Przykłady dla CWE-89: Improper Neutralization of Special Elements used in an SQL ...

	Tytuł	Data	Autor
Med.	Centreon 23.10-1.el8 SQL Injection	16.04.2024	Cody Sixteen
Med.	AMPLE BILLS 0.1 SQL injection	15.04.2024	nu11secur1ty
Med.	Moodle 3.10.1 SQL Injection	15.04.2024	Julio Ángel Ferrari
Med.	UP-RESULT 0.1 2024 SQL Injection	08.04.2024	nu11secur1ty
Med.	Daily Expense Manager 1.0 SQL Injection	08.04.2024	Stefan Hesselman
Med.	Human Resource Management System 2024 1.0 SQL Injection	06.04.2024	nu11secur1ty
Med.	Purei CMS 1.0 SQL Injection	30.03.2024	Number 7
Med.	MobileShop master - SQL Injection Vuln.	26.03.2024	HAZIM ARBAŞ
Med.	CSZCMS v1.3.0 SQL Injection (Authenticated)	20.03.2024	Abdulaziz Almetairy
Med.	Human Resource Management System 1.0 SQL Injection	13.03.2024	Srikar
Med.	WordPress Hide My WP SQL Injection	11.03.2024	Xenofon Vassilakopoulo...
Med.	Enrollment System v1.0 SQL Injection	03.03.2024	Gnanaraj Mauviel
Med.	Membership Management System 1.0 SQL Injection	01.03.2024	SoSPiro
Med.	WP Fastest Cache 1.2.2 Unauthenticated SQL Injection	29.02.2024	Meryem Taşkın
Med.	Blood Bank 1.0 SQL Injection	28.02.2024	Ersin Erenler
Med.	WordPress WP Fastest Cache 1.2.2 SQL Injection	28.02.2024	Meryem Taskin
Med.	Simple Inventory Management System v1.0 email SQL Injection	27.02.2024	SoSPiro
Med.	Fuelflow 1.0 SQL Injection	25.02.2024	nu11secur1ty
Med.	Cacti pollers.php SQL Injection / Remote Code Execution	07.02.2024	Christophe de la Fuent...
Med.	Bank Locker Management System SQL Injection	02.02.2024	SoSPiro
High	xbtitFM 4.1.18 SQL Injection / Shell Upload / Traversal	22.01.2024	Who cares anyway
Med.	WordPress RSVPMaker 9.3.2 SQL Injection	17.01.2024	Amirhossein Bahramizad...
Med.	Copyright Loan Management System 2024 1.0 SQL Injection	13.01.2024	nu11secur1ty
Med.	AdvantechWeb/SCADA 9.1.5U SQL Injection	10.01.2024	Cody Sixteen
High	Hospital Management System 4.0 XSS / Shell Upload / SQL Injection	24.12.2023	Louise Ng
Med.	GilaCMS 1.15.4 SQL Injection	24.12.2023	Louise Ng
Low	Webnink - sql injection Vulnerability	08.11.2023	nabeghehtech
Med.	WordPress AI ChatBot 4.8.9 SQL Injection / Traversal / File Deletion	27.10.2023	Marco Wotschka
Med.	NLB mKlik Makedonija 3.3.12 SQL Injection	16.10.2023	Neurogenesia
Med.	WordPress WP ERP 1.12.2 SQL Injection	16.10.2023	Arvandy
Med.	ChurchCRM 4.5.4 SQL Injection	16.10.2023	Arvandy
Med.	Dawa Pharma 1.0-2022 SQL Injection	14.10.2023	nu11secur1ty
Med.	Smart School 6.4.1 SQL Injection	11.10.2023	CraCkEr
Med.	Academy LMS 6.2 SQL Injection	20.09.2023	CraCkEr
Med.	Taskhub 2.8.7 SQL Injection	20.09.2023	CraCkEr
Med.	WordPress Slimstat Analytics 5.0.9 Cross Site Scripting / SQL Injection	13.09.2023	Lana Codes
Med.	Shuttle Booking Software 1.0 SQL Injection	13.09.2023	nu11secur1ty
Med.	Equipment Rental Script 1.0 SQL Injection	13.09.2023	nu11secur1ty
Med.	Meeting Room Booking System 1.0 SQL Injection	10.09.2023	nu11secur1ty
High	Online ID Generator 1.0 SQL Injection / Shell Upload	31.08.2023	nu11secur1ty
Med.	Business Directory Script 3.2 SQL Injection	26.08.2023	nu11secur1ty
Med.	User Registration And Login And User Management System 3.0 SQL Injection	24.08.2023	Ashutosh Singh Umath
Med.	Global Multi School Management System Express 1.0 SQL Injection	23.08.2023	Ahmet Umit Bayram
Med.	Color Prediction Game 1.0 SQL Injection	23.08.2023	Ahmet Umit Bayram
Med.	OVOO Movie Portal CMS 3.3.3 SQL Injection	23.08.2023	Ahmet Umit Bayram
Med.	Online Diagnostic Lab Management 1.0 SQL Injection	01.08.2023	nu11secur1ty
Med.	Hikvision Hybrid SAN Ds-a71024 SQL Injection	21.07.2023	Thurein Soe
Med.	Faculty Evaluation System v1.0 SQL Injection	21.07.2023	Andrey Stoykov
