Total
17788 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-37252 | 2024-11-21 | N/A | 9.3 CRITICAL | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Icegram Email Subscribers & Newsletters allows SQL Injection.This issue affects Email Subscribers & Newsletters: from n/a through 5.7.25. | |||||
| CVE-2024-37225 | 1 Zoho | 1 Marketing Automation | 2024-11-21 | N/A | 8.5 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Zoho Marketing Automation.This issue affects Zoho Marketing Automation: from n/a through 1.2.7. | |||||
| CVE-2024-37112 | 1 Wishlist Member | 1 Wishlist Member | 2024-11-21 | N/A | 10.0 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Membership Software WishList Member X.This issue affects WishList Member X: from n/a before 3.26.7. | |||||
| CVE-2024-37090 | 1 Stylemixthemes | 2 Consulting Elementor Widgets, Masterstudy Elementor Widgets | 2024-11-21 | N/A | 8.5 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in StylemixThemes Masterstudy Elementor Widgets, StylemixThemes Consulting Elementor Widgets.This issue affects Masterstudy Elementor Widgets: from n/a through 1.2.2; Consulting Elementor Widgets: from n/a through 1.3.0. | |||||
| CVE-2024-36840 | 2024-11-21 | N/A | 9.1 CRITICAL | ||
| SQL Injection vulnerability in Boelter Blue System Management v.1.3 allows a remote attacker to execute arbitrary code and obtain sensitive information via the id parameter to news_details.php and location_details.php; and the section parameter to services.php. | |||||
| CVE-2024-36837 | 1 Crmeb | 1 Crmeb | 2024-11-21 | N/A | 7.5 HIGH |
| SQL Injection vulnerability in CRMEB v.5.2.2 allows a remote attacker to obtain sensitive information via the getProductList function in the ProductController.php file. | |||||
| CVE-2024-36779 | 1 Stock Management System Project | 1 Stock Management System | 2024-11-21 | N/A | 9.8 CRITICAL |
| Sourcecodester Stock Management System v1.0 is vulnerable to SQL Injection via editCategories.php. | |||||
| CVE-2024-36684 | 1 Prestashop | 1 Pk Customlinks | 2024-11-21 | N/A | 9.8 CRITICAL |
| In the module "Custom links" (pk_customlinks) <= 2.3 from Promokit.eu for PrestaShop, a guest can perform SQL injection. The script ajax.php have a sensitive SQL call that can be executed with a trivial http call and exploited to forge a SQL injection. | |||||
| CVE-2024-36683 | 2024-11-21 | N/A | 7.3 HIGH | ||
| SQL injection vulnerability in the module "Products Alert" (productsalert) before 1.7.4 from Smart Modules for PrestaShop allows attackers to obtain sensitive information and cause other impacts via the ProductsAlertAjaxProcessModuleFrontController::initContent method. | |||||
| CVE-2024-36681 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| SQL Injection vulnerability in the module "Isotope" (pk_isotope) <=1.7.3 from Promokit.eu for PrestaShop allows attackers to obtain sensitive information and cause other impacts via `pk_isotope::saveData` and `pk_isotope::removeData` methods. | |||||
| CVE-2024-36680 | 2024-11-21 | N/A | 7.5 HIGH | ||
| In the module "Facebook" (pkfacebook) <=1.0.1 from Promokit.eu for PrestaShop, a guest can perform SQL injection. The ajax script facebookConnect.php have a sensitive SQL call that can be executed with a trivial http call and exploited to forge a SQL injection. | |||||
| CVE-2024-36678 | 1 Promokit | 1 Pk Themesettings | 2024-11-21 | N/A | 9.8 CRITICAL |
| In the module "Theme settings" (pk_themesettings) <= 1.8.8 from Promokit.eu for PrestaShop, a guest can perform SQL injection. The script ajax.php have a sensitive SQL call that can be executed with a trivial http call and exploited to forge a SQL injection. | |||||
| CVE-2024-36673 | 1 Pharmacy\/medical Store Point Of Sale System Project | 1 Pharmacy\/medical Store Point Of Sale System | 2024-11-21 | N/A | 9.8 CRITICAL |
| Sourcecodester Pharmacy/Medical Store Point of Sale System 1.0 is vulnerable SQL Injection via login.php. This vulnerability stems from inadequate validation of user inputs for the email and password parameters, allowing attackers to inject malicious SQL queries. | |||||
| CVE-2024-36412 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | N/A | 10.0 CRITICAL |
| SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in events response entry point allows for a SQL injection attack. Versions 7.14.4 and 8.6.1 contain a fix for this issue. | |||||
| CVE-2024-36411 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | N/A | 9.6 CRITICAL |
| SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in EmailUIAjax displayView controller. Versions 7.14.4 and 8.6.1 contain a fix for this issue. | |||||
| CVE-2024-36410 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | N/A | 9.6 CRITICAL |
| SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in EmailUIAjax messages count controller. Versions 7.14.4 and 8.6.1 contain a fix for this issue. | |||||
| CVE-2024-36409 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | N/A | 9.6 CRITICAL |
| SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in Tree data entry point. Versions 7.14.4 and 8.6.1 contain a fix for this issue. | |||||
| CVE-2024-36408 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | N/A | 9.6 CRITICAL |
| SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in the `Alerts` controller. Versions 7.14.4 and 8.6.1 contain a fix for this issue. | |||||
| CVE-2024-36393 | 1 Sysaid | 1 Sysaid | 2024-11-21 | N/A | 9.9 CRITICAL |
| SysAid - CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | |||||
| CVE-2024-36082 | 1 Codepeople | 1 Music Store | 2024-11-21 | N/A | 6.5 MEDIUM |
| SQL injection vulnerability in Music Store - WordPress eCommerce versions prior to 1.1.14 allows a remote authenticated attacker with an administrative privilege to execute arbitrary SQL commands. Information stored in the database may be obtained or altered by the attacker. | |||||