Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-43282

Summary
Assigner-Patchstack
Assigner Org ID-21595511-bba5-4825-b968-b78d1f9984a3
Published At-18 Aug, 2024 | 21:39
Updated At-19 Aug, 2024 | 14:28
Rejected At-
Credits

WordPress Tutor LMS plugin <= 2.7.2 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeum Tutor LMS.This issue affects Tutor LMS: from n/a through 2.7.2.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Patchstack
Assigner Org ID:21595511-bba5-4825-b968-b78d1f9984a3
Published At:18 Aug, 2024 | 21:39
Updated At:19 Aug, 2024 | 14:28
Rejected At:
▼CVE Numbering Authority (CNA)
WordPress Tutor LMS plugin <= 2.7.2 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeum Tutor LMS.This issue affects Tutor LMS: from n/a through 2.7.2.

Affected Products
Vendor
ThemeumThemeum
Product
Tutor LMS
Collection URL
https://wordpress.org/plugins
Package Name
tutor
Default Status
unaffected
Versions
Affected
  • From n/a through 2.7.2 (custom)
    • -> unaffectedfrom2.7.3
Problem Types
TypeCWE IDDescription
CWECWE-89CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Type: CWE
CWE ID: CWE-89
Description: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Metrics
VersionBase scoreBase severityVector
3.17.6HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L
Version: 3.1
Base score: 7.6
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Update to 2.7.3 or a higher version.

Configurations
Workarounds
Exploits
Credits
finder
justakazh (Patchstack Alliance)
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://patchstack.com/database/vulnerability/tutor/wordpress-tutor-lms-plugin-2-7-2-sql-injection-vulnerability?_s_id=cve
vdb-entry
Hyperlink: https://patchstack.com/database/vulnerability/tutor/wordpress-tutor-lms-plugin-2-7-2-sql-injection-vulnerability?_s_id=cve
Resource:
vdb-entry
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:audit@patchstack.com
Published At:18 Aug, 2024 | 22:15
Updated At:22 Jan, 2025 | 21:59

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeum Tutor LMS.This issue affects Tutor LMS: from n/a through 2.7.2.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.17.6HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L
Primary3.17.2HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 7.6
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L
Type: Primary
Version: 3.1
Base score: 7.2
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CPE Matches
Themeum
themeum
>>tutor_lms>>Versions before 2.7.3(exclusive)
cpe:2.3:a:themeum:tutor_lms:*:*:*:*:*:wordpress:*:*
Weaknesses
CWE IDTypeSource
CWE-89Primaryaudit@patchstack.com
CWE ID: CWE-89
Type: Primary
Source: audit@patchstack.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://patchstack.com/database/vulnerability/tutor/wordpress-tutor-lms-plugin-2-7-2-sql-injection-vulnerability?_s_id=cveaudit@patchstack.com
Third Party Advisory
Hyperlink: https://patchstack.com/database/vulnerability/tutor/wordpress-tutor-lms-plugin-2-7-2-sql-injection-vulnerability?_s_id=cve
Source: audit@patchstack.com
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

1160Records found
CVE-2024-4902
Matching Score-10
Assigner-Wordfence
ShareView Details
Matching Score-10
Assigner-Wordfence
CVSS Score-7.2||HIGH
EPSS-0.87% / 74.28%
||
7 Day CHG~0.00%
Published-07 Jun, 2024 | 04:33
Updated-29 Oct, 2024 | 18:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tutor LMS – eLearning and online course solution <= 2.7.1 -Authenticated (Administrator+) SQL Injection

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to time-based SQL Injection via the ‘course_id’ parameter in all versions up to, and including, 2.7.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with admin access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

Action-Not Available
Vendor-Themeum
Product-tutor_lmsTutor LMS – eLearning and online course solutiontutor_lms
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-37256
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.19% / 40.95%
||
7 Day CHG~0.00%
Published-09 Jul, 2024 | 09:02
Updated-02 Aug, 2024 | 20:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Tutor LMS plugin <= 2.7.1 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeum Tutor LMS.This issue affects Tutor LMS: from n/a through 2.7.1.

