Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CWE-89

CVE IDCVSSVendorExploitPatchTrends
CVE-2024-7199A vulnerability classified as critical was found in SourceCodester Complaints Report Management System 1.0. This vulnerability affects unknown code of the file /admin/manage_user.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272620.
CVSS 8.8Oretnom23, et al

Exploit

-

Trending graph for this CVE
CVE-2024-7198A vulnerability classified as critical has been found in SourceCodester Complaints Report Management System 1.0. This affects an unknown part of the file /admin/manage_station.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272619.
CVSS 8.8Oretnom23, et al

Exploit

-

Trending graph for this CVE
CVE-2024-7197A vulnerability was found in SourceCodester Complaints Report Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/manage_complaint.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-272618 is the identifier assigned to this vulnerability.
CVSS 8.8Oretnom23, et al

Exploit

-

Trending graph for this CVE
CVE-2024-7196A vulnerability was found in SourceCodester Complaints Report Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/ajax.php?action=login. The manipulation of the argument username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272617 was assigned to this vulnerability.
CVSS 9.8Oretnom23, et al

Exploit

-

Trending graph for this CVE
CVE-2024-7195A vulnerability was found in itsourcecode Society Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/check_admin.php. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272616.
CVSS 9.8Phpgurukul, et al

Exploit

-

Trending graph for this CVE
CVE-2024-7194A vulnerability was found in itsourcecode Society Management System 1.0 and classified as critical. This issue affects some unknown processing of the file check_student.php. The manipulation of the argument student_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272615.
CVSS 8.8Phpgurukul, et al

Exploit

-

Trending graph for this CVE
CVE-2024-7191A vulnerability, which was classified as critical, has been found in itsourcecode Society Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/get_balance.php. The manipulation of the argument student_id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272612.
CVSS 9.8Phpgurukul, et al

Exploit

-

Trending graph for this CVE
CVE-2024-7190A vulnerability classified as critical was found in itsourcecode Society Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/get_price.php. The manipulation of the argument expenses_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272611.
CVSS 9.8Phpgurukul, et al

Exploit

-

Trending graph for this CVE
CVE-2024-7188A vulnerability was found in Bylancer Quicklancer 2.4. It has been rated as critical. This issue affects some unknown processing of the file /listing of the component GET Parameter Handler. The manipulation of the argument range2 leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272609 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 9.8Bylancer

Exploit

-

Trending graph for this CVE
CVE-2024-7168A vulnerability was found in SourceCodester School Fees Payment System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /manage_user.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-272582 is the identifier assigned to this vulnerability.
CVSS 8.8Oretnom23, et al

Exploit

-

Trending graph for this CVE
CVE-2024-7167A vulnerability was found in SourceCodester School Fees Payment System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /manage_course.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272581 was assigned to this vulnerability.
CVSS 8.8Oretnom23, et al

Exploit

-

Trending graph for this CVE
CVE-2024-7166A vulnerability was found in SourceCodester School Fees Payment System 1.0. It has been classified as critical. Affected is an unknown function of the file /receipt.php. The manipulation of the argument ef_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272580.
CVSS 8.8Oretnom23, et al

Exploit

-

Trending graph for this CVE
CVE-2024-7165A vulnerability was found in SourceCodester School Fees Payment System 1.0 and classified as critical. This issue affects some unknown processing of the file /view_payment.php. The manipulation of the argument ef_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272579.
CVSS 8.8Oretnom23, et al

Exploit

-

Trending graph for this CVE
CVE-2024-7164A vulnerability has been found in SourceCodester School Fees Payment System 1.0 and classified as critical. This vulnerability affects unknown code of the file /ajax.php?action=login. The manipulation of the argument username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-272578 is the identifier assigned to this vulnerability.
CVSS 9.8Oretnom23, et al

Exploit

-

Trending graph for this CVE
CVE-2024-7150The Slider by 10Web – Responsive Image Slider plugin for WordPress is vulnerable to time-based SQL Injection via the 'id' parameter in all versions up to, and including, 1.2.57 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
CVSS 8.8Wordpress

