Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

DATE CVE VULNERABILITY TITLE RISK
2024-12-31 CVE-2024-13078 SQL Injection vulnerability in PHPgurukul Land Record System 1.0
A vulnerability has been found in PHPGurukul Land Record System 1.0 and classified as critical.
network
low complexity
phpgurukul CWE-89
8.8
8.8
2024-12-31 CVE-2024-13072 SQL Injection vulnerability in 1000Projects Beauty Parlour Management System 1.0
A vulnerability was found in 1000 Projects Beauty Parlour Management System 1.0.
network
low complexity
1000projects CWE-89
critical
 9.8
9.8
2024-12-30 CVE-2024-13037 SQL Injection vulnerability in 1000Projects Attendance Tracking Management System 1.0
A vulnerability was found in 1000 Projects Attendance Tracking Management System 1.0.
network
low complexity
1000projects CWE-89
critical
 9.8
9.8
2024-12-30 CVE-2024-13035 SQL Injection vulnerability in Code-Projects Chat System 1.0
A vulnerability has been found in code-projects Chat System 1.0 and classified as critical.
network
low complexity
code-projects CWE-89
critical
 9.8
9.8
2024-12-30 CVE-2024-13036 SQL Injection vulnerability in Fabianros Chat System 1.0
A vulnerability was found in code-projects Chat System 1.0 and classified as critical.
network
low complexity
fabianros CWE-89
7.5
7.5
2024-12-25 CVE-2024-8950 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Arne Informatics Piramit Automation allows Blind SQL Injection.This issue affects Piramit Automation: before 27.09.2024.
network
low complexity
CWE-89
critical
 9.9
9.9
2024-12-25 CVE-2024-10862 SQL Injection vulnerability in Basixonline Nex-Forms
The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to SQL Injection via the 'search_params' parameter in all versions up to, and including, 8.7.13 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
network
low complexity
basixonline CWE-89
4.9
4.9
2024-12-25 CVE-2024-12428 The WP Data Access – App, Table, Form and Chart Builder plugin plugin for WordPress is vulnerable to SQL Injection via the 'order[user_login][dir]' parameter in all versions up to, and including, 5.5.22 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
network
low complexity
CWE-89
7.5
7.5
2024-12-25 CVE-2024-12032 The Tourfic – Ultimate Hotel Booking, Travel Booking & Apartment Booking WordPress Plugin | WooCommerce Booking plugin for WordPress is vulnerable to SQL Injection via the 'enquiry_id' parameter of the 'tf_enquiry_reply_email_callback' function in all versions up to, and including, 2.15.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
network
low complexity
CWE-89
6.5
6.5
2024-12-24 CVE-2024-10856 The Booking Calendar WpDevArt plugin is vulnerable to time-based, blind SQL injection via the `id` parameter in the “wpdevart_booking_calendar” shortcode in versions up to, and including, 3.2.19 due to insufficient escaping on the user-supplied parameter and lack of sufficient preparation on the existing SQL query.
network
low complexity
CWE-89
6.5
6.5