Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

DATE CVE VULNERABILITY TITLE RISK
2021-09-08 CVE-2021-40814 SQL Injection vulnerability in Mypresta Customer Photo Gallery
The Customer Photo Gallery addon before 2.9.4 for PrestaShop is vulnerable to SQL injection.
network
low complexity
mypresta CWE-89
7.5
2021-09-08 CVE-2020-19853 SQL Injection vulnerability in Bluecms Project Bluecms 1.6
BlueCMS v1.6 contains a SQL injection vulnerability via /ad_js.php.
network
low complexity
bluecms-project CWE-89
7.5
2021-09-07 CVE-2021-38706 SQL Injection vulnerability in Cliniccases 7.3.3
messages_load.php in ClinicCases 7.3.3 suffers from a blind SQL injection vulnerability, which allows low-privileged attackers to execute arbitrary SQL commands through a vulnerable parameter.
network
low complexity
cliniccases CWE-89
6.5
2021-09-07 CVE-2020-7819 SQL Injection vulnerability in Ntracker USB Enterprise
A SQL-Injection vulnerability in the nTracker USB Enterprise(secure USB management solution) allows a remote unauthenticated attacker to perform SQL query to access username password and other session related information.
network
low complexity
ntracker CWE-89
5.0
2021-09-07 CVE-2021-38840 SQL Injection vulnerability in Simple Water Refilling Station Management System Project Simple Water Refilling Station Management System 1.0
SQL Injection can occur in Simple Water Refilling Station Management System 1.0 via the water_refilling/classes/Login.php username parameter.
7.5
2021-09-06 CVE-2021-24303 SQL Injection vulnerability in Jiangqie Official Website Mini Program 1.0/1.0.5/1.1.0
The JiangQie Official Website Mini Program WordPress plugin before 1.1.1 does not escape or validate the id GET parameter before using it in SQL statements, leading to SQL injection issues
network
low complexity
jiangqie CWE-89
6.5
2021-09-06 CVE-2021-24390 SQL Injection vulnerability in Alipay Project Alipay
A proid GET parameter of the WordPress支付�Alipay|财付通Tenpay|��PayPal集��件 WordPress plugin through 3.7.2 is not sanitised, properly escaped or validated before inserting to a SQL statement not delimited by quotes, leading to SQL injection.
network
low complexity
alipay-project CWE-89
6.5
2021-09-06 CVE-2021-24391 SQL Injection vulnerability in Cashtomer Project Cashtomer 1.0.0
An editid GET parameter of the Cashtomer WordPress plugin through 1.0.0 is not properly sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection.
network
low complexity
cashtomer-project CWE-89
6.5
2021-09-06 CVE-2021-24392 SQL Injection vulnerability in Swiftcrm Club-Management-Software
An id GET parameter of the WordPress Membership SwiftCloud.io WordPress plugin through 1.0 is not properly sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection.
network
low complexity
swiftcrm CWE-89
6.5
2021-09-06 CVE-2021-24393 SQL Injection vulnerability in Comment Highlighter Project Comment Highlighter 0.13
A c GET parameter of the Comment Highlighter WordPress plugin through 0.13 is not properly sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection.
network
low complexity
comment-highlighter-project CWE-89
6.5