Total
15423 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-27889 | 2024-11-21 | N/A | 8.8 HIGH | ||
| Multiple SQL Injection vulnerabilities exist in the reporting application of the Arista Edge Threat Management - Arista NG Firewall (NGFW). A user with advanced report application access rights can exploit the SQL injection, allowing them to execute commands on the underlying operating system with elevated privileges. | |||||
| CVE-2024-27718 | 2024-11-21 | N/A | 7.8 HIGH | ||
| SQL Injection vulnerability in Baizhuo Network Smart s200 Management Platform v.S200 allows a local attacker to obtain sensitive information and escalate privileges via the /importexport.php component. | |||||
| CVE-2024-27709 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| SQL Injection vulnerability in Eskooly Web Product v.3.0 allows a remote attacker to execute arbitrary code via the searchby parameter of the allstudents.php component and the id parameter of the requestmanager.php component. | |||||
| CVE-2024-27574 | 2024-11-21 | N/A | 9.1 CRITICAL | ||
| SQL Injection vulnerability in Trainme Academy version Ichin v.1.3.2 allows a remote attacker to obtain sensitive information via the informacion, idcurso, and tit parameters. | |||||
| CVE-2024-27298 | 2024-11-21 | N/A | 10.0 CRITICAL | ||
| parse-server is a Parse Server for Node.js / Express. This vulnerability allows SQL injection when Parse Server is configured to use the PostgreSQL database. The vulnerability has been fixed in 6.5.0 and 7.0.0-alpha.20. | |||||
| CVE-2024-25927 | 2024-11-21 | N/A | 9.3 CRITICAL | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Joel Starnes postMash – custom post order.This issue affects postMash – custom post order: from n/a through 1.2.0. | |||||
| CVE-2024-25924 | 2024-11-21 | N/A | 7.6 HIGH | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Trustindex.Io WP Testimonials.This issue affects WP Testimonials: from n/a through 1.4.3. | |||||
| CVE-2024-25902 | 2024-11-21 | N/A | 7.6 HIGH | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in miniorange Malware Scanner.This issue affects Malware Scanner: from n/a through 4.7.2. | |||||
| CVE-2024-25316 | 1 Hotel Management System Project | 1 Hotel Management System | 2024-11-21 | N/A | 9.8 CRITICAL |
| Code-projects Hotel Managment System 1.0 allows SQL Injection via the 'eid' parameter in Hotel/admin/usersettingdel.php?eid=2. | |||||
| CVE-2024-25306 | 1 Code-projects | 1 Simple School Management System | 2024-11-21 | N/A | 8.8 HIGH |
| Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'aname' parameter at "School/index.php". | |||||
| CVE-2024-25247 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| SQL Injection vulnerability in /app/api/controller/Store.php in Niushop B2B2C V5 allows attackers to run arbitrary SQL commands via latitude and longitude parameters. | |||||
| CVE-2024-25222 | 1 Task Manager In Php With Source Code Project | 1 Task Manager In Php With Source Code | 2024-11-21 | N/A | 9.8 CRITICAL |
| Task Manager App v1.0 was discovered to contain a SQL injection vulnerability via the projectID parameter at /TaskManager/EditProject.php. | |||||
| CVE-2024-25214 | 1 Sherlock | 1 Employee Management System | 2024-11-21 | N/A | 9.8 CRITICAL |
| An issue in Employee Managment System v1.0 allows attackers to bypass authentication via injecting a crafted payload into the E-mail and Password parameters at /alogin.html. | |||||
| CVE-2024-25212 | 1 Sherlock | 1 Employee Management System | 2024-11-21 | N/A | 7.2 HIGH |
| Employee Managment System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /delete.php. | |||||
| CVE-2024-24868 | 2024-11-21 | N/A | 8.5 HIGH | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Smartypants SP Project & Document Manager.This issue affects SP Project & Document Manager: from n/a through 4.69. | |||||
| CVE-2024-24813 | 2024-11-21 | N/A | 7.5 HIGH | ||
| Frappe is a full-stack web application framework. Prior to versions 14.64.0 and 15.0.0, SQL injection from a particular whitelisted method can result in access to data which the user doesn't have permission to access. Versions 14.64.0 and 15.0.0 contain a patch for this issue. No known workarounds are available. | |||||
| CVE-2024-24811 | 1 Zope | 1 Sqlalchemyda | 2024-11-21 | N/A | 9.8 CRITICAL |
| SQLAlchemyDA is a generic database adapter for ZSQL methods. A vulnerability found in versions prior to 2.2 allows unauthenticated execution of arbitrary SQL statements on the database to which the SQLAlchemyDA instance is connected. All users are affected. The problem has been patched in version 2.2. There is no workaround for the problem. | |||||
| CVE-2024-24572 | 1 Facilemanager | 1 Facilemanager | 2024-11-21 | N/A | 6.5 MEDIUM |
| facileManager is a modular suite of web apps built with the sysadmin in mind. In versions 4.5.0 and earlier, the $_REQUEST global array was unsafely called inside an extract() function in admin-logs.php. The PHP file fm-init.php prevents arbitrary manipulation of $_SESSION via the GET/POST parameters. However, it does not prevent manipulation of any other sensitive variables such as $search_sql. Knowing this, an authenticated user with privileges to view site logs can manipulate the search_sql variable by appending a GET parameter search_sql in the URL. The information above means that the checks and SQL injection prevention attempts were rendered unusable. | |||||
| CVE-2024-24323 | 2024-11-21 | N/A | 7.2 HIGH | ||
| SQL injection vulnerability in linlinjava litemall v.1.8.0 allows a remote attacker to obtain sensitive information via the nickname, consignee, orderSN, orderStatusArray parameters of the AdminOrdercontroller.java component. | |||||
| CVE-2024-24308 | 1 Boostmyshop | 1 Boostmyshop | 2024-11-21 | N/A | 9.8 CRITICAL |
| SQL Injection vulnerability in Boostmyshop (boostmyshopagent) module for Prestashop versions 1.1.9 and before, allows remote attackers to escalate privileges and obtain sensitive information via changeOrderCarrier.php, relayPoint.php, and shippingConfirmation.php. | |||||