-

-

Trending graph for this CVE
CVE-2024-7119A vulnerability, which was classified as critical, has been found in MD-MAFUJUL-HASAN Online-Payroll-Management-System up to 20230911. Affected by this issue is some unknown functionality of the file /employee_viewmore.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. VDB-272450 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 8.8

Exploit

-

Trending graph for this CVE
CVE-2024-7118A vulnerability classified as critical was found in MD-MAFUJUL-HASAN Online-Payroll-Management-System up to 20230911. Affected by this vulnerability is an unknown functionality of the file /department_viewmore.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The identifier VDB-272449 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 8.8

Exploit

-

Trending graph for this CVE
CVE-2024-7117A vulnerability classified as critical has been found in MD-MAFUJUL-HASAN Online-Payroll-Management-System up to 20230911. Affected is an unknown function of the file /shift_viewmore.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The identifier of this vulnerability is VDB-272448. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 8.8

Exploit

-

Trending graph for this CVE
CVE-2024-7116A vulnerability was found in MD-MAFUJUL-HASAN Online-Payroll-Management-System up to 20230911. It has been rated as critical. This issue affects some unknown processing of the file /branch_viewmore.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The associated identifier of this vulnerability is VDB-272447. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 8.8

Exploit

-

Trending graph for this CVE
CVE-2024-7115A vulnerability was found in MD-MAFUJUL-HASAN Online-Payroll-Management-System up to 20230911. It has been declared as critical. This vulnerability affects unknown code of the file /designation_viewmore.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. VDB-272446 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 8.8

Exploit

-

Trending graph for this CVE
CVE-2024-7114A vulnerability was found in Tianchoy Blog up to 1.8.8. It has been classified as critical. This affects an unknown part of the file /so.php. The manipulation of the argument search leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272445 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 8.8Tianchoy

Exploit

-

Trending graph for this CVE
CVE-2024-7112The Pinpoint Booking System – #1 WordPress Booking Plugin plugin for WordPress is vulnerable to SQL Injection via the ‘schedule’ parameter in all versions up to, and including, 2.9.9.5.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
CVSS 6.5Wordpress, et al

-

Patched

Trending graph for this CVE
CVE-2024-7105A vulnerability classified as critical has been found in ForIP Tecnologia Administração PABX 1.x. Affected is an unknown function of the file /detalheIdUra of the component Lista Ura Page. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-272430 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 8.8Forip

-

-

Trending graph for this CVE
CVE-2024-7101A vulnerability, which was classified as critical, has been found in ForIP Tecnologia Administração PABX 1.x. This issue affects some unknown processing of the file /login of the component Authentication Form. The manipulation of the argument usuario leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272423. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 7.3Forip

-

-

Trending graph for this CVE
CVE-2024-7099netease-youdao/qanything version 1.4.1 contains a vulnerability where unsafe data obtained from user input is concatenated in SQL queries, leading to SQL injection. The affected functions include `get_knowledge_base_name`, `from_status_to_status`, `delete_files`, and `get_file_by_status`. An attacker can exploit this vulnerability to execute arbitrary SQL queries, potentially stealing information from the database. The issue is fixed in version 1.4.2.
CVSS LowNetease

-

-

Trending graph for this CVE
CVE-2024-7081A vulnerability was found in itsourcecode Tailoring Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file expcatadd.php. The manipulation of the argument title leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-272366 is the identifier assigned to this vulnerability.
CVSS 9.8

Exploit

-

Trending graph for this CVE
CVE-2024-7078Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Semtek Informatics Software Consulting Inc. Semtek Sempos allows SQL Injection.This issue affects Semtek Sempos: through 31072024.
CVSS 9.8

-

-

Trending graph for this CVE
CVE-2024-7076Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Semtek Informatics Software Consulting Inc. Semtek Sempos allows Blind SQL Injection.This issue affects Semtek Sempos: through 31072024.
CVSS 9.8

-

-

Trending graph for this CVE
CVE-2024-7071Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'), CWE - 564 - SQL Injection: Hibernate vulnerability in Brain Information Technologies Inc. Brain Low-Code allows SQL Injection.This issue affects Brain Low-Code: before 2.1.0.
CVSS 9.8Brainlowcode