Med.	Wifi Soft Unibox Administration 3.0 / 3.1 SQL Injection	21.07.2023	Ansh Jain
Med.	CMS SAUDI SOFTECH 5.0.2 SQL Injection	21.07.2023	indoushka
Med.	Groomify v1.0 SQL Injection	06.07.2023	Ahmet Ümit BAYRAM
Med.	WordPress WP AutoComplete Search 1.0.4 SQL Injection	05.07.2023	Matin Nouriyan
Med.	Beauty Salon Management System 1.0 SQL Injection	05.07.2023	Fatih Nacar
Med.	SPIP 4.2.3 SQL Injection	30.06.2023	nu11secur1ty
Med.	MOVEit SQL Injection	25.06.2023	bwatters-r7
Med.	SCRMS 2023-05-27 1.0 Multiple SQL Injection	22.06.2023	nu11secur1ty
Med.	ACJWEB DESIGNER 1.0 SQL Injection	22.06.2023	indoushka
Med.	Expert Job Portal Management System 1.0 SQL Injection	07.06.2023	CraCkEr
Med.	PrinterLogic Build 1.0.757 XSS / SQL Injection / Authentication Bypass	30.05.2023	Nadeem Salim
Med.	Stackposts Social Marketing Tool v1.0 SQL Injection	27.05.2023	Ahmet Ümit BAYRAM
Med.	Quicklancer v1.0 SQL Injection	27.05.2023	Ahmet Ümit BAYRAM
Med.	Smart School 1.0 SQL Injection	24.05.2023	Ahmet Umit Bayram
Med.	LeadPro CRM 1.0 SQL Injection	24.05.2023	Ahmet Umit Bayram
Med.	Service Provider Management System v1.0 SQL Injection	24.05.2023	Ashik Kunjumon
Med.	GaanaGawaana Music Platform PHP Script 1.0 Cross Site Scripting / SQL Injection	21.05.2023	nu11secur1ty
Med.	GaanaGawaana 1.0 SQL Injection	11.05.2023	CraCkEr
Med.	VOTAB Voting Quiz PHP Script 1.0 SQL Injection	10.05.2023	CraCkEr
Med.	Found Information System 1.0 SQL Injection	08.05.2023	nu11secur1ty
Med.	AC Repair And Services 1.0 SQL Injection	03.05.2023	nu11secur1ty
Med.	ChurchCRM 4.5.3 SQL Injection	03.05.2023	Iyaad Luqman K
Med.	Piwigo 13.5.0 SQL Injection	30.04.2023	Rodolfo Tavares
Med.	Chitor-CMS 1.1.2 SQL Injection	21.04.2023	msd0pe
Med.	NotrinosERP 0.7 SQL Injection	10.04.2023	Arvandy
Med.	ChurchCRM 4.5.1 SQL Injection	10.04.2023	Arvandy
Med.	Intern Record System 1.0 SQL Injection	06.04.2023	Hamdi Sevben
Med.	Dreamer CMS 4.0.0 SQL Injection	02.04.2023	lvren
Med.	EQ Enterprise Management System 2.2.0 SQL Injection	02.04.2023	TLF
Med.	Senayan Library Management System v9.0.0 SQL Injection	02.04.2023	nu11secur1ty
Med.	WebTareas 2.4 SQL Injection (Unauthorised)	30.03.2023	Hubert Wojciechowski
Med.	101+ News Portal 1.0 SQL Injection	22.03.2023	Abdulhakim Oner
Med.	Yoga Class Registration 1.0 SQL Injection	22.03.2023	nu11secur1ty
Med.	Purchase Order Management 1.0 SQL Injection	06.03.2023	nu11secur1ty
Med.	Auto Dealer Management System 1.0 SQL Injection	26.02.2023	Navaid Ansari
High	Device Manager Express 7.8.20002.47752 SQL Injection / XSS / Code Execution / Traversal	24.02.2023	Eric Flokstra
Med.	Yoga Class Registration System 1.0 SQL Injection	24.02.2023	Ahmed Ismail
Med.	Sales Tracker System 1.0 SQL Injection	22.02.2023	Ahmed Ismail
Med.	101news By Mayuri K 1.0 SQL Injection	14.02.2023	nu11secur1ty
Med.	Material Dashboard 2 SQL Injection	09.02.2023	indoushka
Med.	eCommerce Marketplace Platform CMS 1.7 SQL Injection	02.02.2023	CraCkEr
Med.	Online Eyewear Shop 1.0 SQL Injection	01.02.2023	Muhammad Navaid Zafar ...
Med.	PHPJabbers Property Listing Script 3.1 SQL Injection	30.01.2023	CraCkEr
Med.	PHPJabbers Car Rental Script 3.0 SQL Injection	28.01.2023	CraCkEr
Med.	Inout Music 5.1.1 SQL Injection	26.01.2023	CraCkEr
Med.	Inout RealEstate 2.1.3 SQL Injection	23.01.2023	CraCkEr
Med.	Active eCommerce CMS 6.5.0 SQL Injection	21.01.2023	CraCkEr
Med.	BootCommerce 3.2.1 SQL Injection	18.01.2023	CraCkEr
Med.	PHP Hazir Haber Sitesi Scripti 3 SQL Injection	18.01.2023	CraCkEr
Med.	ChiKoi 1.0 SQL Injection	15.01.2023	nu11secur1ty
Med.	Student Attendance Management System 1.0 SQL Injection	31.12.2022	nu11secur1ty
Med.	Senayan Library Management System 9.2.2 SQL Injection	28.12.2022	nu11secur1ty

