Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

DATE CVE VULNERABILITY TITLE RISK
2024-08-29 CVE-2024-29727 SQL Injection vulnerability in Sportsnet 4.0.1
SQL injection vulnerabilities in SportsNET affecting version 4.0.1.
network
low complexity
sportsnet CWE-89
critical
 9.8
9.8
2024-08-29 CVE-2024-29728 SQL Injection vulnerability in Sportsnet 4.0.1
SQL injection vulnerabilities in SportsNET affecting version 4.0.1.
network
low complexity
sportsnet CWE-89
critical
 9.8
9.8
2024-08-29 CVE-2024-29729 SQL Injection vulnerability in Sportsnet 4.0.1
SQL injection vulnerabilities in SportsNET affecting version 4.0.1.
network
low complexity
sportsnet CWE-89
critical
 9.8
9.8
2024-08-29 CVE-2024-29730 SQL Injection vulnerability in Sportsnet 4.0.1
SQL injection vulnerabilities in SportsNET affecting version 4.0.1.
network
low complexity
sportsnet CWE-89
critical
 9.8
9.8
2024-08-29 CVE-2024-29731 SQL Injection vulnerability in Sportsnet 4.0.1
SQL injection vulnerabilities in SportsNET affecting version 4.0.1.
network
low complexity
sportsnet CWE-89
critical
 9.8
9.8
2024-08-29 CVE-2024-7607 SQL Injection vulnerability in Etoilewebdesign Front END Users
The Front End Users plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order’ parameter in all versions up to, and including, 3.2.28 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
network
low complexity
etoilewebdesign CWE-89
8.8
8.8
2024-08-29 CVE-2024-7857 The Media Library Folders plugin for WordPress is vulnerable to second order SQL Injection via the 'sort_type' parameter of the 'mlf_change_sort_type' AJAX action in all versions up to, and including, 8.2.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
network
low complexity
CWE-89
critical
 9.8
9.8
2024-08-28 CVE-2024-45059 SQL Injection vulnerability in Portabilis I-Educar
i-Educar is free, fully online school management software that can be used by school secretaries, teachers, coordinators, and area managers.
network
low complexity
portabilis CWE-89
8.8
8.8
2024-08-28 CVE-2024-41236 SQL Injection vulnerability in Lopalopa Responsive School Management System 3.2.0
A SQL injection vulnerability in /smsa/admin_login.php in Kashipara Responsive School Management System v3.2.0 allows an attacker to execute arbitrary SQL commands via the "username" parameter of the Admin Login Page
network
low complexity
lopalopa CWE-89
7.2
7.2
2024-08-28 CVE-2024-5546 SQL Injection vulnerability in Zohocorp Manageengine Pam360
Zohocorp ManageEngine Password Manager Pro versions before 12431 and ManageEngine PAM360 versions before 7001 are affected by authenticated SQL Injection vulnerability via a global search option.
network
low complexity
zohocorp CWE-89
8.8
8.8