-

-

Trending graph for this CVE
CVE-2024-7069A vulnerability, which was classified as critical, has been found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0. This issue affects some unknown processing of the file /employee_gatepass/classes/Master.php?f=delete_department. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272351.
CVSS 7.5Oretnom23, et al

Exploit

-

Trending graph for this CVE
CVE-2024-7042A vulnerability in the GraphCypherQAChain class of langchain-ai/langchainjs versions 0.2.5 and all versions with this class allows for prompt injection, leading to SQL injection. This vulnerability permits unauthorized data manipulation, data exfiltration, denial of service (DoS) by deleting all data, breaches in multi-tenant security environments, and data integrity issues. Attackers can create, update, or delete nodes and relationships without proper authorization, extract sensitive data, disrupt services, access data across different tenants, and compromise the integrity of the database.
CVSS 9.8Langchain, et al

Exploit

Patched

Trending graph for this CVE
CVE-2024-7009Unsanitized user-input in Calibre <= 7.15.0 allow users with permissions to perform full-text searches to achieve SQL injection on the SQLite database.
CVSS 7.1Calibre-ebook

Exploit

Patched

Trending graph for this CVE
CVE-2024-6970A vulnerability classified as critical has been found in itsourcecode Tailoring Management System 1.0. Affected is an unknown function of the file /staffcatadd.php. The manipulation of the argument title leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272124.
CVSS 9.8

-

-

Trending graph for this CVE
CVE-2024-6969A vulnerability was found in SourceCodester Clinics Patient Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /ajax/get_patient_history.php. The manipulation of the argument patient_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272123.
CVSS 7.5Oretnom23, et al

Exploit

-

Trending graph for this CVE
CVE-2024-6968A vulnerability was found in SourceCodester Clinics Patient Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /print_patients_visits.php. The manipulation of the argument from/to leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-272122 is the identifier assigned to this vulnerability.
CVSS 7.5Oretnom23, et al

Exploit

-

Trending graph for this CVE
CVE-2024-6967A vulnerability was found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0. It has been classified as critical. This affects an unknown part of the file /employee_gatepass/admin/?page=employee/manage_employee. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272121 was assigned to this vulnerability.
CVSS 7.5Oretnom23, et al

Exploit

-

Trending graph for this CVE
CVE-2024-6966A vulnerability was found in itsourcecode Online Blood Bank Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file login.php of the component Login. The manipulation of the argument user/pass leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272120.
CVSS 9.8Adonesevangelista

Exploit

-

Trending graph for this CVE
CVE-2024-6957A vulnerability classified as critical has been found in itsourcecode University Management System 1.0. This affects an unknown part of the file functions.php of the component Login. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272079.
CVSS 9.8Angeljudesuarez

Exploit

-

Trending graph for this CVE
CVE-2024-6956A vulnerability was found in itsourcecode University Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /view_cgpa.php. The manipulation of the argument VR/VN leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-272078 is the identifier assigned to this vulnerability.
CVSS 7.2Angeljudesuarez

Exploit

-

Trending graph for this CVE
CVE-2024-6953A vulnerability was found in itsourcecode Tailoring Management System 1.0 and classified as critical. This issue affects some unknown processing of the file sms.php. The manipulation of the argument customer leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272075.
CVSS 9.8Angeljudesuarez

Exploit

-

Trending graph for this CVE
CVE-2024-6952A vulnerability has been found in itsourcecode University Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /view_single_result.php?vr=123321&vn=mirage. The manipulation of the argument seme leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-272074 is the identifier assigned to this vulnerability.
CVSS 8.8Angeljudesuarez

Exploit

-

Trending graph for this CVE
CVE-2024-6951A vulnerability, which was classified as critical, was found in SourceCodester Simple Online Book Store System 1.0. This affects an unknown part of the file admin_delete.php. The manipulation of the argument bookisbn leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272073 was assigned to this vulnerability.
CVSS 9.8Oretnom23, et al

Exploit

-

Trending graph for this CVE
CVE-2024-6933A vulnerability was found in LimeSurvey 6.5.14-240624. It has been rated as critical. Affected by this issue is the function actionUpdateSurveyLocaleSettingsGeneralSettings of the file /index.php?r=admin/database/index/updatesurveylocalesettings_generalsettings of the component Survey General Settings Handler. The manipulation of the argument language leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-271988. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 6.3Limesurvey

