Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

DATE CVE VULNERABILITY TITLE RISK
2024-09-15 CVE-2024-8868 SQL Injection vulnerability in Code-Projects Crud Operation System 1.0
A vulnerability was found in code-projects Crud Operation System 1.0.
network
low complexity
code-projects CWE-89
critical
9.8
2024-09-14 CVE-2024-8669 The Backuply – Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to SQL Injection via the 'options' parameter passed to the backuply_wp_clone_sql() function in all versions up to, and including, 1.3.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
network
low complexity
CWE-89
critical
9.1
2024-09-13 CVE-2024-44430 SQL Injection vulnerability in Mayurik Best Free LAW Office Management 1.0
SQL Injection vulnerability in Best Free Law Office Management Software-v1.0 allows an attacker to execute arbitrary code and obtain sensitive information via a crafted payload to the kortex_lite/control/register_case.php interface
network
low complexity
mayurik CWE-89
critical
9.8
2024-09-13 CVE-2024-8784 SQL Injection vulnerability in Qdocs Smart School 7.0.0
A vulnerability classified as critical was found in QDocs Smart School Management System 7.0.0.
network
low complexity
qdocs CWE-89
8.8
2024-09-13 CVE-2024-8762 SQL Injection vulnerability in Code-Projects Crud Operation System 1.0
A vulnerability was found in code-projects Crud Operation System 1.0.
network
low complexity
code-projects CWE-89
critical
9.8
2024-09-12 CVE-2024-34334 SQL Injection vulnerability in Ordat Ordat.Erp
ORDAT FOSS-Online before v2.24.01 was discovered to contain a SQL injection vulnerability via the forgot password function.
network
low complexity
ordat CWE-89
7.5
2024-09-12 CVE-2024-8749 SQL Injection vulnerability in I-Doit 28
SQL injection vulnerability in idoit pro version 28.
network
low complexity
i-doit CWE-89
7.5
2024-09-12 CVE-2024-8522 SQL Injection vulnerability in Thimpress Learnpress
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to SQL Injection via the 'c_only_fields' parameter of the /wp-json/learnpress/v1/courses REST API endpoint in all versions up to, and including, 4.2.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
network
low complexity
thimpress CWE-89
7.5
2024-09-12 CVE-2024-8529 SQL Injection vulnerability in Thimpress Learnpress
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to SQL Injection via the 'c_fields' parameter of the /wp-json/lp/v1/courses/archive-course REST API endpoint in all versions up to, and including, 4.2.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
network
low complexity
thimpress CWE-89
7.5
2024-09-12 CVE-2024-8709 SQL Injection vulnerability in Mayurik Best House Rental Management System 1.0
A vulnerability classified as critical has been found in SourceCodester Best House Rental Management System 1.0.
network
low complexity
mayurik CWE-89
8.8