Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-29 | CVE-2023-7105 | SQL Injection vulnerability in Fabianros E-Commerce Website 1.0 A vulnerability was found in code-projects E-Commerce Website 1.0. | 9.8 |
| 2024-02-29 | CVE-2023-7106 | SQL Injection vulnerability in Fabianros E-Commerce Website 1.0 A vulnerability was found in code-projects E-Commerce Website 1.0. | 8.8 |
| 2024-02-29 | CVE-2023-7107 | SQL Injection vulnerability in Fabianros E-Commerce Website 1.0 A vulnerability was found in code-projects E-Commerce Website 1.0. | 9.8 |
| 2024-02-28 | CVE-2024-24772 | SQL Injection vulnerability in Apache Superset A guest user could exploit a chart data REST API and send arbitrary SQL statements that on error could leak information from the underlying analytics database.This issue affects Apache Superset: before 3.0.4, from 3.1.0 before 3.1.1. Users are recommended to upgrade to version 3.1.1 or 3.0.4, which fixes the issue. | 4.3 |
| 2024-02-28 | CVE-2024-1514 | SQL Injection vulnerability in Wp-Ecommerce WP Ecommerce The WP eCommerce plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'cart_contents' parameter in all versions up to, and including, 3.15.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 7.5 |
| 2024-02-26 | CVE-2024-1876 | SQL Injection vulnerability in Razormist Employee Management System 1.0 A vulnerability was found in SourceCodester Employee Management System 1.0. | 9.8 |
| 2024-02-26 | CVE-2024-1877 | SQL Injection vulnerability in Razormist Employee Management System 1.0 A vulnerability was found in SourceCodester Employee Management System 1.0. | 8.8 |
| 2024-02-26 | CVE-2024-1878 | SQL Injection vulnerability in Razormist Employee Management System 1.0 A vulnerability was found in SourceCodester Employee Management System 1.0. | 8.8 |
| 2024-02-23 | CVE-2024-1776 | SQL Injection vulnerability in Zestard Admin Side Data Storage for Contact Form 7 1.0.0/1.1.0/1.1.1 The Admin side data storage for Contact Form 7 plugin for WordPress is vulnerable to SQL Injection via the 'form-id' parameter in all versions up to, and including, 1.1.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 7.2 |
| 2024-02-19 | CVE-2024-1597 | SQL Injection vulnerability in multiple products pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. | 9.8 |