CVE ID | CVSS | Vendor | Exploit | Patch | Trends |
---|---|---|---|---|---|
CVE-2024-48411itsourcecode Online Tours and Travels Management System v1.0 is vulnerable to SQL Injection (SQLI) via a crafted payload to the val-email parameter in forget_password.php. | CVSS 9.8 | - | - | ||
CVE-2024-48357LyLme Spage 1.2.0 through 1.6.0 is vulnerable to SQL Injection via /admin/apply.php. | CVSS 9.8 | Lylme | - | - | |
CVE-2024-48356LyLme Spage <=1.6.0 is vulnerable to SQL Injection via /admin/group.php. | CVSS 9.8 | Lylme | - | - | |
CVE-2024-48343A SQL Injection vulnerability in ESAFENET CDG 5 and earlier allows an attacker to execute arbitrary code via the id parameter of the dataSearch.jsp page. | CVSS 6.3 | Esafenet | - | - | |
CVE-2024-48325Portabilis i-Educar 2.8.0 is vulnerable to SQL Injection in the "getDocuments" function of the "InstituicaoDocumentacaoController" class. The "instituicao_id" parameter in "/module/Api/InstituicaoDocumentacao?oper=get&resource=getDocuments&instituicao_id" is not properly sanitized, allowing an unauthenticated remote attacker to inject malicious SQL commands. | CVSS 8.1 | Portabilis | - | - | |
CVE-2024-48307JeecgBoot v3.7.1 was discovered to contain a SQL injection vulnerability via the component /onlDragDatasetHead/getTotalData. | CVSS HIGH | Jeecg | - | Patched | |
CVE-2024-48283Phpgurukul User Registration & Login and User Management System 3.2 is vulnerable to SQL Injection in /admin//search-result.php via the searchkey parameter. | CVSS 9.8 | Phpgurukul | - | - | |
CVE-2024-48282A SQL Injection vulnerability was found in /password-recovery.php of PHPGurukul User Registration & Login and User Management System 3.2, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the femail parameter in a POST HTTP request. | CVSS 7.6 | Phpgurukul | - | - | |
CVE-2024-48280A SQL Injection vulnerability was found in /search-result.php of PHPGurukul User Registration & Login and User Management System 3.2, which allows remote attackers to execute arbitrary SQL command via the fromdate parameter in a POST HTTP request. | CVSS 7.6 | Phpgurukul | - | - | |
CVE-2024-4826SQL injection vulnerability in Simple PHP Shopping Cart affecting version 0.9. This vulnerability could allow an attacker to retrieve all the information stored in the database by sending a specially crafted SQL query, due to the lack of proper sanitisation of the category_id parameter in the category.php file. | CVSS 9.8 | - | - | ||
CVE-2024-48259Cloudlog 2.6.15 allows Oqrs.php request_form SQL injection via station_id or callsign. | CVSS 7.3 | Magicbug | - | - | |
CVE-2024-48257Wavelog 1.8.5 allows Oqrs_model.php get_worked_modes station_id SQL injectioin. | CVSS 9.8 | Exploit | Patched | ||
CVE-2024-48255Cloudlog 2.6.15 allows Oqrs.php get_station_info station_id SQL injection. | CVSS 9.8 | Magicbug | - | - | |
CVE-2024-48253Cloudlog 2.6.15 allows Oqrs.php delete_oqrs_line id SQL injection. | CVSS 9.8 | Magicbug | - | - | |
CVE-2024-48251Wavelog 1.8.5 allows Activated_gridmap_model.php get_band_confirmed SQL injection via band, sat, propagation, or mode. | CVSS 9.8 | Exploit | Patched | ||
CVE-2024-48249Wavelog 1.8.5 allows Gridmap_model.php get_band_confirmed SQL injection via band, sat, propagation, or mode. | CVSS 7.3 | - | - | ||
CVE-2024-4824Vulnerability in School ERP Pro+Responsive 1.0 that allows SQL injection through the '/SchoolERP/office_admin/' index in the parameters groups_id, examname, classes_id, es_voucherid, es_class, etc. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the database. | CVSS 9.8 | Arox | - | - | |
CVE-2024-48238WTCMS 1.0 is vulnerable to SQL Injection in the edit_post method of /Admin\Controller\NavControl.class.php via the parentid parameter. | CVSS 4.7 | Wtcms project | - | - | |
CVE-2024-48231Funadmin 5.0.2 is vulnerable to SQL Injection.via the selectFields parameter in the index method of \app\backend\controller\auth\Auth.php. | CVSS 7.2 | Funadmin | - | Patched | |
CVE-2024-48230funadmin 5.0.2 is vulnerable to SQL Injection via the parentField parameter in the index method of \backend\controller\auth\Auth.php. | CVSS 7.2 | Funadmin | Exploit | Patched | |
CVE-2024-48229funadmin 5.0.2 has a SQL injection vulnerability in the Curd one click command mode plugin. | CVSS 7.2 | Funadmin | - | Patched | |
CVE-2024-48226Funadmin 5.0.2 is vulnerable to SQL Injection in curd/table/savefield. | CVSS 7.2 | Funadmin | Exploit | Patched | |
