| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Lucian Apostol Auto Affiliate Links.This issue affects Auto Affiliate Links: from n/a through 6.4.3.1.
|
| NUP Pro developed by NewType Infortech has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents. |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Arne Informatics Piramit Automation allows Blind SQL Injection.This issue affects Piramit Automation: before 27.09.2024. |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ExpressTech Quiz And Survey Master.This issue affects Quiz And Survey Master: from n/a through 8.1.4.
|
| SQL injection vulnerability in Summar Software´s Portal del Empleado. This vulnerability allows an attacker to retrieve, create, update, and delete the database by sending a POST request using the parameter “ctl00$ContentPlaceHolder1$filtroNombre” in “/MemberPages/quienesquien.aspx”. |
| SQL injection vulnerability in KnowBand for PrestaShop autosuggest before 2.0.0 allows an attacker to run arbitrary SQL commands via the AutosuggestSearchModuleFrontController::initContent(), and AutosuggestSearchModuleFrontController::getKbProducts() components. |
| The Hero Slider - WordPress Slider Plugin plugin for WordPress is vulnerable to SQL Injection via several parameters in all versions up to, and including, 1.3.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. |
| SQL Injection vulnerability in Digincube mdgiftproduct before 1.4.1 allows an attacker to run arbitrary SQL commands via the MdGiftRule::addGiftToCart method. |
| The vulnerability allows any application installed on the device to read SMS/MMS data and metadata from the system-provided Telephony provider without permission, user interaction, or consent. The user is also not notified that SMS data is being accessed. This could lead to sensitive information disclosure and could effectively break the security provided by SMS-based Multi-Factor Authentication (MFA) checks.
The root cause is a combination of missing permissions for write operations in several content providers (com.android.providers.telephony.PushMessageProvider, com.android.providers.telephony.PushShopProvider, com.android.providers.telephony.ServiceNumberProvider), and a blind SQL injection in the update method of those providers. |
| SQL Injection vulnerability in Reportico Till 8.1.0 allows attackers to obtain sensitive information or other system information via the project parameter. |
| There is a SQL injection issue in Esri ArcGIS Monitor versions 2023.0 through 2024.x on Windows and Linux that allows a remote, authenticated attacker with low privileges to improperly read limited database schema information by passing crafted queries. While it is possible to enumerate some internal database identifiers, the impact to the confidentiality vector is "LOW' because any sensitive data returned in a response is encrypted. There is no evidence of impact to the integrity or availability vectors. This issue is addressed in ArcGIS Monitor 2024.1. |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Xenioushk BWL Advanced FAQ Manager.This issue affects BWL Advanced FAQ Manager: from n/a through 2.0.3.
|
| SEO Panel versions prior to 4.9.0 contain a blind SQL injection vulnerability in the archive.php page that allows authenticated attackers to manipulate database queries through the 'order_col' parameter. Attackers can use sqlmap to exploit the vulnerability and extract database information by injecting malicious SQL code into the order column parameter. |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Nasirahmed Forms to Zapier, Integromat, IFTTT, Workato, Automate.Io, elastic.Io, Built.Io, APIANT, Webhook.This issue affects Forms to Zapier, Integromat, IFTTT, Workato, Automate.Io, elastic.Io, Built.Io, APIANT, Webhook: from n/a through 1.1.12.
|
| Avi Load Balancer contains an unauthenticated blind SQL Injection vulnerability which was privately reported to VMware. Patches are available to remediate this vulnerability in affected VMware products.
A malicious user with network access may be able to use specially crafted SQL queries to gain database access. |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Boceksoft Informatics E-Travel allows SQL Injection.This issue affects E-Travel: before 15.12.2024. |
| DNNGo xBlog v6.5.0 was discovered to contain a SQL injection vulnerability via the Categorys parameter at /DNNGo_xBlog/Resource_Service.aspx. |
| SQL Injection vulnerability in Helloshop deliveryorderautoupdate v.2.8.1 and before allows an attacker to run arbitrary SQL commands via the DeliveryorderautoupdateOrdersModuleFrontController::initContent function. |
| The Timetable and Event Schedule by MotoPress plugin for WordPress is vulnerable to SQL Injection via the 'events' attribute of the 'mp-timetable' shortcode in all versions up to, and including, 2.4.11 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. |
| A SQL injection vulnerability in login portal in AnteeoWMS before v4.7.34 allows unauthenticated attackers to execute arbitrary SQL commands via the username parameter and disclosure of some data in the underlying DB. |
