Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-12 | CVE-2024-40541 | SQL Injection vulnerability in Codermy My-Springsecurity-Plus my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /api/dept/build. | 9.8 |
| 2024-07-12 | CVE-2024-40542 | SQL Injection vulnerability in Codermy My-Springsecurity-Plus my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /api/role?offset. | 9.8 |
| 2024-07-11 | CVE-2024-22280 | SQL Injection vulnerability in VMWare Aria Automation and Cloud Foundation VMware Aria Automation does not apply correct input validation which allows for SQL-injection in the product. An authenticated malicious user could enter specially crafted SQL queries and perform unauthorised read/write operations in the database. | 8.1 |
| 2024-07-10 | CVE-2024-37148 | SQL Injection vulnerability in Glpi-Project Glpi GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. | 8.1 |
| 2024-07-09 | CVE-2024-37873 | SQL Injection vulnerability in Itsourcecode Payroll Management System Project in PHP With Source Code 1.0 SQL injection vulnerability in view_payslip.php in Itsourcecode Payroll Management System Project In PHP With Source Code 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 9.8 |
| 2024-07-09 | CVE-2024-3604 | SQL Injection vulnerability in Hyumika Openstreetmap The OSM – OpenStreetMap plugin for WordPress is vulnerable to SQL Injection via the 'tagged_filter' attribute of the 'osm_map_v3' shortcode in all versions up to, and including, 6.0.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 8.8 |
| 2024-07-08 | CVE-2024-39677 | SQL Injection vulnerability in Nhibernate Nhibernate-Core NHibernate is an object-relational mapper for the .NET framework. | 9.8 |
| 2024-07-05 | CVE-2024-39027 | SQL Injection vulnerability in Seacms 12.9 SeaCMS v12.9 has an unauthorized SQL injection vulnerability. | 7.5 |
| 2024-07-02 | CVE-2024-6172 | SQL Injection vulnerability in Icegram Email Subscribers & Newsletters The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to time-based SQL Injection via the db parameter in all versions up to, and including, 5.7.25 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 9.8 |
| 2024-07-02 | CVE-2024-5606 | SQL Injection vulnerability in Expresstech Quiz and Survey Master The Quiz and Survey Master (QSM) WordPress plugin before 9.0.2 is vulnerable does not validate and escape the question_id parameter in the qsm_bulk_delete_question_from_database AJAX action, leading to a SQL injection exploitable by Contributors and above role | 8.8 |