CVE-2024-48225Funadmin v5.0.2 has an arbitrary file deletion vulnerability in /curd/index/delfile. | CVSS 6.5 | Funadmin | Exploit | Patched | |
CVE-2024-48224Funadmin v5.0.2 has an arbitrary file read vulnerability in /curd/index/editfile. | CVSS 4.9 | Funadmin | Exploit | Patched | |
CVE-2024-48223Funadmin v5.0.2 has a SQL injection vulnerability in /curd/table/fieldlist. | CVSS 7.2 | Funadmin | Exploit | Patched | |
CVE-2024-48222Funadmin v5.0.2 has a SQL injection vulnerability in /curd/table/edit. | CVSS 7.2 | Funadmin | Exploit | Patched | |
CVE-2024-48218Funadmin v5.0.2 has a SQL injection vulnerability in /curd/table/list. | CVSS 7.2 | Funadmin | Exploit | Patched | |
CVE-2024-48177MRCMS 3.1.2 contains a SQL injection vulnerability via the RID parameter in /admin/article/delete.do. | CVSS 8.8 | Mrcms | - | - | |
CVE-2024-4808A vulnerability, which was classified as critical, was found in Kashipara College Management System 1.0. Affected is an unknown function of the file delete_faculty.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263928. | CVSS 6.3 | Kashipara | - | - | |
CVE-2024-4807A vulnerability, which was classified as critical, has been found in Kashipara College Management System 1.0. This issue affects some unknown processing of the file delete_user.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263927. | CVSS 6.3 | Kashipara | - | - | |
CVE-2024-4806A vulnerability classified as critical was found in Kashipara College Management System 1.0. This vulnerability affects unknown code of the file each_extracurricula_activities.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-263926 is the identifier assigned to this vulnerability. | CVSS 6.3 | Kashipara | - | - | |
CVE-2024-4805A vulnerability classified as critical has been found in Kashipara College Management System 1.0. This affects an unknown part of the file edit_faculty.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263925 was assigned to this vulnerability. | CVSS 6.3 | Kashipara | - | - | |
CVE-2024-48043Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ShortPixel ShortPixel Image Optimizer allows Blind SQL Injection.This issue affects ShortPixel Image Optimizer: from n/a through 5.6.3. | CVSS 7.6 | Shortpixel | - | - | |
CVE-2024-48040Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tainacan.Org Tainacan allows SQL Injection.This issue affects Tainacan: from n/a through 0.21.8. | CVSS 8.5 | Tainacan | - | - | |
CVE-2024-4804A vulnerability was found in Kashipara College Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file edit_user.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263924. | CVSS 6.3 | Kashipara | - | - | |
CVE-2024-4803A vulnerability was found in Kashipara College Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file submit_admin.php. The manipulation of the argument phone leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263923. | CVSS 6.3 | Kashipara | - | - | |
CVE-2024-48020Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Revmakx Backup and Staging by WP Time Capsule allows SQL Injection.This issue affects Backup and Staging by WP Time Capsule: from n/a through 1.22.21. | CVSS 8.5 | Revmakx, et al | - | - | |
CVE-2024-4802A vulnerability was found in Kashipara College Management System 1.0. It has been classified as critical. Affected is an unknown function of the file submit_extracurricular_activity.php. The manipulation of the argument activity_datetime leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-263922 is the identifier assigned to this vulnerability. | CVSS 6.3 | Kashipara | - | - | |
CVE-2024-4801A vulnerability was found in Kashipara College Management System 1.0 and classified as critical. This issue affects some unknown processing of the file submit_new_faculty.php. The manipulation of the argument address leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263921 was assigned to this vulnerability. | CVSS 6.3 | Kashipara | - | - | |
CVE-2024-4800A vulnerability has been found in Kashipara College Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file submit_student.php. The manipulation of the argument date_of_birth leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263920. | CVSS 6.3 | Kashipara | - | - | |
