Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

DATE CVE VULNERABILITY TITLE RISK
2024-02-07 CVE-2023-46914 SQL Injection vulnerability in Bookingcalendar Project Bookingcalendar 2.7.9
SQL Injection vulnerability in RM bookingcalendar module for PrestaShop versions 2.7.9 and before, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via ics_export.php.
network
low complexity
bookingcalendar-project CWE-89
critical
 9.8
9.8
2024-02-07 CVE-2024-24303 SQL Injection vulnerability in Hipresta Gift Wrapping PRO 1.4.0
SQL Injection vulnerability in HiPresta "Gift Wrapping Pro" (hiadvancedgiftwrapping) module for PrestaShop before version 1.4.1, allows remote attackers to escalate privileges and obtain sensitive information via the HiAdvancedGiftWrappingGiftWrappingModuleFrontController::addGiftWrappingCartValue() method.
network
low complexity
hipresta CWE-89
critical
 9.8
9.8
2024-02-07 CVE-2024-24019 SQL Injection vulnerability in Xxyopen Novel-Plus
A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions.
network
low complexity
xxyopen CWE-89
critical
 9.8
9.8
2024-02-07 CVE-2024-0971 SQL Injection vulnerability in Tenable Nessus
A SQL injection vulnerability exists where an authenticated, low-privileged remote attacker could potentially alter scan DB content.
network
low complexity
tenable CWE-89
6.5
6.5
2024-02-07 CVE-2024-24001 SQL Injection vulnerability in Jishenghua Jsherp 3.3
jshERP v3.3 is vulnerable to SQL Injection.
network
low complexity
jishenghua CWE-89
critical
 9.8
9.8
2024-02-07 CVE-2024-24002 SQL Injection vulnerability in Jishenghua Jsherp 3.3
jshERP v3.3 is vulnerable to SQL Injection.
network
low complexity
jishenghua CWE-89
critical
 9.8
9.8
2024-02-07 CVE-2024-24004 SQL Injection vulnerability in Jishenghua Jsherp 3.3
jshERP v3.3 is vulnerable to SQL Injection.
network
low complexity
jishenghua CWE-89
critical
 9.8
9.8
2024-02-06 CVE-2024-1254 SQL Injection vulnerability in Byzoro Smart S20 Firmware 20231120
A vulnerability, which was classified as critical, was found in Byzoro Smart S20 Management Platform up to 20231120.
network
low complexity
byzoro CWE-89
7.2
7.2
2024-02-06 CVE-2024-24013 SQL Injection vulnerability in Xxyopen Novel-Plus
A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions.
network
low complexity
xxyopen CWE-89
critical
 9.8
9.8
2024-02-06 CVE-2024-24015 SQL Injection vulnerability in Xxyopen Novel-Plus
A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions.
network
low complexity
xxyopen CWE-89
critical
 9.8
9.8