Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sql injection vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-36597
Aegon Life v1.0 exists to contain a SQL injection vulnerability via the client_id parameter at clientStatus.php.
1 Github repository
NA
CVE-2024-3552
The Web Directory Free WordPress plugin prior to 1.7.0 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection with different techniques like UNION, Time-Based and Error-Based.
1 Github repository
NA
CVE-2024-36840
SQL Injection vulnerability in Boelter Blue System Management v.1.3 allows a remote malicious user to execute arbitrary code and obtain sensitive information via the id parameter to news_details.php and location_details.php; and the section parameter to services.php.
NA
CVE-2024-31495
A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiPortal versions 7.0.0 up to and including 7.0.6 and version 7.2.0 allows privileged user to obtain unauthorized information via the report download functionality.
NA
CVE-2023-23775
Multiple improper neutralization of special elements used in SQL commands ('SQL Injection') vulnerabilities [CWE-89] in FortiSOAR 7.2.0 and prior to 7.0.3 may allow an authenticated malicious user to execute unauthorized code or commands via specifically crafted strings...
NA
CVE-2024-3549
The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to SQL Injection via the 'b2sSortPostType' parameter in all versions up to, and including, 7.4.1 due to insufficient escaping on the user supplied parameter and lack of sufficient...
NA
CVE-2024-22261
SQL-Injection in Harbor allows priviledge users to leak the task IDs
NA
CVE-2024-36411
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions before 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in EmailUIAjax displayView controller. Versions 7.14.4 and 8.6.1 contain a fix for this issue.
Salesagility Suitecrm
NA
CVE-2024-36412
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in events response entry point allows for a SQL injection attack. Versions 7.14.4 and 8.6.1 contain a fix for this issue.
Salesagility Suitecrm
1 Github repository
NA
CVE-2024-36409
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions before 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in Tree data entry point. Versions 7.14.4 and 8.6.1 contain a fix for this issue.
Salesagility Suitecrm
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »