Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sql injection vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-3293
The rtMedia for WordPress, BuddyPress and bbPress plugin for WordPress is vulnerable to blind SQL Injection via the rtmedia_gallery shortcode in all versions up to, and including, 4.6.18 due to insufficient escaping on the user supplied parameter and lack of sufficient preparatio...
NA
CVE-2024-32480
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Versions before 24.4.0 are vulnerable to SQL injection. The `order` parameter is obtained from `$request`. After performing a string check, the value is directly incorporated into an SQL statement and con...
NA
CVE-2024-32461
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A SQL injection vulnerability in POST /search/search=packages in LibreNMS prior to version 24.4.0 allows a user with global read privileges to execute SQL commands via the package parameter. With this vul...
NA
CVE-2024-27574
SQL Injection vulnerability in Trainme Academy version Ichin v.1.3.2 allows a remote malicious user to obtain sensitive information via the informacion, idcurso, and tit parameters.
1 Github repository
NA
CVE-2024-31545
Computer Laboratory Management System v1.0 is vulnerable to SQL Injection via the "id" parameter of /admin/?page=user/manage_user&id=6.
NA
CVE-2024-22856
A SQL injection vulnerability via the Save Favorite Search function in Axefinance Axe Credit Portal >= v.3.0 allows authenticated malicious users to execute unintended queries and disclose sensitive information from DB tables via crafted requests.
NA
CVE-2024-30974
SQL Injection vulnerability in autoexpress v.1.3.0 allows malicious users to run arbitrary SQL commands via the carId parameter.
NA
CVE-2024-31547
Computer Laboratory Management System v1.0 is vulnerable to SQL Injection via the "id" parameter of /admin/item/view_item.php.
NA
CVE-2024-31546
Computer Laboratory Management System v1.0 is vulnerable to SQL Injection via the "id" parameter of /admin/damage/view_damage.php.
NA
CVE-2024-31750
SQL injection vulnerability in f-logic datacube3 v.1.0 allows a remote malicious user to obtain sensitive information via the req_id parameter.
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-21987
buffer overflow
CVE-2024-28890
CVE-2024-27574
CVE-2024-27347
CVE-2024-31450
privilege
SSTI
CVE-2024-31666
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »