Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-01-16 | CVE-2024-57162 | SQL Injection vulnerability in Campcodes Cybercafe Management System 1.0 Campcodes Cybercafe Management System v1.0 is vulnerable to SQL Injection in /ccms/view-user-detail.php. | 7.2 |
| 2025-01-16 | CVE-2024-12613 | SQL Injection vulnerability in Hirewebxperts Passwords Manager The Passwords Manager plugin for WordPress is vulnerable to SQL Injection via the $wpdb->prefix value in several AJAX fuctions in all versions up to, and including, 1.4.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 7.5 |
| 2025-01-16 | CVE-2024-12615 | SQL Injection vulnerability in Hirewebxperts Passwords Manager The Passwords Manager plugin for WordPress is vulnerable to SQL Injection via the $wpdb->prefix value in several AJAX actions in all versions up to, and including, 1.4.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 6.5 |
| 2025-01-16 | CVE-2025-0455 | The airPASS from NetVision Information has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents. | 9.8 |
| 2025-01-15 | CVE-2025-0491 | SQL Injection vulnerability in Fanli2012 Native-PHP-Cms 1.0 A vulnerability, which was classified as critical, was found in Fanli2012 native-php-cms 1.0. | 9.8 |
| 2025-01-15 | CVE-2025-0486 | SQL Injection vulnerability in Fanli2012 Native-PHP-Cms 1.0 A vulnerability was found in Fanli2012 native-php-cms 1.0. | 9.8 |
| 2025-01-15 | CVE-2025-0487 | SQL Injection vulnerability in Fanli2012 Native-PHP-Cms 1.0 A vulnerability was found in Fanli2012 native-php-cms 1.0. | 9.8 |
| 2025-01-14 | CVE-2024-35275 | SQL Injection vulnerability in Fortinet products A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiAnalyzer version 7.4.0 through 7.4.2, FortiManager version 7.4.0 through 7.4.2 allows attacker to escalation of privilege via specially crafted http requests. | 8.8 |
| 2025-01-14 | CVE-2024-35278 | SQL Injection vulnerability in Fortinet Fortiportal A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiPortal versions 7.2.4 through 7.2.0 and 7.0.0 through 7.2.8 may allow an authenticated attacker to view the SQL query being run server-side when submitting an HTTP request, via including special elements in said request. | 4.3 |
| 2025-01-14 | CVE-2024-52969 | SQL Injection vulnerability in Fortinet Fortisiem An Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability [CWE-89] in FortiSIEM ersion 7.1.7 and below, version 7.1.0, version 7.0.3 and below, version 6.7.9 and below, 6.7.8, version 6.6.5 and below, version 6.5.3 and below, version 6.4.4 and below Update/Create Case feature may allow an authenticated attacker to extract database information via crafted requests. | 6.5 |