CVE-2024-4799A vulnerability, which was classified as critical, was found in Kashipara College Management System 1.0. This affects an unknown part of the file view_each_faculty.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263919. | CVSS 6.3 | Kashipara | - | - | |
CVE-2024-4798A vulnerability, which was classified as critical, has been found in SourceCodester Online Computer and Laptop Store 1.0. Affected by this issue is some unknown functionality of the file /admin/maintenance/manage_brand.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-263918 is the identifier assigned to this vulnerability. | CVSS 6.3 | Sourcecodester | - | - | |
CVE-2024-4796A vulnerability was found in Campcodes Online Laundry Management System 1.0. It has been classified as critical. This affects an unknown part of the file /manage_inv.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263895. | CVSS 6.3 | Campcodes | - | - | |
CVE-2024-4795A vulnerability was found in Campcodes Online Laundry Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /manage_user.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-263894 is the identifier assigned to this vulnerability. | CVSS 6.3 | Campcodes | - | - | |
CVE-2024-4794A vulnerability has been found in Campcodes Online Laundry Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /manage_receiving.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263893 was assigned to this vulnerability. | CVSS 6.3 | Campcodes | - | - | |
CVE-2024-4793A vulnerability, which was classified as critical, was found in Campcodes Online Laundry Management System 1.0. Affected is an unknown function of the file /manage_laundry.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263892. | CVSS 6.3 | Campcodes | - | - | |
CVE-2024-4792A vulnerability, which was classified as critical, has been found in Campcodes Online Laundry Management System 1.0. This issue affects some unknown processing of the file /admin_class.php. The manipulation of the argument id/delete_category/delete_inv/delete_laundry/delete_supply/delete_user/login/save_inv/save_user leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263891. | CVSS 6.3 | Campcodes | - | - | |
CVE-2024-47911In SonarSource SonarQube 10.4 through 10.5 before 10.6, a vulnerability was discovered in the authorizations/group-memberships API endpoint that allows SonarQube users with the administrator role to inject blind SQL commands. | CVSS 6.7 | Sonarsource | - | - | |
CVE-2024-47881OpenRefine is a free, open source tool for working with messy data. Starting in version 3.4-beta and prior to version 3.8.3, in the `database` extension, the "enable_load_extension" property can be set for the SQLite integration, enabling an attacker to load (local or remote) extension DLLs and so run arbitrary code on the server. The attacker needs to have network access to the OpenRefine instance. Version 3.8.3 fixes this issue. | CVSS 8.8 | Openrefine | Exploit | Patched | |
CVE-2024-47849Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in The Wikimedia Foundation Mediawiki - Cargo allows SQL Injection.This issue affects Mediawiki - Cargo: from 3.6.X before 3.6.1. | CVSS 9.8 | Mediawiki | Exploit | Patched | |
CVE-2024-47487There is a SQL injection vulnerability in some HikCentral Professional versions. This could allow an authenticated user to execute arbitrary SQL queries. | CVSS 8.8 | Hikvision | - | Patched | |
CVE-2024-47483Dell Data Lakehouse, version(s) 1.0.0.0 and 1.1.0.0, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Information disclosure. | CVSS 5.5 | Dell | - | Patched | |
CVE-2024-4743The LifterLMS – WordPress LMS Plugin for eLearning plugin for WordPress is vulnerable to SQL Injection via the orderBy attribute of the lifterlms_favorites shortcode in all versions up to, and including, 7.6.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | CVSS 6.5 | Wordpress, et al | - | Patched | |
CVE-2024-4742The Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin for WordPress is vulnerable to SQL Injection via the order_by shortcode attribute in all versions up to, and including, 1.2.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | CVSS 8.8 | Kainelabs, et al | - | - | |
CVE-2024-47350Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YITH YITH WooCommerce Ajax Search allows SQL Injection.This issue affects YITH WooCommerce Ajax Search: from n/a through 2.8.0. | CVSS 9.3 | Yithemes | - | - | |