Action-Not Available
Vendor-Themeum
Product-tutor_lmsTutor LMS
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-54282
Matching Score-8
Assigner-Patchstack
ShareView Details
Matching Score-8
Assigner-Patchstack
CVSS Score-7.2||HIGH
EPSS-0.30% / 52.77%
||
7 Day CHG~0.00%
Published-13 Dec, 2024 | 14:25
Updated-13 Dec, 2024 | 15:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Mega Menu plugin <= 1.4.2 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Themeum WP Mega Menu allows Object Injection.This issue affects WP Mega Menu: from n/a through 1.4.2.

Action-Not Available
Vendor-Themeum
Product-WP Mega Menu
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2024-37266
Matching Score-8
Assigner-Patchstack
ShareView Details
Matching Score-8
Assigner-Patchstack
CVSS Score-4.9||MEDIUM
EPSS-0.75% / 72.09%
||
7 Day CHG~0.00%
Published-09 Jul, 2024 | 10:08
Updated-29 Aug, 2024 | 18:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Tutor LMS plugin <= 2.7.1 - Path Traversal vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Themeum Tutor LMS allows Path Traversal.This issue affects Tutor LMS: from n/a through 2.7.1.

Action-Not Available
Vendor-Themeum
Product-tutor_lmsTutor LMS
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2021-24182
Matching Score-6
Assigner-WPScan
ShareView Details
Matching Score-6
Assigner-WPScan
CVSS Score-6.5||MEDIUM
EPSS-7.63% / 91.49%
||
7 Day CHG~0.00%
Published-05 Apr, 2021 | 18:27
Updated-03 Aug, 2024 | 19:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tutor LMS < 1.8.3 - SQL Injection via tutor_quiz_builder_get_answers_by_question

The tutor_quiz_builder_get_answers_by_question AJAX action from the Tutor LMS – eLearning and online course solution WordPress plugin before 1.8.3 was vulnerable to UNION based SQL injection that could be exploited by students.

Action-Not Available
Vendor-UnknownThemeum
Product-tutor_lmsTutor LMS – eLearning and online course solution
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2021-24183
Matching Score-6
Assigner-WPScan
ShareView Details
Matching Score-6
Assigner-WPScan
CVSS Score-6.5||MEDIUM
EPSS-7.63% / 91.49%
||
7 Day CHG~0.00%
Published-05 Apr, 2021 | 18:27
Updated-03 Aug, 2024 | 19:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tutor LMS < 1.8.3 - SQL Injection via tutor_quiz_builder_get_question_form

The tutor_quiz_builder_get_question_form AJAX action from the Tutor LMS – eLearning and online course solution WordPress plugin before 1.8.3 was vulnerable to UNION based SQL injection that could be exploited by students.

Action-Not Available
Vendor-UnknownThemeum
Product-tutor_lmsTutor LMS – eLearning and online course solution
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-1751
Matching Score-6
Assigner-Wordfence
ShareView Details
Matching Score-6
Assigner-Wordfence
CVSS Score-8.8||HIGH
EPSS-0.69% / 70.78%
||
7 Day CHG~0.00%
Published-13 Mar, 2024 | 15:27
Updated-15 Jan, 2025 | 18:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to time-based SQL Injection via the question_id parameter in all versions up to, and including, 2.6.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber/student access or higher, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

Action-Not Available
Vendor-Themeum
Product-tutor_lmsTutor LMS – eLearning and online course solutiontutor_lms
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-4318
Matching Score-6
Assigner-Wordfence
ShareView Details
Matching Score-6
Assigner-Wordfence
CVSS Score-8.8||HIGH
EPSS-0.47% / 63.83%
||
7 Day CHG~0.00%
Published-16 May, 2024 | 05:33
Updated-24 Jan, 2025 | 17:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tutor LMS <= 2.7.0 - Authenticated (Instructor+) SQL Injection

The Tutor LMS plugin for WordPress is vulnerable to time-based SQL Injection via the ‘question_id’ parameter in versions up to, and including, 2.7.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Instructor-level permissions and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

Action-Not Available
Vendor-Themeum
Product-tutor_lmsTutor LMS – eLearning and online course solutiontutor_lms
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-10400
Matching Score-6
Assigner-Wordfence
ShareView Details
Matching Score-6
Assigner-Wordfence
CVSS Score-7.5||HIGH
EPSS-92.92% / 99.76%
||
7 Day CHG+0.03%
Published-21 Nov, 2024 | 07:35
Updated-23 Jan, 2025 | 17:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tutor LMS <= 2.7.6 - Unauthenticated SQL Injection via rating_filter

