Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

DATE CVE VULNERABILITY TITLE RISK
2024-10-15 CVE-2024-9974 SQL Injection vulnerability in Oretnom23 Online Eyewear Shop 1.0
A vulnerability was found in SourceCodester Online Eyewear Shop 1.0.
network
low complexity
oretnom23 CWE-89
critical
 9.8
9.8
2024-10-15 CVE-2024-9925 SQL Injection vulnerability in Taismartfactory Qplant SF 1.0
SQL injection vulnerability in TAI Smart Factory's QPLANT SF version 1.0.
network
low complexity
taismartfactory CWE-89
critical
 9.8
9.8
2024-10-15 CVE-2024-9980 SQL Injection vulnerability in Formosasoft Ee-Class
The ee-class from FormosaSoft does not properly validate a specific page parameter, allowing remote attackers with regular privileges to inject arbitrary SQL commands to read, modify and delete database contents.
network
low complexity
formosasoft CWE-89
8.8
8.8
2024-10-15 CVE-2024-9982 AIM LINE Marketing Platform from Esi Technology does not properly validate a specific query parameter.
network
low complexity
CWE-89
critical
 9.8
9.8
2024-10-15 CVE-2024-9971 SQL Injection vulnerability in Newtype Flowmaster BPM Plus
The specific query functionality in the FlowMaster BPM Plus from NewType does not properly restrict user input, allowing remote attackers with regular privileges to inject SQL commands to read, modify, or delete database contents.
network
low complexity
newtype CWE-89
8.8
8.8
2024-10-15 CVE-2024-9968 SQL Injection vulnerability in Newtype Webeip 3.0
WebEIP v3.0 from NewType does not properly validate user input, allowing remote attackers with regular privilege to inject SQL commands to read, modify, and delete data stored in database.
network
low complexity
newtype CWE-89
8.8
8.8
2024-10-14 CVE-2024-48251 SQL Injection vulnerability in Wavelog 1.8.5
Wavelog 1.8.5 allows Activated_gridmap_model.php get_band_confirmed SQL injection via band, sat, propagation, or mode.
network
low complexity
wavelog CWE-89
critical
 9.8
9.8
2024-10-14 CVE-2024-48257 SQL Injection vulnerability in Wavelog 1.8.5
Wavelog 1.8.5 allows Oqrs_model.php get_worked_modes station_id SQL injectioin.
network
low complexity
wavelog CWE-89
critical
 9.8
9.8
2024-10-14 CVE-2024-48253 SQL Injection vulnerability in Magicbug Cloudlog 2.6.15
Cloudlog 2.6.15 allows Oqrs.php delete_oqrs_line id SQL injection.
network
low complexity
magicbug CWE-89
critical
 9.8
9.8
2024-10-14 CVE-2024-48255 SQL Injection vulnerability in Magicbug Cloudlog 2.6.15
Cloudlog 2.6.15 allows Oqrs.php get_station_info station_id SQL injection.
network
low complexity
magicbug CWE-89
critical
 9.8
9.8