Total
14589 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-50971 | 1 Angeljudesuarez | 1 Construction Management System | 2024-11-18 | N/A | 7.2 HIGH |
| A SQL injection vulnerability in print.php of Itsourcecode Construction Management System 1.0 allows remote attackers to execute arbitrary SQL commands via the map_id parameter. | |||||
| CVE-2024-50970 | 1 Nikoarroyocuraza | 1 Online Furniture Shopping Project | 2024-11-18 | N/A | 8.8 HIGH |
| A SQL injection vulnerability in orderview1.php of Itsourcecode Online Furniture Shopping Project 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2024-11020 | 1 Vice | 1 Webopac | 2024-11-18 | N/A | 9.8 CRITICAL |
| Webopac from Grand Vice info has a SQL Injection vulnerability, allowing unauthenticated remote attacks to inject arbitrary SQL commands to read, modify, and delete database contents. | |||||
| CVE-2024-11101 | 1 1000projects | 1 Beauty Parlour Management System | 2024-11-18 | 5.8 MEDIUM | 9.8 CRITICAL |
| A vulnerability was found in 1000 Projects Beauty Parlour Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/search-invoices.php. The manipulation of the argument searchdata leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-11100 | 1 1000projects | 1 Beauty Parlour Management System | 2024-11-18 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability was found in 1000 Projects Beauty Parlour Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument name leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-10990 | 1 Oretnom23 | 1 Online Veterinary Appointment System | 2024-11-18 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability classified as critical was found in SourceCodester Online Veterinary Appointment System 1.0. This vulnerability affects unknown code of the file /admin/services/view_service.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-10991 | 1 Codezips | 1 Hospital Appointment System | 2024-11-18 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, has been found in Codezips Hospital Appointment System 1.0. This issue affects some unknown processing of the file /editBranchResult.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-50327 | 1 Ivanti | 1 Endpoint Manager | 2024-11-18 | N/A | 7.2 HIGH |
| SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | |||||
| CVE-2024-50326 | 1 Ivanti | 1 Endpoint Manager | 2024-11-18 | N/A | 7.2 HIGH |
| SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | |||||
| CVE-2024-44761 | 1 Gzequan | 1 Eq Enterprise Management System | 2024-11-18 | N/A | 9.8 CRITICAL |
| An issue in EQ Enterprise Management System before v2.0.0 allows attackers to execute a directory traversal via crafted requests. | |||||
| CVE-2024-50328 | 1 Ivanti | 1 Endpoint Manager | 2024-11-18 | N/A | 7.2 HIGH |
| SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | |||||
| CVE-2021-1470 | 2024-11-18 | N/A | 4.9 MEDIUM | ||
| A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability is due to improper input validation of SQL queries to an affected system. An attacker could exploit this vulnerability by authenticating to the application and sending malicious SQL queries to an affected system. A successful exploit could allow the attacker to modify values on or return values from the vManage database or the underlying operating system.Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities. | |||||
| CVE-2024-11251 | 2024-11-18 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability was found in erzhongxmu Jeewms up to 20241108. It has been rated as critical. This issue affects some unknown processing of the file cgReportController.do of the component AuthInterceptor. The manipulation of the argument begin_date leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. Other parameters might be affected as well. | |||||
| CVE-2024-10645 | 2024-11-18 | N/A | 7.5 HIGH | ||
| The Blogger 301 Redirect plugin for WordPress is vulnerable to blind time-based SQL Injection via the ‘br’ parameter in all versions up to, and including, 2.5.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | |||||
| CVE-2024-11305 | 2024-11-18 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability classified as critical was found in Altenergy Power Control Software up to 20241108. This vulnerability affects the function get_status_zigbee of the file /index.php/display/status_zigbee. The manipulation of the argument date leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-3370 | 2024-11-18 | N/A | 8.6 HIGH | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Egebilgi Software Website Template allows SQL Injection.This issue affects Website Template: before 29.04.2024. | |||||
| CVE-2024-9887 | 2024-11-18 | N/A | 7.2 HIGH | ||
| The Login using WordPress Users ( WP as SAML IDP ) plugin for WordPress is vulnerable to time-based SQL Injection via the ‘id’ parameter in all versions up to, and including, 1.15.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | |||||
| CVE-2024-50826 | 1 Lopalopa | 1 E-learning Management System | 2024-11-18 | N/A | 7.2 HIGH |
| A SQL Injection vulnerability was found in /admin/add_content.php in kashipara E-learning Management System Project 1.0 via the title and content parameters. | |||||
| CVE-2024-50825 | 1 Lopalopa | 1 E-learning Management System | 2024-11-18 | N/A | 7.2 HIGH |
| A SQL Injection vulnerability was found in /admin/school_year.php in kashipara E-learning Management System Project 1.0 via the school_year parameter. | |||||
| CVE-2024-50824 | 1 Lopalopa | 1 E-learning Management System | 2024-11-18 | N/A | 7.2 HIGH |
| A SQL Injection vulnerability was found in /admin/class.php in kashipara E-learning Management System Project 1.0 via the class_name parameter. | |||||