-

-

Trending graph for this CVE
CVE-2024-6928The Opti Marketing WordPress plugin through 2.0.9 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.
CVSS 9.8Wordpress

Exploit

-

Trending graph for this CVE
CVE-2024-6926The Viral Signup WordPress plugin through 2.1 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection
CVSS 9.8Wordpress, et al

Exploit

-

Trending graph for this CVE
CVE-2024-6924The TrueBooker WordPress plugin before 1.0.3 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.
CVSS 9.8Wordpress

Exploit

-

Trending graph for this CVE
CVE-2024-6919Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NAC Telecommunication Systems Inc. NACPremium allows Blind SQL Injection.This issue affects NACPremium: through 01082024.
CVSS 9.8Nac

-

-

Trending graph for this CVE
CVE-2024-6906A vulnerability was found in SourceCodester Record Management System 1.0 and classified as critical. This issue affects some unknown processing of the file add_leave_non_user.php. The manipulation of the argument LSS leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-271931.
CVSS 8.8Jkev, et al

Exploit

-

Trending graph for this CVE
CVE-2024-6905A vulnerability has been found in SourceCodester Record Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file view_info_user.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-271930 is the identifier assigned to this vulnerability.
CVSS 8.8Jkev, et al

Exploit

-

Trending graph for this CVE
CVE-2024-6904A vulnerability, which was classified as critical, was found in SourceCodester Record Management System 1.0. This affects an unknown part of the file sort2_user.php. The manipulation of the argument qualification leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-271929 was assigned to this vulnerability.
CVSS 8.8Jkev, et al

Exploit

-

Trending graph for this CVE
CVE-2024-6903A vulnerability, which was classified as critical, has been found in SourceCodester Record Management System 1.0. Affected by this issue is some unknown functionality of the file sort1_user.php. The manipulation of the argument position leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-271928.
CVSS 8.8Jkev, et al

Exploit

-

Trending graph for this CVE
CVE-2024-6902A vulnerability classified as critical was found in SourceCodester Record Management System 1.0. Affected by this vulnerability is an unknown functionality of the file sort_user.php. The manipulation of the argument sort leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-271927.
CVSS 8.8Jkev, et al

Exploit

-

Trending graph for this CVE
CVE-2024-6901A vulnerability classified as critical has been found in SourceCodester Record Management System 1.0. Affected is an unknown function of the file entry.php. The manipulation of the argument school leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-271926 is the identifier assigned to this vulnerability.
CVSS 8.8Jkev, et al

Exploit

-

Trending graph for this CVE
CVE-2024-6900A vulnerability was found in SourceCodester Record Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file edit_emp.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-271925 was assigned to this vulnerability.
CVSS 8.8Jkev, et al

Exploit

-

Trending graph for this CVE
CVE-2024-6899A vulnerability was found in SourceCodester Record Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file view_info.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-271924.
CVSS 9.8Jkev, et al

Exploit

-

Trending graph for this CVE
CVE-2024-6898A vulnerability was found in SourceCodester Record Management System 1.0. It has been classified as critical. This affects an unknown part of the file index.php. The manipulation of the argument UserName leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-271923.
CVSS 9.8Jkev, et al

Exploit

-

Trending graph for this CVE
CVE-2024-6830A vulnerability, which was classified as critical, was found in SourceCodester Simple Inventory Management System 1.0. Affected is an unknown function of the file action.php of the component Order Handler. The manipulation of the argument order_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-271812.
CVSS 7.5Oretnom23, et al

Exploit

-

Trending graph for this CVE
CVE-2024-6814This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Authentication is required to exploit this vulnerability.<br/>The specific flaw exists within the getFilterString method. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of SYSTEM.<br/> NETGEAR has issued an update to correct this vulnerability. More details can be found at: <br/><a href="https://kb.netgear.com/000066232/Security-Advisory-for-SQL-Injection-on-the-NMS300-PSV-2024-0019">https://kb.netgear.com/000066232/Security-Advisory-for-SQL-Injection-on-the-NMS300-PSV-2024-0019</a> <br/></td>
CVSS 8.8Netgear

