processing of the file search.php. The manipulation of the argument searchtitle leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-260615.
CVSS 6.3Phpgurukul

-

-

Trending graph for this CVE
CVE-2024-3767A vulnerability classified as critical was found in PHPGurukul News Portal 4.1. This vulnerability affects unknown code of the file /admin/edit-post.php. The manipulation of the argument posttitle leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-260614 is the identifier assigned to this vulnerability.
CVSS 6.3Phpgurukul

-

-

Trending graph for this CVE
CVE-2024-37564Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in PayPlus LTD PayPlus Payment Gateway.This issue affects PayPlus Payment Gateway: from n/a through 7.0.7.
CVSS 8.5Payplus

-

-

Trending graph for this CVE
CVE-2024-37494Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in KaineLabs Youzify.This issue affects Youzify: from n/a through 1.2.5.
CVSS 8.8Kainelabs

-

-

Trending graph for this CVE
CVE-2024-37486Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Paid Memberships Pro.This issue affects Paid Memberships Pro: from n/a through 3.0.5.
CVSS 7.2Paidmembershipspro, et al

-

-

Trending graph for this CVE
CVE-2024-37393Multiple LDAP injections vulnerabilities exist in SecurEnvoy MFA before 9.4.514 due to improper validation of user-supplied input. An unauthenticated remote attacker could exfiltrate data from Active Directory through blind LDAP injection attacks against the DESKTOP service exposed on the /secserver HTTP endpoint. This may include ms-Mcs-AdmPwd, which has a cleartext password for the Local Administrator Password Solution (LAPS) feature.
CVSS 7.5Securenvoy

Exploit

-

Trending graph for this CVE
CVE-2024-37381An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2024 flat allows an authenticated attacker within the same network to execute arbitrary code.
CVSS LowIvanti

-

-

Trending graph for this CVE
CVE-2024-37376SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
CVSS HIGHIvanti

-

-

Trending graph for this CVE
CVE-2024-37256Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeum Tutor LMS.This issue affects Tutor LMS: from n/a through 2.7.1.
CVSS 7.2Themeum

-

-

Trending graph for this CVE
CVE-2024-37252Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Icegram Email Subscribers & Newsletters allows SQL Injection.This issue affects Email Subscribers & Newsletters: from n/a through 5.7.25.
CVSS 9.3Email-subscriber project

-

-

Trending graph for this CVE
CVE-2024-37225Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Zoho Marketing Automation.This issue affects Zoho Marketing Automation: from n/a through 1.2.7.
CVSS 8.8Zoho

-

-

Trending graph for this CVE
CVE-2024-3720A vulnerability has been found in Tianwell Fire Intelligent Command Platform 1.1.1.1 and classified as critical. This vulnerability affects unknown code of the file /mfsNotice/page of the component API Interface. The manipulation of the argument gsdwid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-260572.
CVSS 6.3

-

-

Trending graph for this CVE
CVE-2024-3719A vulnerability, which was classified as critical, was found in Campcodes House Rental Management System 1.0. This affects an unknown part of the file ajax.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-260571.
CVSS 6.3Campcodes

-

-

Trending graph for this CVE
CVE-2024-37148GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An authenticated user can exploit a SQL injection vulnerability in some AJAX scripts to alter another user account data and take control of it. Upgrade to 10.0.16.
CVSS 8.1Glpi-project

-

-

Trending graph for this CVE
CVE-2024-37112Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Membership Software WishList Member X.This issue affects WishList Member X: from n/a before 3.26.7.
CVSS 9.8Wordpress

-

-

Trending graph for this CVE
CVE-2024-37090Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in StylemixThemes Masterstudy Elementor Widgets, StylemixThemes Consulting Elementor Widgets.This issue affects Masterstudy Elementor Widgets: from n/a through 1.2.2; Consulting Elementor Widgets: from n/a through 1.3.0.
CVSS 8.8Stylemixthemes

-

-

Trending graph for this CVE
CVE-2024-3704SQL Injection Vulnerability has been found on OpenGnsys product affecting version 1.1.1d (Espeto). This vulnerability allows an attacker to inject malicious SQL code into login page to bypass it or even retrieve all the information stored in the database.
CVSS 9.8

-

-

Trending graph for this CVE