Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-19 | CVE-2024-36678 | SQL Injection vulnerability in Promokit PK Themesettings 1.8.8 In the module "Theme settings" (pk_themesettings) <= 1.8.8 from Promokit.eu for PrestaShop, a guest can perform SQL injection. | 9.8 |
| 2024-06-19 | CVE-2024-36684 | SQL Injection vulnerability in Prestashop PK Customlinks In the module "Custom links" (pk_customlinks) <= 2.3 from Promokit.eu for PrestaShop, a guest can perform SQL injection. | 9.8 |
| 2024-06-18 | CVE-2024-37802 | SQL Injection vulnerability in Health Care Hospital Management System Project Health Care Hospital Management System 1.0 CodeProjects Health Care hospital Management System v1.0 was discovered to contain a SQL injection vulnerability in the Patient Info module via the searvalu parameter. | 8.8 |
| 2024-06-18 | CVE-2024-38347 | SQL Injection vulnerability in Health Care Hospital Management System Project Health Care Hospital Management System 1.0 CodeProjects Health Care hospital Management System v1.0 was discovered to contain a SQL injection vulnerability in the Room Information module via the id parameter. | 8.8 |
| 2024-06-18 | CVE-2024-38348 | SQL Injection vulnerability in Health Care Hospital Management System Project Health Care Hospital Management System 1.0 CodeProjects Health Care hospital Management System v1.0 was discovered to contain a SQL injection vulnerability in the Staff Info module via the searvalu parameter. | 8.8 |
| 2024-06-17 | CVE-2024-6043 | SQL Injection vulnerability in Mayurik Best House Rental Management System 1.0 A vulnerability classified as critical has been found in SourceCodester Best House Rental Management System 1.0. | 9.8 |
| 2024-06-14 | CVE-2024-37831 | SQL Injection vulnerability in Itsourcecode Payroll Management System 1.0 Itsourcecode Payroll Management System 1.0 is vulnerable to SQL Injection in payroll_items.php via the ID parameter. | 9.8 |
| 2024-06-14 | CVE-2024-36597 | SQL Injection vulnerability in Projectworlds Life Insurance Management System 1.0 Aegon Life v1.0 was discovered to contain a SQL injection vulnerability via the client_id parameter at clientStatus.php. | 8.8 |
| 2024-06-13 | CVE-2024-37849 | SQL Injection vulnerability in Itsourcecode Billing System 1.0 A SQL Injection vulnerability in itsourcecode Billing System 1.0 allows a local attacker to execute arbitrary code in process.php via the username parameter. | 9.8 |
| 2024-06-13 | CVE-2024-3552 | SQL Injection vulnerability in Salephpscripts web Directory Free The Web Directory Free WordPress plugin before 1.7.0 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection with different techniques like UNION, Time-Based and Error-Based. | 9.8 |