Exploit

Patched

Trending graph for this CVE
CVE-2024-6813This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Authentication is required to exploit this vulnerability.<br/>The specific flaw exists within the getSortString method. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of SYSTEM.<br/> NETGEAR has issued an update to correct this vulnerability. More details can be found at: <br/><a href="https://kb.netgear.com/000066231/Security-Advisory-for-SQL-Injection-on-the-NMS300-PSV-2024-0018">https://kb.netgear.com/000066231/Security-Advisory-for-SQL-Injection-on-the-NMS300-PSV-2024-0018</a> <br/></td>
CVSS 8.8Netgear

Exploit

Patched

Trending graph for this CVE
CVE-2024-6808A vulnerability was found in itsourcecode Simple Task List 1.0. It has been classified as critical. This affects the function insertUserRecord of the file signUp.php. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-271707.
CVSS 9.8Code-projects

Exploit

-

Trending graph for this CVE
CVE-2024-6803A vulnerability has been found in itsourcecode Document Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file insert.php. The manipulation of the argument anothercont leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-271705 was assigned to this vulnerability.
CVSS 9.8

Exploit

-

Trending graph for this CVE
CVE-2024-6802A vulnerability, which was classified as critical, was found in SourceCodester Computer Laboratory Management System 1.0. Affected is an unknown function of the file /lms/classes/Master.php?f=save_record. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-271704.
CVSS 9.8Sourcecodester

Exploit

-

Trending graph for this CVE
CVE-2024-6795In Connex health portal released before8/30/2024, SQL injection vulnerabilities were found that could have allowed an unauthenticated attacker to gain unauthorized access to Connex portal's database.  An attacker could have submitted a crafted payload to Connex portal that could have resulted in modification and disclosure of database content and/or perform administrative operations including shutting down the database.
CVSS 9.8Baxter

-

-

Trending graph for this CVE
CVE-2024-6748Zohocorp ManageEngine OpManager, OpManager Plus, OpManager MSP and RMM versions 128317 and below are vulnerable to authenticated SQL injection in the URL monitoring.
CVSS 8.3Zohocorp

-

-

Trending graph for this CVE
CVE-2024-6745A vulnerability classified as critical has been found in code-projects Simple Ticket Booking 1.0. Affected is an unknown function of the file adminauthenticate.php of the component Login. The manipulation of the argument email/password leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-271476.
CVSS 9.8Code-projects

Exploit

-

Trending graph for this CVE
CVE-2024-6743AguardNet's Space Management System does not properly validate user input, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.
CVSS 9.8

-

-

Trending graph for this CVE
CVE-2024-6736A vulnerability was found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0. It has been rated as critical. This issue affects some unknown processing of the file view_employee.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-271457 was assigned to this vulnerability.
CVSS 8.8Oretnom23, et al

Exploit

-

Trending graph for this CVE
CVE-2024-6735A vulnerability was found in itsourcecode Tailoring Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file setgeneral.php. The manipulation of the argument sitename/email/mobile/sms/currency leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-271456.
CVSS 8.8Angeljudesuarez

Exploit

-

Trending graph for this CVE
CVE-2024-6734A vulnerability was found in itsourcecode Tailoring Management System 1.0. It has been classified as critical. This affects an unknown part of the file templateadd.php. The manipulation of the argument title/msg leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-271455.
CVSS 8.8Angeljudesuarez

Exploit

-

Trending graph for this CVE
CVE-2024-6733A vulnerability was found in itsourcecode Tailoring Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file templateedit.php. The manipulation of the argument id/title/msg leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-271454 is the identifier assigned to this vulnerability.
CVSS 8.8Angeljudesuarez

Exploit

-

Trending graph for this CVE
CVE-2024-6732A vulnerability classified as critical was found in SourceCodester Student Study Center Desk Management System 1.0. This vulnerability affects unknown code of the file /sscdms/classes/Users.php?f=save. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-271450 is the identifier assigned to this vulnerability.
CVSS 8.8Student study center desk management system project, et al