The Tutor LMS plugin for WordPress is vulnerable to SQL Injection via the ‘rating_filter’ parameter in all versions up to, and including, 2.7.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

Action-Not Available
Vendor-Themeum
Product-tutor_lmsTutor LMS – eLearning and online course solutiontutor_lms
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-6184
Matching Score-6
Assigner-Wordfence
ShareView Details
Matching Score-6
Assigner-Wordfence
CVSS Score-8.8||HIGH
EPSS-0.03% / 7.39%
||
7 Day CHG~0.00%
Published-13 Aug, 2025 | 06:39
Updated-13 Aug, 2025 | 17:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tutor LMS Pro – eLearning and online course solution <= 3.7.0 - Authenticated (Tutor Instructor+) SQL Injection

The Tutor LMS Pro – eLearning and online course solution plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order’ parameter used in the get_submitted_assignments() function in all versions up to, and including, 3.7.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Tutor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. Only the Pro version is affected.

Action-Not Available
Vendor-Themeum
Product-Tutor LMS Pro
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-25990
Matching Score-6
Assigner-Patchstack
ShareView Details
Matching Score-6
Assigner-Patchstack
CVSS Score-8.8||HIGH
EPSS-0.24% / 47.63%
||
7 Day CHG~0.00%
Published-03 Nov, 2023 | 16:22
Updated-05 Sep, 2024 | 19:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Tutor LMS Plugin <= 2.1.10 is vulnerable to SQL Injection

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeum Tutor LMS allows SQL Injection.This issue affects Tutor LMS: from n/a through 2.1.10.

Action-Not Available
Vendor-Themeum
Product-tutor_lmsTutor LMStutor_lms
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-25800
Matching Score-6
Assigner-Patchstack
ShareView Details
Matching Score-6
Assigner-Patchstack
CVSS Score-8.8||HIGH
EPSS-0.24% / 47.63%
||
7 Day CHG~0.00%
Published-03 Nov, 2023 | 16:26
Updated-05 Sep, 2024 | 19:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Tutor LMS Plugin <= 2.2.0 is vulnerable to SQL Injection

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeum Tutor LMS allows SQL Injection.This issue affects Tutor LMS: from n/a through 2.2.0.

Action-Not Available
Vendor-Themeum
Product-tutor_lmsTutor LMStutor_lms
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2021-24186
Matching Score-6
Assigner-WPScan
ShareView Details
Matching Score-6
Assigner-WPScan
CVSS Score-6.5||MEDIUM
EPSS-0.62% / 69.24%
||
7 Day CHG~0.00%
Published-05 Apr, 2021 | 18:27
Updated-03 Aug, 2024 | 19:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tutor LMS < 1.8.3 - SQL Injection via tutor_answering_quiz_question/get_answer_by_id

The tutor_answering_quiz_question/get_answer_by_id function pair from the Tutor LMS – eLearning and online course solution WordPress plugin before 1.8.3 was vulnerable to UNION based SQL injection that could be exploited by students.

Action-Not Available
Vendor-UnknownThemeum
Product-tutor_lmsTutor LMS – eLearning and online course solution
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-25700
Matching Score-6
Assigner-Patchstack
ShareView Details
Matching Score-6
Assigner-Patchstack
CVSS Score-9.8||CRITICAL
EPSS-0.22% / 45.00%
||
7 Day CHG~0.00%
Published-03 Nov, 2023 | 16:44
Updated-05 Sep, 2024 | 19:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Tutor LMS Plugin <= 2.1.10 is vulnerable to SQL Injection

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeum Tutor LMS allows SQL Injection.This issue affects Tutor LMS: from n/a through 2.1.10.

Action-Not Available
Vendor-Themeum
Product-tutor_lmsTutor LMStutor_lms
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2021-24185
Matching Score-6
Assigner-WPScan
ShareView Details
Matching Score-6
Assigner-WPScan
CVSS Score-6.5||MEDIUM
EPSS-0.45% / 62.68%
||
7 Day CHG~0.00%
Published-05 Apr, 2021 | 18:27
Updated-03 Aug, 2024 | 19:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tutor LMS < 1.7.7 - SQL Injection via tutor_place_rating

The tutor_place_rating AJAX action from the Tutor LMS – eLearning and online course solution WordPress plugin before 1.7.7 was vulnerable to blind and time based SQL injections that could be exploited by students.

