VUMETRIC
CYBER PORTAL
Dashboard
Security News
Latest Vulnerabilities
Browse Vulnerabilities
by Vendors
by Products
by Categories
Weekly Reports
Vulnerabilities
> Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Exclude new CVEs:
DATE
CVE
VULNERABILITY TITLE
RISK
2024-12-24
CVE-2024-11726
The Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPress plugin for WordPress is vulnerable to SQL Injection via the 'category' parameter of the 'bookingpress_form' shortcode in all versions up to, and including, 1.1.21 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
network
low complexity
CWE-89
6.5
6.5
2024-12-24
CVE-2024-12031
The Advanced Floating Content plugin for WordPress is vulnerable to SQL Injection via the 'floating_content_duplicate_post' function in all versions up to, and including, 3.8.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
network
low complexity
CWE-89
6.5
6.5
2024-12-23
CVE-2024-12898
SQL Injection vulnerability in 1000Projects Attendance Tracking Management System 1.0
A vulnerability was found in 1000 Projects Attendance Tracking Management System 1.0.
network
low complexity
1000projects
CWE-89
critical
9.8
9.8
2024-12-23
CVE-2024-12899
SQL Injection vulnerability in 1000Projects Attendance Tracking Management System 1.0
A vulnerability was found in 1000 Projects Attendance Tracking Management System 1.0.
network
low complexity
1000projects
CWE-89
critical
9.8
9.8
2024-12-22
CVE-2024-12895
SQL Injection vulnerability in Treasurehuntgame Treasurehunt
A vulnerability has been found in TreasureHuntGame TreasureHunt up to 963e0e0 and classified as critical.
network
low complexity
treasurehuntgame
CWE-89
critical
9.8
9.8
2024-12-22
CVE-2024-12894
SQL Injection vulnerability in Treasurehuntgame Treasurehunt
A vulnerability, which was classified as critical, was found in TreasureHuntGame TreasureHunt up to 963e0e0.
network
low complexity
treasurehuntgame
CWE-89
critical
9.8
9.8
2024-12-21
CVE-2024-12884
SQL Injection vulnerability in Codezips E-Commerce Site 1.0
A vulnerability was found in Codezips E-Commerce Website 1.0.
network
low complexity
codezips
CWE-89
critical
9.8
9.8
2024-12-21
CVE-2024-11722
The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter in all versions up to, and including, 3.25.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
network
high complexity
CWE-89
5.9
5.9
2024-12-21
CVE-2024-12635
The WP Docs plugin for WordPress is vulnerable to time-based SQL Injection via the 'dir_id' parameter in all versions up to, and including, 2.2.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
network
low complexity
CWE-89
6.5
6.5
2024-12-20
CVE-2024-12832
SQL Injection vulnerability in Arista NG Firewall 17.1.1
Arista NG Firewall ReportEntry SQL Injection Arbitrary File Read and Write Vulnerability.
network
low complexity
arista
CWE-89
6.3
6.3
«
Previous
1
2
...
3
4
5
(current)
6
7
...
619
620
»
Next