Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-28 | CVE-2024-9315 | SQL Injection vulnerability in Oretnom23 Employee and Visitor Gate Pass Logging System 1.0 A vulnerability was found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0. | 8.8 |
| 2024-09-28 | CVE-2024-9296 | SQL Injection vulnerability in Mayurik Advocate Office Management System 1.0 A vulnerability was found in SourceCodester Advocate Office Management System 1.0. | 9.8 |
| 2024-09-28 | CVE-2024-9295 | SQL Injection vulnerability in Mayurik Advocate Office Management System 1.0 A vulnerability was found in SourceCodester Advocate Office Management System 1.0 and classified as critical. | 9.8 |
| 2024-09-27 | CVE-2024-9293 | SQL Injection vulnerability in Skyselang Yyladmin A vulnerability classified as critical was found in skyselang yylAdmin up to 3.0. | 8.8 |
| 2024-09-27 | CVE-2024-8630 | SQL Injection vulnerability in Alisonic Sibylla Firmware Alisonic Sibylla devices are vulnerable to SQL injection attacks, which could allow complete access to the database. | 9.8 |
| 2024-09-27 | CVE-2024-8607 | SQL Injection vulnerability in Oceanicsoft Valeapp Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Oceanic Software ValeApp allows SQL Injection.This issue affects ValeApp: before v2.0.0. | 9.8 |
| 2024-09-27 | CVE-2024-9130 | SQL Injection vulnerability in Givewp The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order’ parameter in all versions up to, and including, 3.16.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 7.2 |
| 2024-09-25 | CVE-2024-8275 | SQL Injection vulnerability in Stellarwp the Events Calendar The The Events Calendar plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the 'tribe_has_next_event' function in all versions up to, and including, 6.6.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 9.8 |
| 2024-09-25 | CVE-2024-7385 | SQL Injection vulnerability in Freelancer-Coder Wordpress Simple Html Sitemap The WordPress Simple HTML Sitemap plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 7.2 |
| 2024-09-25 | CVE-2024-8484 | SQL Injection vulnerability in Jianbo Rest API to Miniprogram The REST API TO MiniProgram plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the /wp-json/watch-life-net/v1/comment/getcomments REST API endpoint in all versions up to, and including, 4.7.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 7.5 |