Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-05-22 | CVE-2024-20360 | SQL Injection vulnerability in Cisco Secure Firewall Management Center A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. | 8.8 |
| 2024-05-16 | CVE-2024-4609 | SQL Injection vulnerability in Rockwellautomation Factorytalk View 10.0 A vulnerability exists in the Rockwell Automation FactoryTalk® View SE Datalog function that could allow a threat actor to inject a malicious SQL statement if the SQL database has no authentication in place or if legitimate credentials were stolen. | 9.8 |
| 2024-05-16 | CVE-2024-4318 | SQL Injection vulnerability in Themeum Tutor LMS The Tutor LMS plugin for WordPress is vulnerable to time-based SQL Injection via the ‘question_id’ parameter in versions up to, and including, 2.7.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 6.5 |
| 2024-05-14 | CVE-2024-3055 | SQL Injection vulnerability in Unlimited-Elements Unlimited Elements for Elementor The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to time-based SQL Injection via the ‘id’ parameter in all versions up to, and including, 1.5.102 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 8.8 |
| 2024-05-14 | CVE-2024-31445 | SQL Injection vulnerability in multiple products Cacti provides an operational monitoring and fault management framework. | 8.8 |
| 2024-05-14 | CVE-2024-31458 | SQL Injection vulnerability in multiple products Cacti provides an operational monitoring and fault management framework. | 8.0 |
| 2024-05-14 | CVE-2024-31460 | SQL Injection vulnerability in multiple products Cacti provides an operational monitoring and fault management framework. | 8.8 |
| 2024-05-08 | CVE-2024-21793 | SQL Injection vulnerability in F5 Big-Ip Next Central Manager 20.1.0 An OData injection vulnerability exists in the BIG-IP Next Central Manager API (URI). Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 9.8 |
| 2024-05-08 | CVE-2024-26026 | SQL Injection vulnerability in F5 Big-Ip Next Central Manager 20.1.0 An SQL injection vulnerability exists in the BIG-IP Next Central Manager API (URI). Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | 9.8 |
| 2024-05-07 | CVE-2024-29889 | SQL Injection vulnerability in Glpi-Project Glpi GLPI is a Free Asset and IT Management Software package. | 8.1 |