Action-Not Available
Vendor-UnknownThemeum
Product-tutor_lmsTutor LMS – eLearning and online course solution
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2021-24181
Matching Score-6
Assigner-WPScan
ShareView Details
Matching Score-6
Assigner-WPScan
CVSS Score-6.5||MEDIUM
EPSS-0.45% / 62.68%
||
7 Day CHG~0.00%
Published-05 Apr, 2021 | 18:27
Updated-03 Aug, 2024 | 19:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tutor LMS < 1.7.7 - SQL Injection via tutor_mark_answer_as_correct

The tutor_mark_answer_as_correct AJAX action from the Tutor LMS – eLearning and online course solution WordPress plugin before 1.7.7 was vulnerable to blind and time based SQL injections that could be exploited by students.

Action-Not Available
Vendor-UnknownThemeum
Product-tutor_lmsTutor LMS – eLearning and online course solution
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-54930
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.08% / 24.69%
||
7 Day CHG+0.01%
Published-09 Dec, 2024 | 00:00
Updated-12 Dec, 2024 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_student.php.

Action-Not Available
Vendor-lopalopan/a
Product-e-learning_management_systemn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-54933
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.11% / 30.20%
||
7 Day CHG+0.01%
Published-09 Dec, 2024 | 00:00
Updated-12 Dec, 2024 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_content.php.

Action-Not Available
Vendor-lopalopan/a
Product-e-learning_management_systemn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-55990
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.14% / 35.43%
||
7 Day CHG+0.01%
Published-16 Dec, 2024 | 14:13
Updated-16 Dec, 2024 | 20:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Mollie for Contact Form 7 plugin <= 5.0.0 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ewald Harmsen Mollie for Contact Form 7 allows Blind SQL Injection.This issue affects Mollie for Contact Form 7: from n/a through 5.0.0.

Action-Not Available
Vendor-Ewald Harmsen
Product-Mollie for Contact Form 7
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-55104
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.02% / 4.48%
||
7 Day CHG~0.00%
Published-16 Dec, 2024 | 00:00
Updated-28 Mar, 2025 | 16:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Online Nurse Hiring System v1.0 was discovered to contain multiple SQL injection vulnerabilities in the component /admin/add-nurse.php via the gender and emailid parameters.

Action-Not Available
Vendor-n/aPHPGurukul LLP
Product-online_nurse_hiring_systemn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-54922
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.31% / 53.32%
||
7 Day CHG+0.02%
Published-09 Dec, 2024 | 00:00
Updated-12 Dec, 2024 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A SQL Injection was found in /admin/edit_user.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the firstname, lastname, and username parameters.

Action-Not Available
Vendor-lopalopan/a
Product-e-learning_management_systemn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-55103
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.03% / 7.22%
||
7 Day CHG~0.00%
Published-16 Dec, 2024 | 00:00
Updated-28 Mar, 2025 | 16:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Online Nurse Hiring System v1.0 was discovered to contain a SQL injection vulnerability in the component /admin/profile.php via the fullname parameter.

Action-Not Available
Vendor-n/aPHPGurukul LLP
Product-online_nurse_hiring_systemn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-5361
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.05% / 16.57%
||
7 Day CHG~0.00%
Published-26 May, 2024 | 11:00
Updated-21 Feb, 2025 | 19:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHPGurukul Zoo Management System normal-bwdates-reports-details.php sql injection

A vulnerability was found in PHPGurukul Zoo Management System 2.1. It has been rated as critical. This issue affects some unknown processing of the file /admin/normal-bwdates-reports-details.php. The manipulation of the argument fromdate leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-266273 was assigned to this vulnerability.

Action-Not Available
Vendor-PHPGurukul LLP
Product-zoo_management_systemZoo Management Systemzoo_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-5225
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-6.4||MEDIUM
EPSS-0.13% / 33.69%
||
7 Day CHG~0.00%
Published-06 Jun, 2024 | 18:19
Updated-23 Sep, 2024 | 19:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL Injection in berriai/litellm

An SQL Injection vulnerability exists in the berriai/litellm repository, specifically within the `/global/spend/logs` endpoint. The vulnerability arises due to improper neutralization of special elements used in an SQL command. The affected code constructs an SQL query by concatenating an unvalidated `api_key` parameter directly into the query, making it susceptible to SQL Injection if the `api_key` contains malicious data. This issue affects the latest version of the repository. Successful exploitation of this vulnerability could lead to unauthorized access, data manipulation, exposure of confidential information, and denial of service (DoS).

