Total
16228 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-8332 | 1 Master-nan | 1 Sweet-cms | 2024-09-03 | 6.5 MEDIUM | 9.8 CRITICAL |
| A vulnerability was found in master-nan Sweet-CMS up to 5f441e022b8876f07cde709c77b5be6d2f262e3f. It has been declared as critical. This vulnerability affects unknown code of the file /table/index. The manipulation leads to sql injection. The attack can be initiated remotely. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The name of the patch is 146359646a5a90cb09156dbd0013b7df77f2aa6c. It is recommended to apply a patch to fix this issue. | |||||
| CVE-2024-7651 | 1 Appcheap | 1 App Builder | 2024-08-31 | N/A | 7.5 HIGH |
| The App Builder – Create Native Android & iOS Apps On The Flight plugin for WordPress is vulnerable to limited SQL Injection via the ‘app-builder-search’ parameter in all versions up to, and including, 4.2.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | |||||
| CVE-2024-38795 | 1 Cridio | 1 Listingpro | 2024-08-30 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CridioStudio ListingPro allows SQL Injection.This issue affects ListingPro: from n/a through 2.9.4. | |||||
| CVE-2024-39620 | 1 Cridio | 1 Listingpro | 2024-08-30 | N/A | 8.8 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CridioStudio ListingPro allows SQL Injection.This issue affects ListingPro: from n/a through 2.9.4. | |||||
| CVE-2024-39622 | 1 Cridio | 1 Listingpro | 2024-08-30 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CridioStudio ListingPro.This issue affects ListingPro: from n/a through 2.9.4. | |||||
| CVE-2024-41236 | 1 Lopalopa | 1 Responsive School Management System | 2024-08-30 | N/A | 7.2 HIGH |
| A SQL injection vulnerability in /smsa/admin_login.php in Kashipara Responsive School Management System v3.2.0 allows an attacker to execute arbitrary SQL commands via the "username" parameter of the Admin Login Page | |||||
| CVE-2024-29723 | 1 Sportsnet | 1 Sportsnet | 2024-08-30 | N/A | 9.8 CRITICAL |
| SQL injection vulnerabilities in SportsNET affecting version 4.0.1. These vulnerabilities could allow an attacker to retrieve, update and delete all information in the database by sending a specially crafted SQL query: https://XXXXXXX.saludydesafio.com/conexiones/ax/openTracExt/, parameter categoria;. | |||||
| CVE-2024-29724 | 1 Sportsnet | 1 Sportsnet | 2024-08-30 | N/A | 9.8 CRITICAL |
| SQL injection vulnerabilities in SportsNET affecting version 4.0.1. These vulnerabilities could allow an attacker to retrieve, update and delete all information in the database by sending a specially crafted SQL query: https://XXXXXXX.saludydesafio.com/ax/registerSp/, parameter idDesafio. | |||||
| CVE-2024-29725 | 1 Sportsnet | 1 Sportsnet | 2024-08-30 | N/A | 9.8 CRITICAL |
| SQL injection vulnerabilities in SportsNET affecting version 4.0.1. These vulnerabilities could allow an attacker to retrieve, update and delete all information in the database by sending a specially crafted SQL query: https://XXXXXXX.saludydesafio.com/app/ax/sort_bloques/, parameter list. | |||||
| CVE-2024-29726 | 1 Sportsnet | 1 Sportsnet | 2024-08-30 | N/A | 9.8 CRITICAL |
| SQL injection vulnerabilities in SportsNET affecting version 4.0.1. These vulnerabilities could allow an attacker to retrieve, update and delete all information in the database by sending a specially crafted SQL query: https://XXXXXXX.saludydesafio.com/app/ax/setAsRead/, parameter id. | |||||
| CVE-2024-29728 | 1 Sportsnet | 1 Sportsnet | 2024-08-30 | N/A | 9.8 CRITICAL |
| SQL injection vulnerabilities in SportsNET affecting version 4.0.1. These vulnerabilities could allow an attacker to retrieve, update and delete all information in the database by sending a specially crafted SQL query: https://XXXXXXX.saludydesafio.com/app/ax/inscribeUsuario/ , parameter idDesafio. | |||||
| CVE-2024-29729 | 1 Sportsnet | 1 Sportsnet | 2024-08-30 | N/A | 9.8 CRITICAL |
| SQL injection vulnerabilities in SportsNET affecting version 4.0.1. These vulnerabilities could allow an attacker to retrieve, update and delete all information in the database by sending a specially crafted SQL query: https://XXXXXXX.saludydesafio.com/app/ax/generateShortURL/, parameter url. | |||||
| CVE-2024-29730 | 1 Sportsnet | 1 Sportsnet | 2024-08-30 | N/A | 9.8 CRITICAL |
| SQL injection vulnerabilities in SportsNET affecting version 4.0.1. These vulnerabilities could allow an attacker to retrieve, update and delete all information in the database by sending a specially crafted SQL query: https://XXXXXXX.saludydesafio.com/app/ax/consejoRandom/ , parameter idCat;. | |||||
| CVE-2024-29731 | 1 Sportsnet | 1 Sportsnet | 2024-08-30 | N/A | 9.8 CRITICAL |
| SQL injection vulnerabilities in SportsNET affecting version 4.0.1. These vulnerabilities could allow an attacker to retrieve, update and delete all information in the database by sending a specially crafted SQL query: https://XXXXXXX.saludydesafio.com/app/ax/checkBlindFields/ , parameters idChallenge and idEmpresa. | |||||
| CVE-2024-29727 | 1 Sportsnet | 1 Sportsnet | 2024-08-30 | N/A | 9.8 CRITICAL |
| SQL injection vulnerabilities in SportsNET affecting version 4.0.1. These vulnerabilities could allow an attacker to retrieve, update and delete all information in the database by sending a specially crafted SQL query: https://XXXXXXX.saludydesafio.com/app/ax/sendParticipationRemember/ , parameter send. | |||||
| CVE-2024-8301 | 1 Gitapp | 1 Dingfanzu | 2024-08-30 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability was found in dingfanzu CMS up to 29d67d9044f6f93378e6eb6ff92272217ff7225c. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /ajax/checkin.php. The manipulation of the argument username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-6632 | 1 Fortra | 1 Filecatalyst Workflow | 2024-08-30 | N/A | 7.2 HIGH |
| A vulnerability exists in FileCatalyst Workflow whereby a field accessible to the super admin can be used to perform an SQL injection attack which can lead to a loss of confidentiality, integrity, and availability. | |||||
| CVE-2024-7071 | 1 Brainlowcode | 1 Brain Low-code | 2024-08-30 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'), CWE - 564 - SQL Injection: Hibernate vulnerability in Brain Information Technologies Inc. Brain Low-Code allows SQL Injection.This issue affects Brain Low-Code: before 2.1.0. | |||||
| CVE-2024-8303 | 2024-08-30 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability classified as critical has been found in dingfanzu CMS up to 29d67d9044f6f93378e6eb6ff92272217ff7225c. This affects an unknown part of the file /ajax/getBasicInfo.php. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-8217 | 1 Donbermoy | 1 E-commerce Website | 2024-08-29 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability has been found in SourceCodester E-Commerce Website 1.0 and classified as critical. This vulnerability affects unknown code of the file /Admin/registration.php. The manipulation of the argument fname leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||