Total
13955 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-38693 | 1 Wedevs | 1 Wp User Frontend | 2024-09-13 | 7.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in weDevs WP User Frontend allows SQL Injection.This issue affects WP User Frontend: from n/a through 4.0.7. | ||||
| CVE-2024-45059 | 1 Portabilis | 1 I-educar | 2024-09-13 | 8.8 High |
| i-Educar is free, fully online school management software that can be used by school secretaries, teachers, coordinators, and area managers. A SQL Injection vulnerability was found prior to the 2.9 branch in the `ieducar/intranet/funcionario_vinculo_det.php` file, which creates the query by concatenating the unsanitized GET parameter `cod_func`, allowing the attacker to obtain sensitive information such as emails and password hashes. Commit 7824b95745fa2da6476b9901041d9c854bf52ffe fixes the issue. | ||||
| CVE-2024-8368 | 2 Code-projects, Fabianros | 2 Hospital Management System, Hospital Management System | 2024-09-13 | 7.3 High |
| A vulnerability was found in code-projects Hospital Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file index.php of the component Login. The manipulation of the argument username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-8709 | 2 Mayurik, Sourcecodester | 2 Best House Rental Management System, Best House Rental Management System | 2024-09-13 | 6.3 Medium |
| A vulnerability classified as critical has been found in SourceCodester Best House Rental Management System 1.0. Affected is the function delete_user/save_user of the file /admin_class.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-8710 | 1 Code-projects | 1 Inventory Management | 2024-09-13 | 6.3 Medium |
| A vulnerability classified as critical was found in code-projects Inventory Management 1.0. Affected by this vulnerability is an unknown functionality of the file /model/viewProduct.php of the component Products Table Page. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-8522 | 1 Thimpress | 1 Learnpress | 2024-09-13 | 10 Critical |
| The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to SQL Injection via the 'c_only_fields' parameter of the /wp-json/learnpress/v1/courses REST API endpoint in all versions up to, and including, 4.2.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | ||||
| CVE-2024-8529 | 1 Thimpress | 1 Learnpress | 2024-09-13 | 10 Critical |
| The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to SQL Injection via the 'c_fields' parameter of the /wp-json/lp/v1/courses/archive-course REST API endpoint in all versions up to, and including, 4.2.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | ||||
| CVE-2023-41884 | 1 Zoneminder | 1 Zoneminder | 2024-09-13 | 7.1 High |
| ZoneMinder is a free, open source Closed-circuit television software application. In WWW/AJAX/watch.php, Line: 51 takes a few parameter in sql query without sanitizing it which makes it vulnerable to sql injection. This vulnerability is fixed in 1.36.34. | ||||
| CVE-2024-34785 | 1 Ivanti | 1 Endpoint Manager | 2024-09-12 | 7.2 High |
| An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | ||||
| CVE-2024-34783 | 1 Ivanti | 1 Endpoint Manager | 2024-09-12 | 7.2 High |
| An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | ||||
| CVE-2024-34779 | 1 Ivanti | 1 Endpoint Manager | 2024-09-12 | 7.2 High |
| An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | ||||
| CVE-2024-32848 | 1 Ivanti | 1 Endpoint Manager | 2024-09-12 | 7.2 High |
| An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | ||||
| CVE-2024-32846 | 1 Ivanti | 1 Endpoint Manager | 2024-09-12 | 7.2 High |
| An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | ||||
| CVE-2024-32845 | 1 Ivanti | 1 Endpoint Manager | 2024-09-12 | 7.2 High |
| An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | ||||
| CVE-2024-32843 | 1 Ivanti | 1 Endpoint Manager | 2024-09-12 | 7.2 High |
| An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | ||||
| CVE-2024-32842 | 1 Ivanti | 1 Endpoint Manager | 2024-09-12 | 7.2 High |
| An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | ||||
| CVE-2024-32840 | 1 Ivanti | 1 Endpoint Manager | 2024-09-12 | 7.2 High |
| An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | ||||
| CVE-2024-8191 | 1 Ivanti | 1 Endpoint Manager | 2024-09-12 | 7.8 High |
| SQL injection in the management console of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to achieve remote code execution. | ||||
| CVE-2024-8150 | 1 Continew | 2 Admin, Continew Admin | 2024-09-12 | 4.7 Medium |
| A vulnerability was found in ContiNew Admin 3.2.0 and classified as critical. Affected by this issue is the function top.continew.starter.extension.crud.controller.BaseController#page of the file /api/system/user?deptId=1&page=1&size=10. The manipulation of the argument sort leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-42760 | 1 Ellevo | 1 Ellevo | 2024-09-12 | 7.5 High |
| SQL Injection vulnerability in Ellevo v.6.2.0.38160 allows a remote attacker to obtain sensitive information via the /api/mob/instrucao/conta/destinatarios component. | ||||