Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-20 | CVE-2024-6113 | SQL Injection vulnerability in Janobe Monbela Tourist INN Online Reservation System 1.0 A vulnerability was found in itsourcecode Monbela Tourist Inn Online Reservation System 1.0. | 9.8 |
| 2024-06-20 | CVE-2024-5605 | SQL Injection vulnerability in Davidlingren Media Library Assistant The Media Library Assistant plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order’ parameter within the mla_tag_cloud Shortcode in all versions up to, and including, 3.16 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 8.8 |
| 2024-06-20 | CVE-2024-3561 | SQL Injection vulnerability in Custom Field Suite Project Custom Field Suite The Custom Field Suite plugin for WordPress is vulnerable to SQL Injection via the the 'Term' custom field in all versions up to, and including, 2.6.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 8.8 |
| 2024-06-20 | CVE-2024-3605 | SQL Injection vulnerability in Thimpress WP Hotel Booking The WP Hotel Booking plugin for WordPress is vulnerable to SQL Injection via the 'room_type' parameter of the /wphb/v1/rooms/search-rooms REST API endpoint in all versions up to, and including, 2.1.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 9.8 |
| 2024-06-20 | CVE-2024-4742 | SQL Injection vulnerability in Kainelabs Youzify The Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin for WordPress is vulnerable to SQL Injection via the order_by shortcode attribute in all versions up to, and including, 1.2.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 8.8 |
| 2024-06-19 | CVE-2024-36678 | SQL Injection vulnerability in Promokit PK Themesettings 1.8.8 In the module "Theme settings" (pk_themesettings) <= 1.8.8 from Promokit.eu for PrestaShop, a guest can perform SQL injection. | 9.8 |
| 2024-06-19 | CVE-2024-36684 | SQL Injection vulnerability in Prestashop PK Customlinks In the module "Custom links" (pk_customlinks) <= 2.3 from Promokit.eu for PrestaShop, a guest can perform SQL injection. | 9.8 |
| 2024-06-18 | CVE-2024-37802 | SQL Injection vulnerability in Health Care Hospital Management System Project Health Care Hospital Management System 1.0 CodeProjects Health Care hospital Management System v1.0 was discovered to contain a SQL injection vulnerability in the Patient Info module via the searvalu parameter. | 8.8 |
| 2024-06-18 | CVE-2024-38347 | SQL Injection vulnerability in Health Care Hospital Management System Project Health Care Hospital Management System 1.0 CodeProjects Health Care hospital Management System v1.0 was discovered to contain a SQL injection vulnerability in the Room Information module via the id parameter. | 8.8 |
| 2024-06-18 | CVE-2024-38348 | SQL Injection vulnerability in Health Care Hospital Management System Project Health Care Hospital Management System 1.0 CodeProjects Health Care hospital Management System v1.0 was discovered to contain a SQL injection vulnerability in the Staff Info module via the searvalu parameter. | 9.8 |