Security Vulnerabilities, CVEs, related to CWE-89 CVSS score >= 8
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Andy Moyle Church Admin.This issue affects Church Admin: from n/a through 4.0.27.
Max CVSS
8.5
EPSS Score
N/A
Published
2024-03-28
Updated
2024-03-28
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tomas WordPress Tooltips.This issue affects WordPress Tooltips: from n/a before 9.4.5.
Max CVSS
8.5
EPSS Score
N/A
Published
2024-03-28
Updated
2024-03-28
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in IT Path Solutions Contact Form to Any API.This issue affects Contact Form to Any API: from n/a through 1.1.8.
Max CVSS
8.5
EPSS Score
N/A
Published
2024-03-28
Updated
2024-03-28
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.1.
Max CVSS
8.5
EPSS Score
N/A
Published
2024-03-28
Updated
2024-03-28
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Typps Calendarista.This issue affects Calendarista: from n/a through 15.5.7.
Max CVSS
8.5
EPSS Score
N/A
Published
2024-03-28
Updated
2024-03-28
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Zoho Campaigns.This issue affects Zoho Campaigns: from n/a through 2.0.6.
Max CVSS
8.5
EPSS Score
N/A
Published
2024-03-28
Updated
2024-03-28
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Contest Gallery.This issue affects Contest Gallery: from n/a through 21.3.2.
Max CVSS
8.5
EPSS Score
N/A
Published
2024-03-27
Updated
2024-03-27
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Contest Gallery.This issue affects Contest Gallery: from n/a through 21.3.4.
Max CVSS
8.5
EPSS Score
N/A
Published
2024-03-28
Updated
2024-03-28
SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/reports/activitylogreport, 'sortby' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted query to the server and extract all the data from it.
Max CVSS
9.8
EPSS Score
0.04%
Published
2024-03-21
Updated
2024-03-21
SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/default/reports/exportactiveuserrpt, 'sort_name' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted query to the server and extract all the data from it.
Max CVSS
9.8
EPSS Score
0.04%
Published
2024-03-21
Updated
2024-03-21
SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/default/reports/activeuserrptpdf, 'sort_name' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted query to the server and extract all the data from it.
Max CVSS
9.8
EPSS Score
0.04%
Published
2024-03-21
Updated
2024-03-21
SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/reports/businessunits/format/html, 'bunitname' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted query to the server and extract all the data from it.
Max CVSS
9.8
EPSS Score
0.04%
Published
2024-03-21
Updated
2024-03-21
SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/empscreening/add, 'agencyids' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted query to the server and extract all the data from it.
Max CVSS
9.8
EPSS Score
0.04%
Published
2024-03-21
Updated
2024-03-21
SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/index/getdepartments/sentrifugo/index.php/index/updatecontactnumber, 'id' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted query to the server and extract all the data from it.
Max CVSS
9.8
EPSS Score
0.04%
Published
2024-03-21
Updated
2024-03-21
SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/index/getdepartments/format/html, 'business_id' parameter./sentrifugo/index.php/index/getdepartments/format/html, 'business_id' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted query to the server and extract all the data from it.
Max CVSS
9.8
EPSS Score
0.04%
Published
2024-03-21
Updated
2024-03-21
A SQL Injection has been found on SCAN_VISIO eDocument Suite Web Viewer of Abast. This vulnerability allows an unauthenticated user to retrieve, update and delete all the information of database. This vulnerability was found on login page via "user" parameter.
Max CVSS
9.8
EPSS Score
0.04%
Published
2024-03-21
Updated
2024-03-21
SQL injection vulnerability exists in the script Handler_CFG.ashx.
Max CVSS
8.8
EPSS Score
0.04%
Published
2024-03-21
Updated
2024-03-22
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. A SQL injection vulnerability has been discovered in the `insertentry` & `saveentry` when modifying records due to improper escaping of the email address. This allows any authenticated user with the rights to add/edit FAQ news to exploit this vulnerability to exfiltrate data, take over accounts and in some cases, even achieve RCE. This vulnerability is fixed in 3.2.6.
Max CVSS
8.8
EPSS Score
0.04%
Published
2024-03-25
Updated
2024-03-26
Chat functionality in Schoolbox application before
version 23.1.3 is vulnerable to blind SQL Injection enabling the
authenticated attackers to read, modify, and delete database records.
Max CVSS
8.8
EPSS Score
0.04%
Published
2024-03-07
Updated
2024-03-07
SQL injection vulnerability exists in GetDIAE_astListParameters.
Max CVSS
8.8
EPSS Score
0.04%
Published
2024-03-21
Updated
2024-03-22
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ValvePress Automatic allows SQL Injection.This issue affects Automatic: from n/a through 3.92.0.
Max CVSS
9.9
EPSS Score
0.04%
Published
2024-03-21
Updated
2024-03-21
Multiple SQL Injection vulnerabilities exist in the reporting application of the Arista Edge Threat Management - Arista NG Firewall (NGFW). A user with advanced report application access rights can exploit the SQL injection, allowing them to execute commands on the underlying operating system with elevated privileges.
Max CVSS
8.8
EPSS Score
0.04%
Published
2024-03-04
Updated
2024-03-05
pgx is a PostgreSQL driver and toolkit for Go. SQL injection can occur if an attacker can cause a single query or bind message to exceed 4 GB in size. An integer overflow in the calculated message size can cause the one large message to be sent as multiple messages under the attacker's control. The problem is resolved in v4.18.2 and v5.5.4. As a workaround, reject user input large enough to cause a single query or bind message to exceed 4 GB in size.
Max CVSS
9.8
EPSS Score
0.04%
Published
2024-03-06
Updated
2024-03-06
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. A SQL injection vulnerability has been discovered in the the "Add News" functionality due to improper escaping of the email address. This allows any authenticated user with the rights to add/edit FAQ news to exploit this vulnerability to exfiltrate data, take over accounts and in some cases, even achieve RCE. The vulnerable field lies in the `authorEmail` field which uses PHP's `FILTER_VALIDATE_EMAIL` filter. This filter is insufficient in protecting against SQL injection attacks and should still be properly escaped. However, in this version of phpMyFAQ (3.2.5), this field is not escaped properly can be used together with other fields to fully exploit the SQL injection vulnerability. This vulnerability is fixed in 3.2.6.
Max CVSS
8.8
EPSS Score
0.05%
Published
2024-03-25
Updated
2024-03-26
parse-server is a Parse Server for Node.js / Express. This vulnerability allows SQL injection when Parse Server is configured to use the PostgreSQL database. The vulnerability has been fixed in 6.5.0 and 7.0.0-alpha.20.
Max CVSS
10.0
EPSS Score
0.05%
Published
2024-03-01
Updated
2024-03-01
5355 vulnerabilities found
1
2
3
4
5
6 ......
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215