Total
11922 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-36840 | 2024-07-03 | N/A | 9.1 CRITICAL | ||
| SQL Injection vulnerability in Boelter Blue System Management v.1.3 allows a remote attacker to execute arbitrary code and obtain sensitive information via the id parameter to news_details.php and location_details.php; and the section parameter to services.php. | |||||
| CVE-2024-36837 | 1 Crmeb | 1 Crmeb | 2024-07-03 | N/A | 7.5 HIGH |
| SQL Injection vulnerability in CRMEB v.5.2.2 allows a remote attacker to obtain sensitive information via the getProductList function in the ProductController.php file. | |||||
| CVE-2024-36681 | 2024-07-03 | N/A | 9.8 CRITICAL | ||
| SQL Injection vulnerability in the module "Isotope" (pk_isotope) <=1.7.3 from Promokit.eu for PrestaShop allows attackers to obtain sensitive information and cause other impacts via `pk_isotope::saveData` and `pk_isotope::removeData` methods. | |||||
| CVE-2024-36680 | 2024-07-03 | N/A | 7.5 HIGH | ||
| In the module "Facebook" (pkfacebook) <=1.0.1 from Promokit.eu for PrestaShop, a guest can perform SQL injection. The ajax script facebookConnect.php have a sensitive SQL call that can be executed with a trivial http call and exploited to forge a SQL injection. | |||||
| CVE-2024-36678 | 2024-07-03 | N/A | 9.8 CRITICAL | ||
| In the module "Theme settings" (pk_themesettings) <= 1.8.8 from Promokit.eu for PrestaShop, a guest can perform SQL injection. The script ajax.php have a sensitive SQL call that can be executed with a trivial http call and exploited to forge a SQL injection. | |||||
| CVE-2024-35511 | 2024-07-03 | N/A | 4.7 MEDIUM | ||
| phpgurukul Men Salon Management System v2.0 is vulnerable to SQL Injection via the "username" parameter of /msms/admin/index.php. | |||||
| CVE-2024-35361 | 2024-07-03 | N/A | 9.8 CRITICAL | ||
| MTab Bookmark v1.9.5 has an SQL injection vulnerability in /LinkStore/getIcon. An attacker can execute arbitrary SQL statements through this vulnerability without requiring any user rights. | |||||
| CVE-2024-35357 | 2024-07-03 | N/A | 5.3 MEDIUM | ||
| A vulnerability has been discovered in Diño Physics School Assistant version 2.3. The vulnerability impacts an unidentified code within the file /classes/Master.php?f=delete_item. Manipulating the argument id can result in SQL injection. | |||||
| CVE-2024-35356 | 2024-07-03 | N/A | 6.3 MEDIUM | ||
| A vulnerability has been discovered in Diño Physics School Assistant version 2.3. The vulnerability impacts an unidentified code within the file /classes/Master.php?f=save_item. Manipulating the argument id can result in SQL injection. | |||||
| CVE-2024-35350 | 2024-07-03 | N/A | 9.8 CRITICAL | ||
| A vulnerability has been discovered in Diño Physics School Assistant version 2.3. The vulnerability impacts an unidentified code within the file /admin/?page=borrow/view_borrow. Manipulating the argument id can result in SQL injection. | |||||
| CVE-2024-35086 | 2024-07-03 | N/A | 9.8 CRITICAL | ||
| J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the findPage function in BpmTaskFromMapper.xml . | |||||
| CVE-2024-35084 | 2024-07-03 | N/A | 9.8 CRITICAL | ||
| J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the findPage function in SysMsgPushMapper.xml. | |||||
| CVE-2024-34994 | 2024-07-03 | N/A | 9.8 CRITICAL | ||
| In the module "Channable" (channable) up to version 3.2.1 from Channable for PrestaShop, a guest can perform SQL injection via `ChannableFeedModuleFrontController::postProcess()`. | |||||
| CVE-2024-34992 | 2024-07-03 | N/A | 8.8 HIGH | ||
| SQL Injection vulnerability in the module "Help Desk - Customer Support Management System" (helpdesk) up to version 2.4.0 from FME Modules for PrestaShop allows attackers to obtain sensitive information and cause other impacts via 'Tickets::getsearchedtickets()' | |||||
| CVE-2024-34989 | 2024-07-03 | N/A | 9.8 CRITICAL | ||
| In the module RSI PDF/HTML catalog evolution (prestapdf) <= 7.0.0 from RSI for PrestaShop, a guest can perform SQL injection via `PrestaPDFProductListModuleFrontController::queryDb().' | |||||
| CVE-2024-34988 | 2024-07-03 | N/A | 9.8 CRITICAL | ||
| SQL injection vulnerability in the module "Complete for Create a Quote in Frontend + Backend Pro" (askforaquotemodul) <= 1.0.51 from Buy Addons for PrestaShop allows attackers to view sensitive information and cause other impacts via methods `AskforaquotemodulcustomernewquoteModuleFrontController::run()`, `AskforaquotemoduladdproductnewquoteModuleFrontController::run()`, `AskforaquotemodulCouponcodeModuleFrontController::run()`, `AskforaquotemodulgetshippingcostModuleFrontController::run()`, `AskforaquotemodulgetstateModuleFrontController::run().` | |||||
| CVE-2024-34955 | 2024-07-03 | N/A | 9.8 CRITICAL | ||
| Code-projects Budget Management 1.0 is vulnerable to SQL Injection via the delete parameter. | |||||
| CVE-2024-34933 | 2024-07-03 | N/A | 6.3 MEDIUM | ||
| A SQL injection vulnerability in /model/update_grade.php in Campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the admission_fee parameter. | |||||
| CVE-2024-34930 | 2024-07-03 | N/A | 5.3 MEDIUM | ||
| A SQL injection vulnerability in /model/all_events1.php in Campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the month parameter. | |||||
| CVE-2024-34928 | 2024-07-03 | N/A | 7.3 HIGH | ||
| A SQL injection vulnerability in /model/update_subject_routing.php in Campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the grade parameter. | |||||