Total
13955 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-10300 | 1 Phpgurukul | 1 Medical Card Generation System | 2024-10-25 | 4.7 Medium |
| A vulnerability, which was classified as critical, has been found in PHPGurukul Medical Card Generation System 1.0. This issue affects some unknown processing of the file /admin/view-enquiry.php of the component View Enquiry Page. The manipulation of the argument viewid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-10301 | 1 Phpgurukul | 1 Medical Card Generation System | 2024-10-25 | 4.7 Medium |
| A vulnerability, which was classified as critical, was found in PHPGurukul Medical Card Generation System 1.0. Affected is an unknown function of the file /admin/search-medicalcard.php of the component Search. The manipulation of the argument searchdata leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-44812 | 2 Janobe, Sourcecodester | 2 Online Complaint Site, Online Complaint Site | 2024-10-25 | 9.8 Critical |
| SQL Injection vulnerability in Online Complaint Site v.1.0 allows a remote attacker to escalate privileges via the username and password parameters in the /admin.index.php component. | ||||
| CVE-2024-30158 | 1 Mitel | 1 Micollab | 2024-10-25 | 7.2 High |
| A vulnerability in the web conferencing component of Mitel MiCollab through 9.7.1.110 could allow an authenticated attacker with administrative privileges to conduct a SQL Injection attack due to insufficient validation of user input. A successful exploit could allow an attacker to execute arbitrary database and management operations. | ||||
| CVE-2024-46902 | 1 Trendmicro | 1 Deep Discovery Inspector | 2024-10-25 | 4.9 Medium |
| A vulnerability in Trend Micro Deep Discovery Inspector (DDI) versions 5.8 and above could allow an attacker to disclose sensitive information affected installations. Please note: an attacker must first obtain the ability to execute high-privileged code (admin user rights) on the target system in order to exploit this vulnerability. | ||||
| CVE-2024-10297 | 2024-10-25 | 4.7 Medium | ||
| A vulnerability was found in PHPGurukul Medical Card Generation System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/changeimage.php of the component Managecard Edit Image Page. The manipulation of the argument editid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-49691 | 2024-10-25 | 7.6 High | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Woobewoo Product Filter by WBW allows SQL Injection.This issue affects Product Filter by WBW: from n/a through 2.7.0. | ||||
| CVE-2024-49681 | 1 Swit | 1 Wp Sessions Time Monitoring Full Automatic | 2024-10-25 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SWIT WP Sessions Time Monitoring Full Automatic allows SQL Injection.This issue affects WP Sessions Time Monitoring Full Automatic: from n/a through 1.0.9. | ||||
| CVE-2024-46257 | 1 Nginxproxymanager | 1 Nginx Proxy Manager | 2024-10-24 | 6.3 Medium |
| A Command injection vulnerability in requestLetsEncryptSslWithDnsChallenge in NginxProxyManager 2.11.3 allows an attacker to achieve remote code execution via Add Let's Encrypt Certificate. NOTE: this is not part of any NGINX software shipped by F5. | ||||
| CVE-2024-49612 | 1 Infotuts | 1 Sw Contact Form | 2024-10-24 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Infotuts SW Contact Form allows Blind SQL Injection.This issue affects SW Contact Form: from n/a through 1.0. | ||||
| CVE-2024-49609 | 1 Brandonwhite | 1 Author Discussion | 2024-10-24 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Brandon White Author Discussion allows Blind SQL Injection.This issue affects Author Discussion: from n/a through 0.2.2. | ||||
| CVE-2024-47325 | 1 Themeisle | 1 Multiple Page Generator | 2024-10-24 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeisle Multiple Page Generator Plugin – MPG allows SQL Injection.This issue affects Multiple Page Generator Plugin – MPG: from n/a through 3.4.7. | ||||
| CVE-2024-48657 | 2 Itsourcecode, Princelycesar | 2 Hospital Management System, Hospital Management System | 2024-10-24 | 8.1 High |
| SQL Injection vulnerability in hospital management system in php with source code v.1.0.0 allows a remote attacker to execute arbitrary code. | ||||
| CVE-2024-10195 | 1 Tecno-mobile | 2 4g Portable Wifi Tr118, 4g Portable Wifi Tr118 Firmware | 2024-10-24 | 4.7 Medium |
| A vulnerability was found in Tecno 4G Portable WiFi TR118 V008-20220830. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /goform/goform_get_cmd_process of the component SMS Check. The manipulation of the argument order_by leads to sql injection. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-49623 | 1 Hasanmovahed | 1 Duplicate Title Validate | 2024-10-24 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Hasan Movahed Duplicate Title Validate allows Blind SQL Injection.This issue affects Duplicate Title Validate: from n/a through 1.0. | ||||
| CVE-2024-8625 | 2 Pollbytotalsoft, Total-soft | 2 Ts Poll, Ts Poll | 2024-10-24 | 7.2 High |
| The TS Poll WordPress plugin before 2.4.0 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks | ||||
| CVE-2024-47328 | 1 Funnelkit | 1 Funnelkit Automations | 2024-10-24 | 7.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in FunnelKit Automation By Autonami allows SQL Injection.This issue affects Automation By Autonami: from n/a through 3.1.2. | ||||
| CVE-2024-9921 | 1 Teamplus | 2 Team\+, Team\+ Pro | 2024-10-24 | 9.8 Critical |
| The Team+ from TEAMPLUS TECHNOLOGY does not properly validate specific page parameter, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify and delete database contents. | ||||
| CVE-2024-42005 | 2 Djangoproject, Redhat | 6 Django, Ansible Automation Platform, Discovery and 3 more | 2024-10-23 | 9.8 Critical |
| An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. QuerySet.values() and values_list() methods on models with a JSONField are subject to SQL injection in column aliases via a crafted JSON object key as a passed *arg. | ||||
| CVE-2024-48597 | 1 Online Clinic Management System Project | 1 Online Clinic Management System | 2024-10-23 | 8.1 High |
| Online Clinic Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /success/editp.php?action=edit. | ||||