CVE-2024-47338Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPExpertsio WPExperts Square For GiveWP allows SQL Injection.This issue affects WPExperts Square For GiveWP: from n/a through 1.3. | CVSS 7.6 | Wpexperts | - | - | |
CVE-2024-47335Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Bit Form Bit Form – Contact Form Plugin allows SQL Injection.This issue affects Bit Form – Contact Form Plugin: from n/a through 2.13.11. | CVSS 7.6 | Bitapps | - | - | |
CVE-2024-47334Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Zoho Flow Zoho Flow for WordPress allows SQL Injection.This issue affects Zoho Flow for WordPress: from n/a through 2.7.1. | CVSS 7.6 | Zoho, et al | - | - | |
CVE-2024-47331Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NinjaTeam Multi Step for Contact Form allows SQL Injection.This issue affects Multi Step for Contact Form: from n/a through 2.7.7. | CVSS 9.8 | Ninjateam | - | - | |
CVE-2024-47328Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in FunnelKit Automation By Autonami allows SQL Injection.This issue affects Automation By Autonami: from n/a through 3.1.2. | CVSS 7.2 | Funnelkit | - | - | |
CVE-2024-47325Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeisle Multiple Page Generator Plugin – MPG allows SQL Injection.This issue affects Multiple Page Generator Plugin – MPG: from n/a through 3.4.7. | CVSS 8.8 | Themeisle | - | - | |
CVE-2024-47312Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPGrim Classic Editor and Classic Widgets allows SQL Injection.This issue affects Classic Editor and Classic Widgets: from n/a through 1.4.1. | CVSS 8.5 | Wpgrim | - | - | |
CVE-2024-47304Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPManageNinja LLC Fluent Support allows SQL Injection.This issue affects Fluent Support: from n/a through 1.8.0. | CVSS 8.5 | Wpmanageninja | - | - | |
CVE-2024-47223A vulnerability in the AWV (Audio, Web and Video Conferencing) component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated attacker to conduct a SQL injection attack due to insufficient sanitization of user input. A successful exploit could allow an attacker to access non-sensitive user provisioning information and execute arbitrary SQL database commands. | CVSS 9.4 | Mitel | - | - | |
CVE-2024-47189The API Interface of the AWV (Audio, Web and Video Conferencing) component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated attacker to conduct SQL injection due to insufficient sanitization of user input. A successful exploit could allow an attacker with knowledge of specific details to access non-sensitive user provisioning information and execute arbitrary SQL database commands. | CVSS 7.7 | Mitel | - | - | |
CVE-2024-47062Navidrome is an open source web-based music collection server and streamer. Navidrome automatically adds parameters in the URL to SQL queries. This can be exploited to access information by adding parameters like `password=...` in the URL (ORM Leak). Furthermore, the names of the parameters are not properly escaped, leading to SQL Injections. Finally, the username is used in a `LIKE` statement, allowing people to log in with `%` instead of their username. When adding parameters to the URL, they are automatically included in an SQL `LIKE` statement (depending on the parameter's name). This allows attackers to potentially retrieve arbitrary information. For example, attackers can use the following request to test whether some encrypted passwords start with `AAA`. This results in an SQL query like `password LIKE 'AAA%'`, allowing attackers to slowly brute-force passwords. When adding parameters to the URL, they are automatically added to an SQL query. The names of the parameters are not properly escaped. This behavior can be used to inject arbitrary SQL code (SQL Injection). These vulnerabilities can be used to leak information and dump the contents of the database and have been addressed in release version 0.53.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. | CVSS HIGH | Navidrome | - | - | |
CVE-2024-46903A vulnerability in Trend Micro Deep Discovery Inspector (DDI) versions 5.8 and above could allow an attacker to disclose sensitive information affected installations.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | CVSS 6.5 | Trendmicro | - | Patched | |
CVE-2024-46902A vulnerability in Trend Micro Deep Discovery Inspector (DDI) versions 5.8 and above could allow an attacker to disclose sensitive information affected installations.
