Total
15431 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-33485 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| SQL Injection vulnerability in CASAP Automated Enrollment System using PHP/MySQLi with Source Code V1.0 allows a remote attacker to obtain sensitive information via a crafted payload to the login.php component | |||||
| CVE-2024-33292 | 2024-11-21 | N/A | 8.2 HIGH | ||
| SQL Injection vulnerability in Realisation MGSD v.1.0 allows a remote attacker to obtain sensitive information via the id parameter. | |||||
| CVE-2024-33276 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| SQL Injection vulnerability in FME Modules preorderandnotication v.3.1.0 and before allows a remote attacker to run arbitrary SQL commands via the PreorderModel::getIdProductAttributesByIdAttributes() method. | |||||
| CVE-2024-33275 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| SQL injection vulnerability in Webbax supernewsletter v.1.4.21 and before allows a remote attacker to escalate privileges via the Super Newsletter module in the product_search.php components. | |||||
| CVE-2024-33273 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| SQL injection vulnerability in shipup before v.3.3.0 allows a remote attacker to escalate privileges via the getShopID function. | |||||
| CVE-2024-33272 | 2024-11-21 | N/A | 6.8 MEDIUM | ||
| SQL injection vulnerability in KnowBand for PrestaShop autosuggest before 2.0.0 allows an attacker to run arbitrary SQL commands via the AutosuggestSearchModuleFrontController::initContent(), and AutosuggestSearchModuleFrontController::getKbProducts() components. | |||||
| CVE-2024-33269 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| SQL Injection vulnerability in Prestaddons flashsales 1.9.7 and before allows an attacker to run arbitrary SQL commands via the FsModel::getFlashSales method. | |||||
| CVE-2024-33268 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| SQL Injection vulnerability in Digincube mdgiftproduct before 1.4.1 allows an attacker to run arbitrary SQL commands via the MdGiftRule::addGiftToCart method. | |||||
| CVE-2024-33267 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| SQL Injection vulnerability in Hero hfheropayment v.1.2.5 and before allows an attacker to escalate privileges via the HfHeropaymentGatewayBackModuleFrontController::initContent() function. | |||||
| CVE-2024-33266 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| SQL Injection vulnerability in Helloshop deliveryorderautoupdate v.2.8.1 and before allows an attacker to run arbitrary SQL commands via the DeliveryorderautoupdateOrdersModuleFrontController::initContent function. | |||||
| CVE-2024-33009 | 2024-11-21 | N/A | 4.2 MEDIUM | ||
| SAP Global Label Management is vulnerable to SQL injection. On exploitation the attacker can use specially crafted inputs to modify database commands resulting in the retrieval of additional information persisted by the system. This could lead to low impact on Confidentiality and Integrity of the application. | |||||
| CVE-2024-32872 | 2024-11-21 | N/A | 5.5 MEDIUM | ||
| Umbraco workflow provides workflows for the Umbraco content management system. Prior to versions 10.3.9, 12.2.6, and 13.0.6, an Umbraco Backoffice user can modify requests to a particular API endpoint to include SQL, which will be executed by the server. Umbraco Workflow versions 10.3.9, 12.2.6, 13.0.6, as well as Umbraco Plumber version 10.1.2, contain a patch for this issue. | |||||
| CVE-2024-32738 | 2024-11-21 | N/A | 7.5 HIGH | ||
| A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to v2.8.3. An unauthenticated remote attacker can leak sensitive information via the "query_ptask_lean" function within MCUDBHelper. | |||||
| CVE-2024-32737 | 2024-11-21 | N/A | 7.5 HIGH | ||
| A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to v2.8.3. An unauthenticated remote attacker can leak sensitive information via the "query_contract_result" function within MCUDBHelper. | |||||
| CVE-2024-32710 | 2024-11-21 | N/A | 8.5 HIGH | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Plechev Andrey WP-Recall.This issue affects WP-Recall: from n/a through 16.26.5. | |||||
| CVE-2024-32709 | 2024-11-21 | N/A | 9.3 CRITICAL | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Plechev Andrey WP-Recall.This issue affects WP-Recall: from n/a through 16.26.5. | |||||
| CVE-2024-32706 | 2024-11-21 | N/A | 8.5 HIGH | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Repute info systems ARForms.This issue affects ARForms: from n/a through 6.4. | |||||
| CVE-2024-32551 | 2024-11-21 | N/A | 7.6 HIGH | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Smartypants SP Project & Document Manager.This issue affects SP Project & Document Manager : from n/a through 4.71. | |||||
| CVE-2024-32493 | 2024-11-21 | N/A | 8.8 HIGH | ||
| An issue was discovered in Znuny LTS 6.5.1 through 6.5.7 and Znuny 7.0.1 through 7.0.16 where a logged-in agent is able to inject SQL in the draft form ID parameter of an AJAX request. | |||||
| CVE-2024-32212 | 2024-11-21 | N/A | 8.1 HIGH | ||
| SQL Injection vulnerability in LOGINT LoMag Inventory Management v1.0.20.120 and before allows an attacker to execute arbitrary code via the ArticleGetGroups, DocAddDocument, ClassClickShop and frmSettings components. | |||||