Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-06 | CVE-2024-24112 | SQL Injection vulnerability in Exrick Xmall 1.1 xmall v1.1 was discovered to contain a SQL injection vulnerability via the orderDir parameter. | 9.8 |
| 2024-02-05 | CVE-2024-0709 | SQL Injection vulnerability in Coolplugins Cryptocurrency Widgets The Cryptocurrency Widgets – Price Ticker & Coins List plugin for WordPress is vulnerable to SQL Injection via the 'coinslist' parameter in versions 2.0 to 2.6.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 7.5 |
| 2024-02-05 | CVE-2023-51951 | SQL Injection vulnerability in Stock Management System Project Stock Management System 1.0 SQL Injection vulnerability in Stock Management System 1.0 allows a remote attacker to execute arbitrary code via the id parameter in the manage_bo.php file. | 9.8 |
| 2024-02-02 | CVE-2024-1197 | SQL Injection vulnerability in Remyandrade Testimonial Page Manager 1.0 A vulnerability, which was classified as critical, has been found in SourceCodester Testimonial Page Manager 1.0. | 9.8 |
| 2024-02-02 | CVE-2024-22108 | SQL Injection vulnerability in Gttb GTB Central Console 15.17.130814.Ng An issue was discovered in GTB Central Console 15.17.1-30814.NG. | 9.8 |
| 2024-02-02 | CVE-2024-24029 | SQL Injection vulnerability in Jfinalcms Project Jfinalcms 5.0.0 JFinalCMS 5.0.0 is vulnerable to SQL injection via /admin/content/data. | 9.8 |
| 2024-02-02 | CVE-2024-0253 | SQL Injection vulnerability in Zohocorp Manageengine Adaudit Plus ManageEngine ADAudit Plus versions 7270 and below are vulnerable to the Authenticated SQL injection in home Graph-Data. | 8.8 |
| 2024-02-02 | CVE-2024-0269 | SQL Injection vulnerability in Zohocorp Manageengine Adaudit Plus ManageEngine ADAudit Plus versions 7270 and below are vulnerable to the Authenticated SQL injection in File-Summary DrillDown. | 8.8 |
| 2024-02-02 | CVE-2023-48645 | SQL Injection vulnerability in Eptura Archibus 4.0.3 An issue was discovered in the Archibus app 4.0.3 for iOS. | 7.8 |
| 2024-02-02 | CVE-2024-0685 | SQL Injection vulnerability in Ninjaforms Ninja Forms The Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Second Order SQL Injection via the email address value submitted through forms in all versions up to, and including, 3.7.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 9.8 |