Total
16884 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-36678 | 1 Promokit | 1 Pk Themesettings | 2024-11-21 | N/A | 9.8 CRITICAL |
| In the module "Theme settings" (pk_themesettings) <= 1.8.8 from Promokit.eu for PrestaShop, a guest can perform SQL injection. The script ajax.php have a sensitive SQL call that can be executed with a trivial http call and exploited to forge a SQL injection. | |||||
| CVE-2024-36673 | 1 Pharmacy\/medical Store Point Of Sale System Project | 1 Pharmacy\/medical Store Point Of Sale System | 2024-11-21 | N/A | 9.8 CRITICAL |
| Sourcecodester Pharmacy/Medical Store Point of Sale System 1.0 is vulnerable SQL Injection via login.php. This vulnerability stems from inadequate validation of user inputs for the email and password parameters, allowing attackers to inject malicious SQL queries. | |||||
| CVE-2024-36412 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | N/A | 10.0 CRITICAL |
| SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in events response entry point allows for a SQL injection attack. Versions 7.14.4 and 8.6.1 contain a fix for this issue. | |||||
| CVE-2024-36411 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | N/A | 9.6 CRITICAL |
| SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in EmailUIAjax displayView controller. Versions 7.14.4 and 8.6.1 contain a fix for this issue. | |||||
| CVE-2024-36410 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | N/A | 9.6 CRITICAL |
| SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in EmailUIAjax messages count controller. Versions 7.14.4 and 8.6.1 contain a fix for this issue. | |||||
| CVE-2024-36409 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | N/A | 9.6 CRITICAL |
| SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in Tree data entry point. Versions 7.14.4 and 8.6.1 contain a fix for this issue. | |||||
| CVE-2024-36408 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | N/A | 9.6 CRITICAL |
| SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in the `Alerts` controller. Versions 7.14.4 and 8.6.1 contain a fix for this issue. | |||||
| CVE-2024-36393 | 1 Sysaid | 1 Sysaid | 2024-11-21 | N/A | 9.9 CRITICAL |
| SysAid - CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | |||||
| CVE-2024-36082 | 1 Codepeople | 1 Music Store | 2024-11-21 | N/A | 6.5 MEDIUM |
| SQL injection vulnerability in Music Store - WordPress eCommerce versions prior to 1.1.14 allows a remote authenticated attacker with an administrative privilege to execute arbitrary SQL commands. Information stored in the database may be obtained or altered by the attacker. | |||||
| CVE-2024-35750 | 1 Wpdevart | 1 Gallery | 2024-11-21 | N/A | 8.5 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpdevart Responsive Image Gallery, Gallery Album.This issue affects Responsive Image Gallery, Gallery Album: from n/a through 2.0.3. | |||||
| CVE-2024-35736 | 1 Themeisle | 1 Visualizer | 2024-11-21 | N/A | 8.5 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeisle Visualizer.This issue affects Visualizer: from n/a through 3.11.1. | |||||
| CVE-2024-35630 | 2024-11-21 | N/A | 7.6 HIGH | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LJ Apps WP TripAdvisor Review Slider allows Blind SQL Injection.This issue affects WP TripAdvisor Review Slider: from n/a through 12.6. | |||||
| CVE-2024-35563 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| CDG-Server-V5.6.2.126.139 and earlier was discovered to contain a SQL injection vulnerability via the permissionId parameter in CDGTempPermissions. | |||||
| CVE-2024-35548 | 2024-11-21 | N/A | 5.4 MEDIUM | ||
| A SQL injection vulnerability in Mybatis plus versions below 3.5.6 allows remote attackers to obtain database information via a Boolean blind injection. NOTE: the vendor's position is that this can only occur in a misconfigured application; the documentation discusses how to develop applications that avoid SQL injection. | |||||
| CVE-2024-35361 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| MTab Bookmark v1.9.5 has an SQL injection vulnerability in /LinkStore/getIcon. An attacker can execute arbitrary SQL statements through this vulnerability without requiring any user rights. | |||||
| CVE-2024-35359 | 1 Dino Physics School Assistant Project | 1 Dino Physics School Assistant | 2024-11-21 | N/A | 9.8 CRITICAL |
| A vulnerability has been discovered in Diño Physics School Assistant version 2.3. The vulnerability impacts an unidentified code within the file /classes/Master.php?f=view_item. Manipulating the argument id can result in SQL injection. | |||||
| CVE-2024-35349 | 1 Dino Physics School Assistant Project | 1 Dino Physics School Assistant | 2024-11-21 | N/A | 9.8 CRITICAL |
| A vulnerability has been discovered in Diño Physics School Assistant version 2.3. The vulnerability impacts an unidentified code within the file /admin/category/view_category.php. Manipulating the argument id can result in SQL injection. | |||||
| CVE-2024-34994 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| In the module "Channable" (channable) up to version 3.2.1 from Channable for PrestaShop, a guest can perform SQL injection via `ChannableFeedModuleFrontController::postProcess()`. | |||||
| CVE-2024-34993 | 2024-11-21 | N/A | 6.3 MEDIUM | ||
| In the module "Bulk Export products to Google Merchant-Google Shopping" (bagoogleshopping) up to version 1.0.26 from Buy Addons for PrestaShop, a guest can perform SQL injection via`GenerateCategories::renderCategories(). | |||||
| CVE-2024-34992 | 2024-11-21 | N/A | 8.8 HIGH | ||
| SQL Injection vulnerability in the module "Help Desk - Customer Support Management System" (helpdesk) up to version 2.4.0 from FME Modules for PrestaShop allows attackers to obtain sensitive information and cause other impacts via 'Tickets::getsearchedtickets()' | |||||