Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-13 | CVE-2024-8762 | SQL Injection vulnerability in Code-Projects Crud Operation System 1.0 A vulnerability was found in code-projects Crud Operation System 1.0. | 9.8 |
| 2024-09-12 | CVE-2024-34334 | SQL Injection vulnerability in Ordat Ordat.Erp ORDAT FOSS-Online before v2.24.01 was discovered to contain a SQL injection vulnerability via the forgot password function. | 7.5 |
| 2024-09-12 | CVE-2024-8749 | SQL Injection vulnerability in I-Doit 28 SQL injection vulnerability in idoit pro version 28. | 7.5 |
| 2024-09-12 | CVE-2024-8522 | SQL Injection vulnerability in Thimpress Learnpress The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to SQL Injection via the 'c_only_fields' parameter of the /wp-json/learnpress/v1/courses REST API endpoint in all versions up to, and including, 4.2.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 7.5 |
| 2024-09-12 | CVE-2024-8529 | SQL Injection vulnerability in Thimpress Learnpress The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to SQL Injection via the 'c_fields' parameter of the /wp-json/lp/v1/courses/archive-course REST API endpoint in all versions up to, and including, 4.2.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 7.5 |
| 2024-09-12 | CVE-2024-7766 | SQL Injection vulnerability in Erichamby Adicon Server The Adicon Server WordPress plugin through 1.2 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks | 7.2 |
| 2024-09-12 | CVE-2024-8709 | SQL Injection vulnerability in Mayurik Best House Rental Management System 1.0 A vulnerability classified as critical has been found in SourceCodester Best House Rental Management System 1.0. | 8.8 |
| 2024-09-12 | CVE-2024-8710 | SQL Injection vulnerability in Code-Projects Inventory Management 1.0 A vulnerability classified as critical was found in code-projects Inventory Management 1.0. | 8.8 |
| 2024-09-12 | CVE-2024-32840 | SQL Injection vulnerability in Ivanti Endpoint Manager An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | 7.2 |
| 2024-09-12 | CVE-2024-32842 | SQL Injection vulnerability in Ivanti Endpoint Manager An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | 7.2 |