Please note: an attacker must first obtain the ability to execute high-privileged code (admin user rights) on the target system in order to exploit this vulnerability. | CVSS 9.1 | Trendmicro | - | Patched | |
CVE-2024-46626OS4ED openSIS-Classic v9.1 was discovered to contain a SQL injection vulnerability via a crafted payload. | CVSS 8.8 | Os4ed | - | - | |
CVE-2024-4654A vulnerability was found in BlueNet Technology Clinical Browsing System 1.2.1. It has been classified as critical. This affects an unknown part of the file /xds/cloudInterface.php. The manipulation of the argument INSTI_CODE leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263499. | CVSS 6.3 | - | - | ||
CVE-2024-46532SQL Injection vulnerability in OpenHIS v.1.0 allows an attacker to execute arbitrary code via the refund function in the PayController.class.php component. | CVSS 9.8 | - | - | ||
CVE-2024-46531phpgurukul Vehicle Record Management System v1.0 was discovered to contain a SQL injection vulnerability via the searchinputdata parameter at /index.php. | CVSS 6.3 | Phpgurukul | - | - | |
CVE-2024-4653A vulnerability was found in BlueNet Technology Clinical Browsing System 1.2.1 and classified as critical. Affected by this issue is some unknown functionality of the file /xds/outIndex.php. The manipulation of the argument name leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-263498 is the identifier assigned to this vulnerability. | CVSS 6.3 | - | - | ||
CVE-2024-46510ESAFENET CDG v5 was discovered to contain a SQL injection vulnerability via the id parameter in the NavigationAjax interface | CVSS 7.6 | Esafenet | - | - | |
CVE-2024-46472CodeAstro Membership Management System 1.0 is vulnerable to SQL Injection via the parameter 'email' in the Login Page. | CVSS 8.6 | Codeastro | - | - | |
CVE-2024-46382A SQL injection vulnerability in linlinjava litemall 1.8.0 allows a remote attacker to obtain sensitive information via the goodsId, goodsSn, and name parameters in AdminGoodscontroller.java. | CVSS 7.5 | Litemall project | Exploit | - | |
CVE-2024-46374Best House Rental Management System 1.0 contains a SQL injection vulnerability in the delete_category() function of the file rental/admin_class.php. | CVSS 9.8 | Mayurik | - | - | |
CVE-2024-46257A Command injection vulnerability in requestLetsEncryptSslWithDnsChallenge in NginxProxyManager 2.11.3 allows an attacker to achieve remote code execution via Add Let's Encrypt Certificate. NOTE: this is not part of any NGINX software shipped by F5. | CVSS 6.3 | Nginxproxymanager | - | - | |
CVE-2024-46078itsourcecode Sports Management System Project 1.0 is vulnerable to SQL Injection in the function delete_category of the file sports_scheduling/player.php via the argument id. | CVSS 7.5 | - | - | ||
CVE-2024-45999A SQL Injection vulnerability was discovered in Cloudlog 2.6.15, specifically within the get_station_info()function located in the file /application/models/Oqrs_model.php. The vulnerability is exploitable via the station_id parameter. | CVSS 9.8 | Magicbug | Exploit | - | |
CVE-2024-4595A vulnerability has been found in SEMCMS up to 4.8 and classified as critical. Affected by this vulnerability is the function locate of the file function.php. The manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263317 was assigned to this vulnerability. | CVSS 6.3 | Sem-cms | - | - | |
CVE-2024-45918Fujian Kelixin Communication Command and Dispatch Platform <=7.6.6.4391 is vulnerable to SQL Injection via /client/get_gis_fence.php. | CVSS 9.8 | - | - | ||
CVE-2024-45794devtron is an open source tool integration platform for Kubernetes. In affected versions an authenticated user (with minimum permission) could utilize and exploit SQL Injection to allow the execution of malicious SQL queries via CreateUser API (/orchestrator/user). This issue has been addressed in version 0.7.2 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | CVSS 8.3 | Uipath | - | Patched | |