Exploit

-

Trending graph for this CVE
CVE-2024-6731A vulnerability classified as critical has been found in SourceCodester Student Study Center Desk Management System 1.0. This affects an unknown part of the file /Master.php?f=save_student. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-271449 was assigned to this vulnerability.
CVSS 8.8Student study center desk management system project, et al

Exploit

-

Trending graph for this CVE
CVE-2024-6729A vulnerability was found in SourceCodester Kortex Lite Advocate Office Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /control/add_act.php. The manipulation of the argument aname leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-271402 is the identifier assigned to this vulnerability.
CVSS 8.8Sourcecodester, et al

Exploit

-

Trending graph for this CVE
CVE-2024-6728A vulnerability was found in itsourcecode Tailoring Management System 1.0. It has been classified as critical. This affects an unknown part of the file typeedit.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-271401 was assigned to this vulnerability.
CVSS 9.8Angeljudesuarez

Exploit

-

Trending graph for this CVE
CVE-2024-6723The AI Engine WordPress plugin before 2.4.8 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by admin users when viewing chatbot discussions.
CVSS 4.7Wordpress, et al

Exploit

-

Trending graph for this CVE
CVE-2024-6699Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mikafon Electronic Inc. Mikafon MA7 allows SQL Injection.This issue affects Mikafon MA7: from v3.0 before v3.1.
CVSS 9.8

-

-

Trending graph for this CVE
CVE-2024-6681A vulnerability, which was classified as critical, has been found in witmy my-springsecurity-plus up to 2024-07-04. Affected by this issue is some unknown functionality of the file /api/dept. The manipulation of the argument params.dataScope leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-271154 is the identifier assigned to this vulnerability.
CVSS 6.3

-

-

Trending graph for this CVE
CVE-2024-6680A vulnerability classified as critical was found in witmy my-springsecurity-plus up to 2024-07-04. Affected by this vulnerability is an unknown functionality of the file /api/dept/build. The manipulation of the argument params.dataScope leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-271153 was assigned to this vulnerability.
CVSS 6.3

-

-

Trending graph for this CVE
CVE-2024-6679A vulnerability classified as critical has been found in witmy my-springsecurity-plus up to 2024-07-04. Affected is an unknown function of the file /api/role. The manipulation of the argument params.dataScope leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-271152.
CVSS 6.3

-

-

Trending graph for this CVE
CVE-2024-6676A vulnerability has been found in witmy my-springsecurity-plus up to 2024-07-03 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /api/user. The manipulation of the argument params.dataScope leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The associated identifier of this vulnerability is VDB-271111.
CVSS 6.3

-

-

Trending graph for this CVE
CVE-2024-6672In WhatsUp Gold versions released before 2024.0.0, a SQL Injection vulnerability allows an authenticated low-privileged attacker to achieve privilege escalation by modifying a privileged user's password.
CVSS 8.8Progress

-

Patched

Trending graph for this CVE
CVE-2024-6671In WhatsUp Gold versions released before 2024.0.0, if the application is configured with only a single user, a SQL Injection vulnerability allows an unauthenticated attacker to retrieve the users encrypted password.
CVSS 9.8Progress

-

Patched

Trending graph for this CVE
CVE-2024-6670In WhatsUp Gold versions released before 2024.0.0, a SQL Injection vulnerability allows an unauthenticated attacker to retrieve the users encrypted password.
CVSS 9.8Progress

Exploit

Patched

Trending graph for this CVE
CVE-2024-6666The WP ERP plugin for WordPress is vulnerable to SQL Injection via the ‘vendor_id’ parameter in all versions up to, and including, 1.13.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Accounting Manager access (erp_ac_view_sales_summary capability) and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
CVSS 8.8Wedevs, et al

-

Patched

Trending graph for this CVE
CVE-2024-6653A vulnerability was found in code-projects Simple Task List 1.0. It has been declared as critical. This vulnerability affects unknown code of the file loginForm.php of the component Login. The manipulation of the argument username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-271060.
CVSS 7.3

-

-

Trending graph for this CVE
CVE-2024-6652A vulnerability was found in itsourcecode Gym Management System 1.0. It has been classified as critical. This affects an unknown part of the file manage_member.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-271059.
CVSS 8.8Adrianmercurio, et al

