470 matches found
CVE-2024-30494
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in 沈唁 OSS Aliyun.This issue affects OSS Aliyun: from n/a through 1.4.10...
CVE-2024-30490
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.8...
CVE-2024-30502
CVE-2024-30502 affects WP Travel Engine (WordPress) up to version 5.7.9, with an unauthenticated SQL Injection caused by improper neutralization of input in the plugin. This can lead to full confidentiality, integrity, and availability impact as indicated by CVSS scores (NVD: 9.8 CRITICAL; ATT&CK...
CVE-2024-30499
CVE-2024-30499 corresponds to the CRM Perks Forms SQL Injection in the WordPress plugin. The initial description states an improper neutralization of SQL commands affecting CRM Perks Forms versions from n/a up to 1.1.4. Connected sources confirm a critical, unauthenticated or possibly authenticat...
CVE-2024-30495
CVE-2024-30495 is a SQL Injection in Falang multilanguage for WordPress (Falang plugin) affecting versions up to 1.3.47. The issue is an SQL injection via improper neutralization of input in Falang’s language handling. The Red Hat/WordPress ecosystem records this as patched; mitigation is to appl...
CVE-2024-30488
CVE-2024-30488 is tied to the Zotpress WordPress plugin (Zotpress, affected: n/a through 7.3.7) and is characterized as an SQL Injection. The linked Red Hat/WordFence entries confirm the issue exists as an authenticated (Contributor+) SQL injection against Zotpress and note a patched status, indi...
CVE-2024-30486
CVE-2024-30486 is an authenticated SQL injection in the WordPress plugin Media Library Folders (Media Library Folders: 8.1.7 and earlier). The issue arises from improper neutralization of input in SQL commands, enabling an attacker with Author+ or higher permissions to manipulate queries. The vul...
CVE-2023-39309
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in ThemeFusion Fusion Builder.This issue affects Fusion Builder: from n/a through 3.11.1...
CVE-2024-29239
Summary (CVE-2024-29239) : A SQL injection vulnerability exists in the Recording.CountByCategory webapi component of Synology Surveillance Station prior to 9.2.0-11289 and 9.2.0-9289. The issue stems from improper neutralization of special elements in SQL commands, enabling remote authenticated u...
CVE-2024-29236
Synology Surveillance Station is affected by CVE-2024-29236 due to an SQL injection vulnerability in the AudioPattern.Delete webapi component. The flaw arises from improper neutralization of special elements used in SQL commands, enabling remote authenticated users to read the database and cause ...
CVE-2024-29230
Improper neutralization of special elements used in an SQL command 'SQL Injection' vulnerability in SnapShot.CountByCategory webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to read database containing non-sensitive information...
CVE-2024-30241
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.1...
CVE-2024-30236
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery contest-gallery.This issue affects Contest Gallery: from n/a through = 21.3.4...
CVE-2024-30241
CVE-2024-30241 is an SQL Injection in ProfileGrid (WordPress plugin) affecting ProfileGrid versions through 5.7.1. Exploitation requires at least Contributor+ access (authenticated). A fix is available in 5.7.2 (and later); update to a patched release to mitigate. Other connected sources corrobor...
CVE-2024-30243
CVE-2024-30243 is an SQL Injection affecting the WordPress Tooltips plugin prior to 9.4.5, caused by improper neutralization of SQL elements. The metric indicates a base CVSS v3.1 score of 8.5 (HIGH) with network attack vector, low attack complexity, and user interaction NONE. Affected software: ...
CVE-2024-30244
CVE-2024-30244 affects the WordPress plugin Church Admin (versions
CVE-2024-30238
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery contest-gallery.This issue affects Contest Gallery: from n/a through = 21.3.2...
CVE-2024-30238
CVE-2024-30238 affects the WordPress Photos and Files Contest Gallery plugin (
ROS-20240322-02
Vulnerability of REFRESH MATERIALIZED VIEW CONCURRENTLY function of PostgreSQL database management system is related to privilege management errors in processing and checking command line parameters. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary SQ...
BIT-POSTGRESQL-2020-14349
It was found that PostgreSQL versions before 12.4, before 11.9 and before 10.14 did not properly sanitize the searchpath during logical replication. An authenticated attacker could use this flaw in an attack similar to CVE-2018-1058, in order to execute arbitrary SQL command in the context of the...