Common Weakness Enumeration (CWE)

CVE

Szczegóły

Opis

2024-04-18

CVE-2024-29001	Updating...	A SolarWinds Platform SWQL Injection Vulnerability was identified in the user interface. This vulnerability requires authentication and user interaction to be exploited.
CVE-2024-32602	Updating...	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in OnTheGoSystems WooCommerce Multilingual & Multicurrency.This issue affects WooCommerce Multilingual & Multicurrency: from n/a through 5.3.3.1.
CVE-2024-32551	Updating...	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Smartypants SP Project & Document Manager.This issue affects SP Project & Document Manager : from n/a through 4.71.

2024-04-17

CVE-2022-47151

Updating...

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in JS Help Desk JS Help Desk �?? Best Help Desk & Support Plugin.This issue affects JS Help Desk �?? Best Help Desk & Support Plugin: from n/a through 2.7.1.

2024-04-16

CVE-2024-1601

Updating...

An SQL injection vulnerability exists in the `delete_discussion()` function of the parisneo/lollms-webui application, allowing an attacker to delete all discussions and message data. The vulnerability is exploitable via a crafted HTTP POST request to the `/delete_discussion` endpoint, which internally calls the vulnerable `delete_discussion()` function. By sending a specially crafted payload in the 'id' parameter, an attacker can manipulate SQL queries to delete all records from the 'discussion' and 'message' tables. This issue is due to improper neutralization of special elements used in an SQL command.

2024-04-15

CVE-2024-3769	Updating...	A vulnerability, which was classified as critical, was found in PHPGurukul Student Record System 3.20. Affected is an unknown function of the file /login.php. The manipulation of the argument id/password leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-260616.
CVE-2024-3768	Updating...	A vulnerability, which was classified as critical, has been found in PHPGurukul News Portal 4.1. This issue affects some unknown processing of the file search.php. The manipulation of the argument searchtitle leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-260615.
CVE-2024-3767	Updating...	A vulnerability classified as critical was found in PHPGurukul News Portal 4.1. This vulnerability affects unknown code of the file /admin/edit-post.php. The manipulation of the argument posttitle leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-260614 is the identifier assigned to this vulnerability.
CVE-2024-32139	Updating...	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Podlove Podlove Podcast Publisher.This issue affects Podlove Podcast Publisher: from n/a through 4.0.12.
CVE-2024-32137	Updating...	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Solwin User Activity Log Pro.This issue affects User Activity Log Pro: from n/a through 2.3.4.

16.04.2024

15.04.2024

15.04.2024

08.04.2024

08.04.2024

06.04.2024

30.03.2024

26.03.2024

20.03.2024

13.03.2024

11.03.2024

03.03.2024

01.03.2024

29.02.2024

28.02.2024

28.02.2024

27.02.2024

25.02.2024

07.02.2024

02.02.2024

22.01.2024

17.01.2024

13.01.2024

10.01.2024

24.12.2023

24.12.2023

08.11.2023

27.10.2023

16.10.2023

16.10.2023

16.10.2023

14.10.2023

11.10.2023

20.09.2023

20.09.2023

13.09.2023

13.09.2023

13.09.2023

10.09.2023

31.08.2023

26.08.2023

24.08.2023

23.08.2023

23.08.2023

23.08.2023

01.08.2023

21.07.2023

21.07.2023

21.07.2023

21.07.2023

06.07.2023

05.07.2023

05.07.2023

30.06.2023

25.06.2023

22.06.2023

22.06.2023

07.06.2023

30.05.2023

27.05.2023

27.05.2023

24.05.2023

24.05.2023

24.05.2023

21.05.2023

11.05.2023

10.05.2023

08.05.2023

03.05.2023

03.05.2023

30.04.2023

21.04.2023

10.04.2023

10.04.2023

06.04.2023