Action-Not Available
Vendor-litellmberriai
Product-litellmberriai/litellm
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-52435
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.18% / 39.66%
||
7 Day CHG~0.00%
Published-18 Nov, 2024 | 14:36
Updated-20 Nov, 2024 | 16:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Premium Packages – Sell Digital Products Securely plugin <= 5.9.3 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in W3 Eden, Inc. Premium Packages allows SQL Injection.This issue affects Premium Packages: from n/a through 5.9.3.

Action-Not Available
Vendor-WordPress Download Manager ProW3 Eden, Inc.
Product-premium_packages_-_sell_digital_products_securelyPremium Packages
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2021-44915
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.26% / 48.90%
||
7 Day CHG~0.00%
Published-05 Jul, 2022 | 17:12
Updated-04 Aug, 2024 | 04:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Taocms 3.0.2 was discovered to contain a blind SQL injection vulnerability via the function Edit category.

Action-Not Available
Vendor-taogogon/a
Product-taocmsn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-52436
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.18% / 39.66%
||
7 Day CHG~0.00%
Published-18 Nov, 2024 | 14:30
Updated-20 Nov, 2024 | 15:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Post SMTP plugin <= 2.9.9 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Post SMTP allows Blind SQL Injection.This issue affects Post SMTP: from n/a through 2.9.9.

Action-Not Available
Vendor-wpexpertsPost SMTP
Product-post_smtpPost SMTP
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2019-6012
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-7.2||HIGH
EPSS-1.08% / 76.93%
||
7 Day CHG~0.00%
Published-26 Dec, 2019 | 15:16
Updated-04 Aug, 2024 | 20:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in the wpDataTables Lite Version 2.0.11 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors.

Action-Not Available
Vendor-tms-outsourceTMS-Plugins
Product-wpdatatables_litewpDataTables Lite
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-50835
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-3.5||LOW
EPSS-0.05% / 15.42%
||
7 Day CHG~0.00%
Published-14 Nov, 2024 | 00:00
Updated-18 Nov, 2024 | 16:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A SQL Injection vulnerability was found in /admin/edit_student.php in KASHIPARA E-learning Management System Project 1.0 via the cys, un, ln, fn, and id parameters.

Action-Not Available
Vendor-lopalopan/aKashipara Group
Product-e-learning_management_systemn/ae_learning_management_system_project
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-47558
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.14% / 34.64%
||
7 Day CHG~0.00%
Published-18 Dec, 2023 | 22:53
Updated-02 Aug, 2024 | 21:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Who Hit The Page – Hit Counter Plugin <= 1.4.14.3 is vulnerable to SQL Injection

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mahlamusa Who Hit The Page – Hit Counter allows SQL Injection.This issue affects Who Hit The Page – Hit Counter: from n/a through 1.4.14.3.

Action-Not Available
Vendor-lindeniMahlamusa
Product-who_hit_the_page_-_hit_counterWho Hit The Page – Hit Counter
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-50827
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-3.5||LOW
EPSS-0.05% / 15.42%
||
7 Day CHG~0.00%
Published-14 Nov, 2024 | 00:00
Updated-18 Nov, 2024 | 16:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A SQL Injection vulnerability was found in /admin/add_subject.php in kashipara E-learning Management System Project 1.0 via the subject_code parameter.

Action-Not Available
Vendor-lopalopan/aKashipara Group
Product-e-learning_management_systemn/ae_learning_management_system_project
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-50326
Matching Score-4
Assigner-Ivanti
ShareView Details
Matching Score-4
Assigner-Ivanti
CVSS Score-7.2||HIGH
EPSS-27.55% / 96.24%
||
7 Day CHG~0.00%
Published-12 Nov, 2024 | 15:40
Updated-19 Nov, 2024 | 04:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

Action-Not Available
Vendor-Ivanti Software
Product-endpoint_managerEndpoint Managerendpoint_manager
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-48245
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.61% / 68.83%
||
7 Day CHG~0.00%
Published-07 Jan, 2025 | 00:00
Updated-14 May, 2025 | 16:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vehicle Management System 1.0 is vulnerable to SQL Injection. A guest user can exploit vulnerable POST parameters in various administrative actions, such as booking a vehicle or confirming a booking. The affected parameters include "Booking ID", "Action Name", and "Payment Confirmation ID", which are present in /newvehicle.php and /newdriver.php.

