Total
15969 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-34992 | 2024-11-21 | N/A | 8.8 HIGH | ||
| SQL Injection vulnerability in the module "Help Desk - Customer Support Management System" (helpdesk) up to version 2.4.0 from FME Modules for PrestaShop allows attackers to obtain sensitive information and cause other impacts via 'Tickets::getsearchedtickets()' | |||||
| CVE-2024-34989 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| In the module RSI PDF/HTML catalog evolution (prestapdf) <= 7.0.0 from RSI for PrestaShop, a guest can perform SQL injection via `PrestaPDFProductListModuleFrontController::queryDb().' | |||||
| CVE-2024-34988 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| SQL injection vulnerability in the module "Complete for Create a Quote in Frontend + Backend Pro" (askforaquotemodul) <= 1.0.51 from Buy Addons for PrestaShop allows attackers to view sensitive information and cause other impacts via methods `AskforaquotemodulcustomernewquoteModuleFrontController::run()`, `AskforaquotemoduladdproductnewquoteModuleFrontController::run()`, `AskforaquotemodulCouponcodeModuleFrontController::run()`, `AskforaquotemodulgetshippingcostModuleFrontController::run()`, `AskforaquotemodulgetstateModuleFrontController::run().` | |||||
| CVE-2024-34534 | 2024-11-21 | N/A | 7.3 HIGH | ||
| A SQL injection vulnerability in Cybrosys Techno Solutions Text Commander module (aka text_commander) 16.0 through 16.0.1 allows a remote attacker to gain privileges via the data parameter to models/ir_model.py:IrModel::chech_model. | |||||
| CVE-2024-34533 | 2024-11-21 | N/A | 7.3 HIGH | ||
| A SQL injection vulnerability in ZI PT Solusi Usaha Mudah Analytic Data Query module (aka izi_data) 11.0 through 17.x before 17.0.3 allows a remote attacker to gain privileges via a query to IZITools::query_check, IZITools::query_fetch, or IZITools::query_execute. | |||||
| CVE-2024-34532 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| A SQL injection vulnerability in Yvan Dotet PostgreSQL Query Deluxe module (aka query_deluxe) 17.x before 17.0.0.4 allows a remote attacker to gain privileges via the query parameter to models/querydeluxe.py:QueryDeluxe::get_result_from_query. | |||||
| CVE-2024-34412 | 2024-11-21 | N/A | 8.5 HIGH | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Parcel Panel ParcelPanel.This issue affects ParcelPanel: from n/a through 3.8.1. | |||||
| CVE-2024-34386 | 2024-11-21 | N/A | 7.6 HIGH | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Lucian Apostol Auto Affiliate Links.This issue affects Auto Affiliate Links: from n/a through 6.4.3.1. | |||||
| CVE-2024-34310 | 2024-11-21 | N/A | 8.8 HIGH | ||
| Jin Fang Times Content Management System v3.2.3 was discovered to contain a SQL injection vulnerability via the id parameter. | |||||
| CVE-2024-33787 | 2024-11-21 | N/A | 8.2 HIGH | ||
| Hengan Weighing Management Information Query Platform 2019-2021 53.25 was discovered to contain a SQL injection vulnerability via the tuser_Number parameter at search_user.aspx. | |||||
| CVE-2024-33559 | 2024-11-21 | N/A | 9.3 CRITICAL | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in 8theme XStore allows SQL Injection.This issue affects XStore: from n/a through 9.3.5. | |||||
| CVE-2024-33546 | 2024-11-21 | N/A | 9.6 CRITICAL | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AA-Team WZone allows SQL Injection.This issue affects WZone: from n/a through 14.0.10. | |||||
| CVE-2024-33544 | 2024-11-21 | N/A | 9.3 CRITICAL | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AA-Team WZone allows SQL Injection.This issue affects WZone: from n/a through 14.0.10. | |||||
| CVE-2024-33485 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| SQL Injection vulnerability in CASAP Automated Enrollment System using PHP/MySQLi with Source Code V1.0 allows a remote attacker to obtain sensitive information via a crafted payload to the login.php component | |||||
| CVE-2024-33292 | 2024-11-21 | N/A | 8.2 HIGH | ||
| SQL Injection vulnerability in Realisation MGSD v.1.0 allows a remote attacker to obtain sensitive information via the id parameter. | |||||
| CVE-2024-33276 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| SQL Injection vulnerability in FME Modules preorderandnotication v.3.1.0 and before allows a remote attacker to run arbitrary SQL commands via the PreorderModel::getIdProductAttributesByIdAttributes() method. | |||||
| CVE-2024-33275 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| SQL injection vulnerability in Webbax supernewsletter v.1.4.21 and before allows a remote attacker to escalate privileges via the Super Newsletter module in the product_search.php components. | |||||
| CVE-2024-33273 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| SQL injection vulnerability in shipup before v.3.3.0 allows a remote attacker to escalate privileges via the getShopID function. | |||||
| CVE-2024-33272 | 2024-11-21 | N/A | 6.8 MEDIUM | ||
| SQL injection vulnerability in KnowBand for PrestaShop autosuggest before 2.0.0 allows an attacker to run arbitrary SQL commands via the AutosuggestSearchModuleFrontController::initContent(), and AutosuggestSearchModuleFrontController::getKbProducts() components. | |||||
| CVE-2024-33269 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| SQL Injection vulnerability in Prestaddons flashsales 1.9.7 and before allows an attacker to run arbitrary SQL commands via the FsModel::getFlashSales method. | |||||