CVE-2024-39766

Improper neutralization of special elements used in SQL command in some IntelR Neural Compressor software before version v3.0 may allow an authenticated user to potentially enable escalation of privilege via local access...

CVE-2024-43415

An improper neutralization of special elements used in an SQL command in the papertrail/version- model of the decidimawesome-module 0.9.0 allows an authenticated admin user to manipulate sql queries to disclose information, read and write files or execute commands...

CVE-2024-43415 Decidim-Awesome: SQL injection in AdminAccountability

An improper neutralization of special elements used in an SQL command in the papertrail/version- model of the decidimawesome-module 0.9.0 allows an authenticated admin user to manipulate sql queries to disclose information, read and write files or execute commands...

CVE-2024-43415 Decidim-Awesome: SQL injection in AdminAccountability

An improper neutralization of special elements used in an SQL command in the papertrail/version- model of the decidimawesome-module 0.9.0 allows an authenticated admin user to manipulate sql queries to disclose information, read and write files or execute commands...

CVE-2024-43415

CVE-2024-43415 — A SQL injection in the decidim_awesome-module (papertrail/version-model) allows an authenticated admin to manipulate SQL queries in vulnerable versions (0.9.0–0.11.1). This can lead to information disclosure, filesystem read/write, or remote code execution. Root cause: improper n...

CVE-2024-10440 Sunnet eHRD CTMS - SQL Injection

The eHDR CTMS from Sunnet has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL command to read, modify, and delete database contents...

CVE-2024-47328

CVE-2024-47328 is an SQL Injection vulnerability in the WordPress plugin FunnelKit Automation By Autonami . It affects versions up to 3.1.2 and stems from improper neutralization of SQL commands. Exploitation requires Administrator privileges, with network attack potential and impact on confident...

CVE-2024-49244 WordPress SV Product Import Export for WooCommerce plugin <= 1.0.0 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in vrinsoft CSV Product Import Export for WooCommerce csv-wc-product-import-export.This issue affects CSV Product Import Export for WooCommerce: from n/a through = 1.0.0...

ROS-20241009-01

Vulnerability in libcmalloc component of virtuoso-opensource web application development platform is related to incorrect neutralization of special elements used in SQL command. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service by using special...

CVE-2024-47911

In SonarSource SonarQube 10.4–10.5 (before 10.6), a vulnerability exists in the authorizations/group-memberships API endpoint that allows users with the administrator role to inject blind SQL commands. The issue is triggered via the group-memberships authorization path, enabling SQL injection wit...

CVE-2024-39843

A SQL injection vulnerability in Centreon 24.04.2 allows a remote high-privileged attacker to execute arbitrary SQL command via create user form inputs...

CVE-2024-39843

A SQL injection vulnerability in Centreon 24.04.2 allows a remote high-privileged attacker to execute arbitrary SQL command via create user form inputs...

CVE-2024-39842

A SQL injection vulnerability in Centreon 24.04.2 allows a remote high-privileged attacker to execute arbitrary SQL command via user massive changes inputs...

CVE-2024-39842

A SQL injection vulnerability in Centreon 24.04.2 allows a remote high-privileged attacker to execute arbitrary SQL command via user massive changes inputs...

CVE-2024-39842

A SQL injection vulnerability in Centreon 24.04.2 allows a remote high-privileged attacker to execute arbitrary SQL command via user massive changes inputs...

CVE-2024-39843

Centreon 24.04.2 is affected by a SQL injection vulnerability that allows a remote attacker to execute arbitrary SQL commands via the create user form inputs. Multiple sources describe the flaw as arising from lack of input validation when building SQL queries, enabling privilege escalation in af...

CVE-2024-44004

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Arni Cinco WPCargo Track & Trace wpcargo allows SQL Injection.This issue affects WPCargo Track & Trace: from n/a through = 8.0.2...

CVE-2024-8523

A vulnerability was found in lmxcms up to 1.4 and classified as critical. Affected by this issue is the function formatData of the file /admin.php?m=Acquisi&a=testcj&lid=1 of the component SQL Command Execution Module. The manipulation of the argument data leads to code injection. The attack may ...

CVE-2024-8523 lmxcms SQL Command Execution Module admin.php formatData code injection

A vulnerability was found in lmxcms up to 1.4 and classified as critical. Affected by this issue is the function formatData of the file /admin.php?m=Acquisi&a=testcj&lid=1 of the component SQL Command Execution Module. The manipulation of the argument data leads to code injection. The attack may ...

CVE-2024-8523

CVE-2024-8523 affects lmxcms up to version 1.4. The vulnerable component is the function formatData in the file /admin.php?m=Acquisi&a=testcj&lid=1 of the SQL Command Execution Module . Manipulation of the argument data leads to code injection. The issue can be exploited remotely, and the exploit...