Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-02 | CVE-2024-6438 | SQL Injection vulnerability in Hitout Carsale 1.0 A vulnerability has been found in Hitout Carsale 1.0 and classified as critical. | 6.5 |
| 2024-07-02 | CVE-2024-6440 | SQL Injection vulnerability in Home Owners Collection Management System Project Home Owners Collection Management System 1.0 A vulnerability was found in SourceCodester Home Owners Collection Management System 1.0. | 9.8 |
| 2024-07-02 | CVE-2024-6172 | SQL Injection vulnerability in Icegram Email Subscribers & Newsletters The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to time-based SQL Injection via the db parameter in all versions up to, and including, 5.7.25 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 9.8 |
| 2024-07-02 | CVE-2024-5606 | SQL Injection vulnerability in Expresstech Quiz and Survey Master The Quiz and Survey Master (QSM) WordPress plugin before 9.0.2 is vulnerable does not validate and escape the question_id parameter in the qsm_bulk_delete_question_from_database AJAX action, leading to a SQL injection exploitable by Contributors and above role | 8.8 |
| 2024-07-01 | CVE-2024-6419 | SQL Injection vulnerability in Oretnom23 Medicine Tracker System 1.0 A vulnerability classified as critical was found in SourceCodester Medicine Tracker System 1.0. | 9.8 |
| 2024-06-30 | CVE-2024-6417 | SQL Injection vulnerability in Oretnom23 Simple Online Bidding System 1.0 A vulnerability was found in SourceCodester Simple Online Bidding System 1.0. | 7.5 |
| 2024-06-30 | CVE-2024-6418 | SQL Injection vulnerability in Oretnom23 Medicine Tracker System 1.0 A vulnerability classified as critical has been found in SourceCodester Medicine Tracker System 1.0. | 5.3 |
| 2024-06-29 | CVE-2024-6265 | SQL Injection vulnerability in Ayecode Userswp The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the ‘uwp_sort_by’ parameter in all versions up to, and including, 1.2.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 9.8 |
| 2024-06-28 | CVE-2024-3816 | SQL Injection vulnerability in Conceptintermedia S@M CMS Sites managed in S@M CMS (Concept Intermedia) might be vulnerable to a blind SQL Injection executed using the search bar. Only a part of observed services is vulnerable, but since vendor has not investigated the root problem, it is hard to determine when the issue appears. | 9.8 |
| 2024-06-27 | CVE-2024-6371 | SQL Injection vulnerability in Janobe Pool of Bethesda Online Reservation System 1.0 A vulnerability, which was classified as critical, has been found in itsourcecode Pool of Bethesda Online Reservation System 1.0. | 9.8 |