Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-12 | CVE-2024-34785 | SQL Injection vulnerability in Ivanti Endpoint Manager An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | 7.2 |
| 2024-09-11 | CVE-2024-27112 | SQL Injection vulnerability in Soplanning A unauthenticated SQL Injection has been found in the SO Planning tool that occurs when the public view setting is enabled. | 9.8 |
| 2024-09-11 | CVE-2019-25212 | SQL Injection vulnerability in I13Websolution Video Carousel Slider With Lightbox The video carousel slider with lightbox plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 1.0.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 7.2 |
| 2024-09-10 | CVE-2024-8191 | SQL Injection vulnerability in Ivanti Endpoint Manager SQL injection in the management console of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to achieve remote code execution. | 9.8 |
| 2024-09-09 | CVE-2024-8611 | SQL Injection vulnerability in Angeljudesuarez Tailoring Management System 1.0 A vulnerability classified as critical was found in itsourcecode Tailoring Management System 1.0. | 9.8 |
| 2024-09-09 | CVE-2024-6795 | SQL Injection vulnerability in Baxter Connex Health Portal In Connex health portal released before8/30/2024, SQL injection vulnerabilities were found that could have allowed an unauthenticated attacker to gain unauthorized access to Connex portal's database. An attacker could have submitted a crafted payload to Connex portal that could have resulted in modification and disclosure of database content and/or perform administrative operations including shutting down the database. | 9.8 |
| 2024-09-08 | CVE-2024-8570 | SQL Injection vulnerability in Angeljudesuarez Tailoring Management System 1.0 A vulnerability was found in itsourcecode Tailoring Management System 1.0 and classified as critical. | 9.8 |
| 2024-09-08 | CVE-2024-6924 | SQL Injection vulnerability in Themetechmount Truebooker The TrueBooker WordPress plugin before 1.0.3 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection. | 9.8 |
| 2024-09-08 | CVE-2024-6928 | SQL Injection vulnerability in Opti.Marketing Opti Marketing The Opti Marketing WordPress plugin through 2.0.9 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection. | 9.8 |
| 2024-09-08 | CVE-2024-8569 | SQL Injection vulnerability in Fabianros Hospital Management System 1.0 A vulnerability has been found in code-projects Hospital Management System 1.0 and classified as critical. | 9.8 |