Action-Not Available
Vendor-n/ajanobe
Product-vehicle_management_systemn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-48226
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.12% / 32.24%
||
7 Day CHG+0.02%
Published-25 Oct, 2024 | 00:00
Updated-31 Oct, 2024 | 15:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Funadmin 5.0.2 is vulnerable to SQL Injection in curd/table/savefield.

Action-Not Available
Vendor-funadminn/afunadmin
Product-funadminn/afunadmin
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-48043
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.34% / 56.24%
||
7 Day CHG~0.00%
Published-17 Oct, 2024 | 12:08
Updated-18 Oct, 2024 | 12:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress ShortPixel Image Optimizer plugin <= 5.6.3 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ShortPixel ShortPixel Image Optimizer allows Blind SQL Injection.This issue affects ShortPixel Image Optimizer: from n/a through 5.6.3.

Action-Not Available
Vendor-ShortPixelshortpixel
Product-ShortPixel Image Optimizershortpixel_image_optimizer
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-48657
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.1||HIGH
EPSS-0.25% / 48.37%
||
7 Day CHG~0.00%
Published-22 Oct, 2024 | 00:00
Updated-24 Oct, 2024 | 14:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL Injection vulnerability in hospital management system in php with source code v.1.0.0 allows a remote attacker to execute arbitrary code.

Action-Not Available
Vendor-princelycesarn/aITSourceCode
Product-hospital_management_systemn/ahospital_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-47338
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.41% / 60.25%
||
7 Day CHG~0.00%
Published-06 Oct, 2024 | 12:58
Updated-07 Oct, 2024 | 17:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WPExperts Square For GiveWP plugin <= 1.3 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPExpertsio WPExperts Square For GiveWP allows SQL Injection.This issue affects WPExperts Square For GiveWP: from n/a through 1.3.

Action-Not Available
Vendor-WPExpertsio
Product-WPExperts Square For GiveWP
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2021-41947
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.30% / 52.75%
||
7 Day CHG~0.00%
Published-08 Oct, 2021 | 12:40
Updated-04 Aug, 2024 | 03:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A SQL injection vulnerability exists in Subrion CMS v4.2.1 in the visual-mode.

Action-Not Available
Vendor-intelliantsn/a
Product-subrion_cmsn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2021-4208
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-7.2||HIGH
EPSS-0.57% / 67.55%
||
7 Day CHG~0.00%
Published-21 Feb, 2022 | 10:45
Updated-03 Aug, 2024 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ExportFeed <= 2.0.1.0 - Admin+ SQL Injection

The ExportFeed WordPress plugin through 2.0.1.0 does not sanitise and escape the product_id POST parameter before using it in a SQL statement, leading to a SQL injection vulnerability exploitable by high privilege users

Action-Not Available
Vendor-exportfeedUnknown
Product-exportfeedExportFeed: List WooCommerce Products on eBay Store
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-45756
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.11% / 29.75%
||
7 Day CHG+0.01%
Published-25 Nov, 2024 | 00:00
Updated-25 Nov, 2024 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Centreon centreon-open-tickets 24.10.x before 24.10.0, 24.04.x before 24.04.2, 23.10.x before 23.10.1, 23.04.x before 23.04.3, and 22.10.x before 22.10.2. SQL injection can occur in the form to create a ticket. Exploitation is only accessible to authenticated users with high-privileged access.

Action-Not Available
Vendor-n/aCENTREON
Product-n/acentreon
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-45755
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.11% / 29.75%
||
7 Day CHG+0.01%
Published-25 Nov, 2024 | 00:00
Updated-26 Nov, 2024 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Centreon centreon-dsm-server 24.10.x before 24.10.0, 24.04.x before 24.04.3, 23.10.x before 23.10.1, 23.04.x before 23.04.3, and 22.10.x before 22.10.2. SQL injection can occur in the form to configure Centreon DSM slots. Exploitation is only accessible to authenticated users with high-privileged access.