Exploit

-

Trending graph for this CVE
CVE-2024-6632A vulnerability exists in FileCatalyst Workflow whereby a field accessible to the super admin can be used to perform an SQL injection attack which can lead to a loss of confidentiality, integrity, and availability.
CVSS 7.2Fortra

-

Patched

Trending graph for this CVE
CVE-2024-6527SQL Injection vulnerability in parameter "w" in file "druk.php" in MegaBIP software allows unauthorized attacker to disclose the contents of the database and obtain administrator's token to modify the content of pages.  This issue affects MegaBIP software versions through 5.13.
CVSS LowMegabip

-

-

Trending graph for this CVE
CVE-2024-6497The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in all versions up to, and including, 12.3.19 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVSS 8.8Squirrly, et al

-

-

Trending graph for this CVE
CVE-2024-6480The SIP Reviews Shortcode for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'no_of_reviews' attribute in the woocommerce_reviews shortcode in all versions up to, and including, 1.2.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVSS 6.4Wordpress

-

-

Trending graph for this CVE
CVE-2024-6479The SIP Reviews Shortcode for WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'no_of_reviews' attribute in the woocommerce_reviews shortcode in all versions up to, and including, 1.2.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
CVSS 6.5Wordpress

-

-

Trending graph for this CVE
CVE-2024-6471A vulnerability classified as critical has been found in SourceCodester Online Tours & Travels Management 1.0. This affects an unknown part of the file sms_setting.php. The manipulation of the argument uname leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-270279.
CVSS 8.8Sourcecodester, et al

Exploit

-

Trending graph for this CVE
CVE-2024-6456AVEVA Historian Server has a vulnerability, if exploited, could allow a malicious SQL command to execute under the privileges of an interactive Historian REST Interface user who had been socially engineered by a miscreant into opening a specially crafted URL.
CVSS LowAveva

-

-

Trending graph for this CVE
CVE-2024-6453A vulnerability was found in itsourcecode Farm Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /quarantine.php?id=3. The manipulation of the argument pigno/breed/reason leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-270241 was assigned to this vulnerability. NOTE: Original submission mentioned parameter pigno only but the VulDB data analysis team determined two additional parameters to be affected as well.
CVSS 8.8Angeljudesuarez

Exploit

-

Trending graph for this CVE
CVE-2024-6452A vulnerability classified as critical was found in linlinjava litemall up to 1.8.0. Affected by this vulnerability is an unknown functionality of the file AdminGoodscontroller.java. The manipulation of the argument goodsId/goodsSn/name leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-270235.
CVSS 6.3

-

-

Trending graph for this CVE
CVE-2024-6440A vulnerability was found in SourceCodester Home Owners Collection Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /classes/Master.php?f=delete_category. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-270168.
CVSS 9.8Home owners collection management system project

Exploit

-

Trending graph for this CVE
CVE-2024-6438A vulnerability has been found in Hitout Carsale 1.0 and classified as critical. This vulnerability affects unknown code of the file OrderController.java. The manipulation of the argument orderBy leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-270166 is the identifier assigned to this vulnerability.
CVSS 6.5

Exploit

-

Trending graph for this CVE
CVE-2024-6419A vulnerability classified as critical was found in SourceCodester Medicine Tracker System 1.0. This vulnerability affects unknown code of the file /classes/Master.php?f=save_medicine. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-270010 is the identifier assigned to this vulnerability.
CVSS 9.8Oretnom23, et al

Exploit

-

Trending graph for this CVE
CVE-2024-6418A vulnerability classified as critical has been found in SourceCodester Medicine Tracker System 1.0. This affects an unknown part of the file /classes/Users.php?f=register_user. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-270009 was assigned to this vulnerability.
CVSS 5.3Oretnom23, et al

Exploit

-

Trending graph for this CVE
CVE-2024-6417A vulnerability was found in SourceCodester Simple Online Bidding System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/ajax.php?action=delete_user. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-270008.
CVSS 7.5Oretnom23, et al

Exploit

-

Trending graph for this CVE