Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CWE-564:SQL Injection: Hibernate
Weakness ID:564
Version:v4.17
Weakness Name:SQL Injection: Hibernate
Vulnerability Mapping:Allowed
Abstraction:Variant
Structure:Simple
Status:Incomplete
Likelihood of Exploit:
DetailsContent HistoryObserved CVE ExamplesReports
3Vulnerabilities found
CVE-2024-48988
Assigner-Apache Software Foundation
ShareView Details
Assigner-Apache Software Foundation
CVSS Score-7.6||HIGH
EPSS-0.03% / 6.92%
||
7 Day CHG~0.00%
Published-22 Aug, 2025 | 18:24
Updated-26 Aug, 2025 | 19:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache StreamPark: SQL injection vulnerability

SQL Injection vulnerability in Apache StreamPark. This issue affects Apache StreamPark: from 2.1.4 before 2.1.6. Users are recommended to upgrade to version 2.1.6, which fixes the issue. This vulnerability is present only in the distribution package (SpringBoot platform) and does not involve Maven artifacts. It can only be exploited after a user has successfully logged into the platform (implying that the attacker would first need to compromise the login authentication). As a result, the associated risk is considered relatively low.

Action-Not Available
Vendor-The Apache Software Foundation
Product-streamparkApache StreamPark
CWE ID-CWE-564
SQL Injection: Hibernate
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-0959
Assigner-Wordfence
ShareView Details
Assigner-Wordfence
CVSS Score-8.8||HIGH
EPSS-0.04% / 11.00%
||
7 Day CHG~0.00%
Published-07 Mar, 2025 | 08:21
Updated-13 Mar, 2025 | 14:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Eventer - WordPress Event & Booking Manager Plugin <= 3.9.9.2 - Authenticated (Subscriber+) SQL Injection via reg_id

The Eventer - WordPress Event & Booking Manager Plugin plugin for WordPress is vulnerable to SQL Injection via the reg_id parameter in all versions up to, and including, 3.9.9.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

Action-Not Available
Vendor-imithemesimithemes
Product-eventerEventer - WordPress Event & Booking Manager Plugin
CWE ID-CWE-564
SQL Injection: Hibernate
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-4658
Assigner-TR-CERT (Computer Emergency Response Team of the Republic of Türkiye)
ShareView Details
Assigner-TR-CERT (Computer Emergency Response Team of the Republic of Türkiye)
CVSS Score-6.9||MEDIUM
EPSS-0.19% / 41.43%
||
7 Day CHG~0.00%
Published-10 Oct, 2024 | 13:38
Updated-15 Oct, 2024 | 12:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQLi in TE Informatics' Nova CMS

SQL Injection: Hibernate vulnerability in TE Informatics Nova CMS allows SQL Injection.This issue affects Nova CMS: before 5.0.

Action-Not Available
Vendor-TE Informaticste_informatics
Product-Nova CMSnova_cms
CWE ID-CWE-564
SQL Injection: Hibernate