Action-Not Available
Vendor-n/aCENTREON
Product-n/acentreon
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-45754
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.18% / 39.32%
||
7 Day CHG~0.00%
Published-11 Oct, 2024 | 00:00
Updated-15 Oct, 2024 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the centreon-bi-server component in Centreon BI Server 24.04.x before 24.04.3, 23.10.x before 23.10.8, 23.04.x before 23.04.11, and 22.10.x before 22.10.11. SQL injection can occur in the listing of configured reporting jobs. Exploitation is only accessible to authenticated users with high-privileged access.

Action-Not Available
Vendor-n/aCENTREON
Product-n/acentreon
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2021-40861
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-3.20% / 86.49%
||
7 Day CHG~0.00%
Published-08 Dec, 2021 | 14:58
Updated-04 Aug, 2024 | 02:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A SQL Injection in the custom filter query component in Genesys intelligent Workload Distribution (IWD) 9.0.017.07 allows an attacker to execute arbitrary SQL queries via the value attribute, with which all data in the database can be extracted and OS command execution is possible depending on the permissions and/or database engine.

Action-Not Available
Vendor-genesysn/a
Product-intelligent_workload_distribution_managern/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-43966
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.24% / 47.31%
||
7 Day CHG~0.00%
Published-26 Aug, 2024 | 15:07
Updated-08 Nov, 2024 | 08:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Testimonial Widget plugin <= 3.1 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Stark Digital WP Testimonial Widget.This issue affects WP Testimonial Widget: from n/a through 3.1.

Action-Not Available
Vendor-starkdigitalStark Digital
Product-wp_testimonial_widgetWP Testimonial Widget
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-47506
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.13% / 33.00%
||
7 Day CHG~0.00%
Published-18 Dec, 2023 | 23:00
Updated-02 Aug, 2024 | 21:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Master Slider Pro Plugin <= 3.6.5 is vulnerable to SQL Injection

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Master slider Master Slider Pro allows SQL Injection.This issue affects Master Slider Pro: from n/a through 3.6.5.

Action-Not Available
Vendor-mastersliderMaster slider
Product-master_sliderMaster Slider Pro
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2021-40992
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.2||HIGH
EPSS-0.62% / 69.23%
||
7 Day CHG~0.00%
Published-15 Oct, 2021 | 13:36
Updated-04 Aug, 2024 | 02:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote SQL injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vulnerability.

Action-Not Available
Vendor-n/aAruba Networks
Product-clearpass_policy_managerAruba ClearPass Policy Manager
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-44725
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.12% / 31.03%
||
7 Day CHG~0.00%
Published-09 Sep, 2024 | 00:00
Updated-22 Apr, 2025 | 14:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

AutoCMS v5.4 was discovered to contain a SQL injection vulnerability via the sidebar parameter at /admin/robot.php.

Action-Not Available
Vendor-autocms_projectn/aautocms
Product-autocmsn/aautocms
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-43969
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.41% / 60.25%
||
7 Day CHG~0.00%
Published-17 Sep, 2024 | 22:33
Updated-20 Sep, 2024 | 12:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Spiffy Calendar plugin <= 4.9.12 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Spiffy Plugins Spiffy Calendar allows SQL Injection.This issue affects Spiffy Calendar: from n/a through 4.9.12.

Action-Not Available
Vendor-Spiffy Plugins
Product-Spiffy Calendar
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2006-5738
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.18% / 39.56%
||
7 Day CHG~0.00%
Published-06 Nov, 2006 | 18:00
Updated-03 Apr, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple SQL injection vulnerabilities in PunBB before 1.2.14 allow remote authenticated administrators to execute arbitrary SQL commands via unspecified vectors.

Action-Not Available
Vendor-punbbn/a
Product-punbbn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2021-46436
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.24% / 47.31%
||
7 Day CHG~0.00%
Published-08 Apr, 2022 | 10:06
Updated-04 Aug, 2024 | 05:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in ZZCMS 2021. There is a SQL injection vulnerability in ad_manage.php.

Action-Not Available
Vendor-zzcmsn/a
Product-zzcmsn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 23
  • 24
  • Next
Details not found