Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Andy Moyle Church Admin.This issue affects Church Admin: from n/a through 4.0.27.
Max CVSS
8.5
EPSS Score
N/A
Published
2024-03-28
Updated
2024-03-28
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tomas WordPress Tooltips.This issue affects WordPress Tooltips: from n/a before 9.4.5.
Max CVSS
8.5
EPSS Score
N/A
Published
2024-03-28
Updated
2024-03-28
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in IT Path Solutions Contact Form to Any API.This issue affects Contact Form to Any API: from n/a through 1.1.8.
Max CVSS
8.5
EPSS Score
N/A
Published
2024-03-28
Updated
2024-03-28
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.1.
Max CVSS
8.5
EPSS Score
N/A
Published
2024-03-28
Updated
2024-03-28
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Typps Calendarista.This issue affects Calendarista: from n/a through 15.5.7.
Max CVSS
8.5
EPSS Score
N/A
Published
2024-03-28
Updated
2024-03-28
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Zoho Campaigns.This issue affects Zoho Campaigns: from n/a through 2.0.6.
Max CVSS
8.5
EPSS Score
N/A
Published
2024-03-28
Updated
2024-03-28
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Contest Gallery.This issue affects Contest Gallery: from n/a through 21.3.2.
Max CVSS
8.5
EPSS Score
N/A
Published
2024-03-27
Updated
2024-03-27
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Contest Gallery.This issue affects Contest Gallery: from n/a through 21.3.4.
Max CVSS
8.5
EPSS Score
N/A
Published
2024-03-28
Updated
2024-03-28
SQL injection vulnerability in Sentrifugo 3.2, through  /sentrifugo/index.php/reports/activitylogreport, 'sortby' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted query to the server and extract all the data from it.
Max CVSS
9.8
EPSS Score
0.04%
Published
2024-03-21
Updated
2024-03-21
SQL injection vulnerability in Sentrifugo 3.2, through  /sentrifugo/index.php/default/reports/exportactiveuserrpt, 'sort_name' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted query to the server and extract all the data from it.
Max CVSS
9.8
EPSS Score
0.04%
Published
2024-03-21
Updated
2024-03-21
SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/default/reports/activeuserrptpdf, 'sort_name' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted query to the server and extract all the data from it.
Max CVSS
9.8
EPSS Score
0.04%
Published
2024-03-21
Updated
2024-03-21
SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/reports/businessunits/format/html, 'bunitname' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted query to the server and extract all the data from it.
Max CVSS
9.8
EPSS Score
0.04%
Published
2024-03-21
Updated
2024-03-21
SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/empscreening/add, 'agencyids' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted query to the server and extract all the data from it.
Max CVSS
9.8
EPSS Score
0.04%
Published
2024-03-21
Updated
2024-03-21
SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/index/getdepartments/sentrifugo/index.php/index/updatecontactnumber, 'id' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted query to the server and extract all the data from it.
Max CVSS
9.8
EPSS Score
0.04%
Published
2024-03-21
Updated
2024-03-21
SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/index/getdepartments/format/html, 'business_id' parameter./sentrifugo/index.php/index/getdepartments/format/html, 'business_id' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted query to the server and extract all the data from it.
Max CVSS
9.8
EPSS Score
0.04%
Published
2024-03-21
Updated
2024-03-21
A SQL Injection has been found on SCAN_VISIO eDocument Suite Web Viewer of Abast. This vulnerability allows an unauthenticated user to retrieve, update and delete all the information of database. This vulnerability was found on login page via "user" parameter.
Max CVSS
9.8
EPSS Score
0.04%
Published
2024-03-21
Updated
2024-03-21
SQL injection vulnerability exists in the script Handler_CFG.ashx.
Max CVSS
8.8
EPSS Score
0.04%
Published
2024-03-21
Updated
2024-03-22
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. A SQL injection vulnerability has been discovered in the `insertentry` & `saveentry` when modifying records due to improper escaping of the email address. This allows any authenticated user with the rights to add/edit FAQ news to exploit this vulnerability to exfiltrate data, take over accounts and in some cases, even achieve RCE. This vulnerability is fixed in 3.2.6.
Max CVSS
8.8
EPSS Score
0.04%
Published
2024-03-25
Updated
2024-03-26
Chat functionality in Schoolbox application before version 23.1.3 is vulnerable to blind SQL Injection enabling the authenticated attackers to read, modify, and delete database records.
Max CVSS
8.8
EPSS Score
0.04%
Published
2024-03-07
Updated
2024-03-07
SQL injection vulnerability exists in GetDIAE_astListParameters.
Max CVSS
8.8
EPSS Score
0.04%
Published
2024-03-21
Updated
2024-03-22
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ValvePress Automatic allows SQL Injection.This issue affects Automatic: from n/a through 3.92.0.
Max CVSS
9.9
EPSS Score
0.04%
Published
2024-03-21
Updated
2024-03-21
Multiple SQL Injection vulnerabilities exist in the reporting application of the Arista Edge Threat Management - Arista NG Firewall (NGFW). A user with advanced report application access rights can exploit the SQL injection, allowing them to execute commands on the underlying operating system with elevated privileges.
Max CVSS
8.8
EPSS Score
0.04%
Published
2024-03-04
Updated
2024-03-05
pgx is a PostgreSQL driver and toolkit for Go. SQL injection can occur if an attacker can cause a single query or bind message to exceed 4 GB in size. An integer overflow in the calculated message size can cause the one large message to be sent as multiple messages under the attacker's control. The problem is resolved in v4.18.2 and v5.5.4. As a workaround, reject user input large enough to cause a single query or bind message to exceed 4 GB in size.
Max CVSS
9.8
EPSS Score
0.04%
Published
2024-03-06
Updated
2024-03-06
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. A SQL injection vulnerability has been discovered in the the "Add News" functionality due to improper escaping of the email address. This allows any authenticated user with the rights to add/edit FAQ news to exploit this vulnerability to exfiltrate data, take over accounts and in some cases, even achieve RCE. The vulnerable field lies in the `authorEmail` field which uses PHP's `FILTER_VALIDATE_EMAIL` filter. This filter is insufficient in protecting against SQL injection attacks and should still be properly escaped. However, in this version of phpMyFAQ (3.2.5), this field is not escaped properly can be used together with other fields to fully exploit the SQL injection vulnerability. This vulnerability is fixed in 3.2.6.
Max CVSS
8.8
EPSS Score
0.05%
Published
2024-03-25
Updated
2024-03-26
parse-server is a Parse Server for Node.js / Express. This vulnerability allows SQL injection when Parse Server is configured to use the PostgreSQL database. The vulnerability has been fixed in 6.5.0 and 7.0.0-alpha.20.
Max CVSS
10.0
EPSS Score
0.05%
Published
2024-03-01
Updated
2024-03-01
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!