CVE-2024-45771RapidCMS v1.3.1 was discovered to contain a SQL injection vulnerability via the password parameter at /resource/runlogin.php. | CVSS 9.8 | Openrapid | - | - | |
CVE-2024-45767Dell OpenManage Enterprise, version(s) OME 4.1 and prior, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure. | CVSS 4.3 | Dell | - | - | |
CVE-2024-45754An issue was discovered in the centreon-bi-server component in Centreon BI Server 24.04.x before 24.04.3, 23.10.x before 23.10.8, 23.04.x before 23.04.11, and 22.10.x before 22.10.11. SQL injection can occur in the listing of configured reporting jobs. Exploitation is only accessible to authenticated users with high-privileged access. | CVSS 7.2 | Centreon | - | - | |
CVE-2024-45622ASIS (aka Aplikasi Sistem Sekolah using CodeIgniter 3) 3.0.0 through 3.2.0 allows index.php username SQL injection for Authentication Bypass. | CVSS 9.8 | Codeigniter | - | - | |
CVE-2024-45608GLPI is a free asset and IT management software package. An authenticated user can perfom a SQL injection by changing its preferences. Upgrade to 10.0.17. | CVSS 6.5 | Glpi-project | - | - | |
CVE-2024-45265A SQL injection vulnerability in the poll component in SkySystem Arfa-CMS before 5.1.3124 allows remote attackers to execute arbitrary SQL commands via the psid parameter. | CVSS 9.8 | Exploit | - | ||
CVE-2024-45249Cavok – CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | CVSS 9.8 | - | - | ||
CVE-2024-45174An issue was discovered in za-internet C-MOR Video Surveillance 5.2401 and 6.00PL01. Due to improper validation of user-supplied data, different functionalities of the C-MOR web interface are vulnerable to SQL injection attacks. This kind of attack allows an authenticated user to execute arbitrary SQL commands in the context of the corresponding MySQL database. | CVSS 8.1 | - | - | ||
CVE-2024-45059i-Educar is free, completely online school management software that allows school secretaries, teachers, coordinators and area managers. In affected versions Creating a SQL query from a concatenation of a user-controlled GET parameter allows an attacker to manipulate the query. Successful exploitation of this flaw allows an attacker to have complete and unrestricted access to the database, with a web user with minimal permissions. This may involve obtaining user information, such as emails, password hashes, etc. This issue has not yet been patched. Users are advised to contact the developer and to coordinate an update schedule. | CVSS 8.8 | Portabilis | Exploit | Patched | |
CVE-2024-44921SeaCMS v12.9 was discovered to contain a SQL injection vulnerability via the id parameter at /dmplayer/dmku/index.php?ac=del. | CVSS 9.8 | Seacms | Exploit | - | |
CVE-2024-44839RapidCMS v1.3.1 was discovered to contain a SQL injection vulnerability via the articleid parameter at /default/article.php. | CVSS 9.8 | Openrapid | - | - | |
CVE-2024-44838RapidCMS v1.3.1 was discovered to contain a SQL injection vulnerability via the username parameter at /resource/runlogin.php. | CVSS 9.8 | Openrapid | - | - | |
CVE-2024-44817SQL Injection vulnerability in ZZCMS v.2023 and before allows a remote attacker to obtain sensitive information via the id parameter in the adv2.php component. | CVSS 8.8 | Zzcms | - | - | |
CVE-2024-44812SQL Injection vulnerability in Online Complaint Site v.1.0 allows a remote attacker to escalate privileges via the username and password parameters in the /admin.index.php component. | CVSS 9.8 | Janobe | Exploit | - | |
CVE-2024-44761An issue in EQ Enterprise Management System before v2.0.0 allows attackers to execute a directory traversal via crafted requests. | CVSS 9.8 | Exploit | - | ||
CVE-2024-44739Sourcecodester Simple Forum Website v1.0 has a SQL injection vulnerability in /php-sqlite-forum/?page=manage_user&id=. | CVSS 8.8 | Sourcecodester | - | - | |
CVE-2024-44727Sourcecodehero Event Management System1.0 is vulnerable to SQL Injection via the parameter 'username' in /event/admin/login.php. | CVSS 9.8 | Angeljudesuarez | Exploit | - |