Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-13 | CVE-2024-4145 | SQL Injection vulnerability in Wp-Media Search & Replace The Search & Replace WordPress plugin before 3.2.2 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks (such as within a multi-site network). | 7.2 |
| 2024-06-13 | CVE-2024-3922 | SQL Injection vulnerability in Dokan PRO Plugin 3.10.3 The Dokan Pro plugin for WordPress is vulnerable to SQL Injection via the 'code' parameter in all versions up to, and including, 3.10.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 9.8 |
| 2024-06-12 | CVE-2024-1576 | SQL Injection vulnerability in Megabip 4.36.2 SQL Injection vulnerability in MegaBIP software allows attacker to obtain site administrator privileges, including access to the administration panel and the ability to change the administrator password. This issue affects MegaBIP software versions through 5.09. | 9.8 |
| 2024-06-10 | CVE-2024-36411 | SQL Injection vulnerability in Salesagility Suitecrm SuiteCRM is an open-source Customer Relationship Management (CRM) software application. | 8.8 |
| 2024-06-10 | CVE-2024-36412 | SQL Injection vulnerability in Salesagility Suitecrm SuiteCRM is an open-source Customer Relationship Management (CRM) software application. | 9.8 |
| 2024-06-10 | CVE-2024-36409 | SQL Injection vulnerability in Salesagility Suitecrm SuiteCRM is an open-source Customer Relationship Management (CRM) software application. | 8.8 |
| 2024-06-10 | CVE-2024-36410 | SQL Injection vulnerability in Salesagility Suitecrm SuiteCRM is an open-source Customer Relationship Management (CRM) software application. | 8.8 |
| 2024-06-10 | CVE-2024-36408 | SQL Injection vulnerability in Salesagility Suitecrm SuiteCRM is an open-source Customer Relationship Management (CRM) software application. | 8.8 |
| 2024-06-07 | CVE-2024-30163 | SQL Injection vulnerability in Invisioncommunity Invision Community before 4.7.16 allow SQL injection via the applications/nexus/modules/front/store/store.php IPS\nexus\modules\front\store\_store::_categoryView() method, where user input passed through the filter request parameter is not properly sanitized before being used to execute SQL queries. | 9.8 |
| 2024-06-07 | CVE-2024-36673 | SQL Injection vulnerability in Pharmacy/Medical Store Point of Sale System Project Pharmacy/Medical Store Point of Sale System 1.0 Sourcecodester Pharmacy/Medical Store Point of Sale System 1.0 is vulnerable SQL Injection via login.php. | 9.8 |