Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

DATE CVE VULNERABILITY TITLE RISK
2024-09-05 CVE-2024-8470 SQL Injection vulnerability in PHPgurukul JOB Portal 1.0
SQL injection vulnerability, by which an attacker could send a specially designed query through CATEGORY parameter in /jobportal/admin/vacancy/controller.php, and retrieve all the information stored in it.
network
low complexity
phpgurukul CWE-89
7.5
7.5
2024-09-04 CVE-2024-8416 SQL Injection vulnerability in Oretnom23 Food Ordering Management System 1.0
A vulnerability was found in SourceCodester Food Ordering Management System 1.0.
network
low complexity
oretnom23 CWE-89
critical
 9.8
9.8
2024-09-04 CVE-2024-8415 SQL Injection vulnerability in Oretnom23 Food Ordering Management System 1.0
A vulnerability was found in SourceCodester Food Ordering Management System 1.0 and classified as critical.
network
low complexity
oretnom23 CWE-89
critical
 9.8
9.8
2024-09-04 CVE-2024-7076 SQL Injection vulnerability in Semtekyazilim Semtek Sempos
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Semtek Informatics Software Consulting Inc.
network
low complexity
semtekyazilim CWE-89
critical
 9.8
9.8
2024-09-04 CVE-2024-7078 SQL Injection vulnerability in Semtekyazilim Semtek Sempos
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Semtek Informatics Software Consulting Inc.
network
low complexity
semtekyazilim CWE-89
critical
 9.8
9.8
2024-09-04 CVE-2024-6926 SQL Injection vulnerability in Wow-Company Viral Signup
The Viral Signup WordPress plugin through 2.1 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection
network
low complexity
wow-company CWE-89
critical
 9.8
9.8
2024-09-03 CVE-2024-44921 SQL Injection vulnerability in Seacms 12.9
SeaCMS v12.9 was discovered to contain a SQL injection vulnerability via the id parameter at /dmplayer/dmku/index.php?ac=del.
network
low complexity
seacms CWE-89
critical
 9.8
9.8
2024-09-03 CVE-2024-8380 SQL Injection vulnerability in Rems Contact Manager With Export to VCF 1.0
A vulnerability was found in SourceCodester Contact Manager with Export to VCF 1.0.
network
low complexity
rems CWE-89
critical
 9.8
9.8
2024-09-02 CVE-2024-6919 SQL Injection vulnerability in NAC Nacpremium
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NAC Telecommunication Systems Inc.
network
low complexity
nac CWE-89
critical
 9.8
9.8
2024-09-02 CVE-2024-43772 SQL Injection vulnerability in Easytest Online Test Platform
SQL Injection in download student learning course function of Easytest Online Test Platform ver.24E01 and earlier allow remote attackers to execute arbitrary SQL commands via the uid parameter.
network
low complexity
easytest CWE-89
critical
 9.8
9.8