Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

DATE CVE VULNERABILITY TITLE RISK
2025-01-09 CVE-2025-0336 SQL Injection vulnerability in Codezips Project Management System 1.0
A vulnerability was found in Codezips Project Management System 1.0.
network
low complexity
codezips CWE-89
critical
 9.8
9.8
2025-01-09 CVE-2025-0340 SQL Injection vulnerability in Code-Projects Cinema Seat Reservation System 1.0
A vulnerability classified as critical was found in code-projects Cinema Seat Reservation System 1.0.
network
low complexity
code-projects CWE-89
critical
 9.8
9.8
2025-01-08 CVE-2024-13193 SQL Injection vulnerability in Sem-Cms Semcms
A vulnerability has been found in SEMCMS up to 4.8 and classified as critical.
network
low complexity
sem-cms CWE-89
4.9
4.9
2025-01-08 CVE-2024-11939 The Cost Calculator Builder PRO plugin for WordPress is vulnerable to blind time-based SQL Injection via the ‘data’ parameter in all versions up to, and including, 3.2.15 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
network
low complexity
CWE-89
7.5
7.5
2025-01-08 CVE-2024-12030 SQL Injection vulnerability in Pluginus Wordpress Meta Data and Taxonomies Filter
The MDTF – Meta Data and Taxonomies Filter plugin for WordPress is vulnerable to SQL Injection via the 'key' attribute of the 'mdf_value' shortcode in all versions up to, and including, 1.3.3.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
network
low complexity
pluginus CWE-89
6.5
6.5
2025-01-07 CVE-2025-0299 SQL Injection vulnerability in Code-Projects Online Book Shop 1.0
A vulnerability classified as critical has been found in code-projects Online Book Shop 1.0.
network
low complexity
code-projects CWE-89
critical
 9.8
9.8
2025-01-07 CVE-2025-0298 SQL Injection vulnerability in Code-Projects Online Book Shop 1.0
A vulnerability was found in code-projects Online Book Shop 1.0.
network
low complexity
code-projects CWE-89
critical
 9.8
9.8
2025-01-07 CVE-2024-12157 The Popup – MailChimp, GetResponse and ActiveCampaign Intergrations plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter of the 'upc_delete_db_record' AJAX action in all versions up to, and including, 3.2.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
network
low complexity
CWE-89
7.5
7.5
2025-01-07 CVE-2024-12332 The School Management System – WPSchoolPress plugin for WordPress is vulnerable to SQL Injection via the 'cid' parameter in all versions up to, and including, 2.2.14 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
network
low complexity
CWE-89
6.5
6.5
2025-01-07 CVE-2024-11437 The Timeline Designer plugin for WordPress is vulnerable to SQL Injection via the 's' parameter in all versions up to, and including, 1.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
network
low complexity
CWE-89
4.9
4.9