Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
database vulnerabilities and exploits
(subscribe to this query)
9.9
CVSSv3
CVE-2016-8355
An issue exists in Smiths-Medical CADD-Solis Medication Safety Software, Version 1.0; 2.0; 3.0; and 3.1. CADD-Solis Medication Safety Software grants an authenticated user elevated privileges on the SQL database, which would allow an authenticated user to modify drug libraries, a...
Smiths-medical Cadd-solis Medication Safety Software 3.0
Smiths-medical Cadd-solis Medication Safety Software 1.0
Smiths-medical Cadd-solis Medication Safety Software 2.0
Smiths-medical Cadd-solis Medication Safety Software 3.1
9.8
CVSSv3
CVE-2024-3495
The Country State City Dropdown CF7 plugin for WordPress is vulnerable to SQL Injection via the ‘cnt’ and 'sid' parameters in versions up to, and including, 2.7.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation ...
2 Github repositories
9.8
CVSSv3
CVE-2024-4893
DigiWin EasyFlow .NET lacks validation for certain input parameters, allowing remote malicious users to inject arbitrary SQL commands. This vulnerability enables unauthorized access to read, modify, and delete database records, as well as execute system commands.
9.8
CVSSv3
CVE-2024-4434
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the ‘term_id’ parameter in versions up to, and including, 4.2.6.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparat...
9.8
CVSSv3
CVE-2024-2876
The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'run' function of the 'IG_ES_Subscribers_Query' class in all versions up to, a...
1 Github repository
1 Article
9.8
CVSSv3
CVE-2024-4300
E-WEBInformationCo. FS-EZViewer(Web) exposes sensitive information in the service. A remote attacker can obtain the database configuration file path through the webpage source code without login. Accessing this path allows malicious user to obtain the database credential with the...
9.8
CVSSv3
CVE-2023-48788
A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiClientEMS version 7.2.0 up to and including 7.2.2, FortiClientEMS 7.0.1 up to and including 7.0.10 allows malicious user to execute unauthorized code or commands via ...
Fortinet Forticlient Enterprise Management Server
6 Github repositories
4 Articles
9.8
CVSSv3
CVE-2024-26264
EBM Technologies RISWEB's specific query function parameter does not properly restrict user input, and this feature page is accessible without login. This allows remote malicious users to inject SQL commands without authentication, enabling them to read, modify, and delete d...
9.8
CVSSv3
CVE-2024-1207
The WP Booking Calendar plugin for WordPress is vulnerable to SQL Injection via the 'calendar_request_params[dates_ddmmyy_csv]' parameter in all versions up to, and including, 9.9 due to insufficient escaping on the user supplied parameter and lack of sufficient prepara...
Wpbookingcalendar Booking Calendar
9.8
CVSSv3
CVE-2023-38995
An issue in SCHUHFRIED v.8.22.00 allows remote malicious user to obtain the database password via crafted curl command.
Schuhfried Schuhfried
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »