Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-89 (SQL命令中使用的特殊元素转义处理不恰当(SQL注入)) — Vulnerability Class 8881

8881 vulnerabilities classified as CWE-89 (SQL命令中使用的特殊元素转义处理不恰当(SQL注入)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2024-6728 itsourcecode Tailoring Management System typeedit.php sql injection — Tailoring Management System 6.3 Medium2024-07-14
CVE-2024-39909 SQL Injection in the KubeClarity REST API — kubeclarity 6.5 Medium2024-07-12
CVE-2024-37564 WordPress PayPlus Payment Gateway plugin <= 7.0.7 - SQL Injection vulnerability — PayPlus Payment Gateway 8.5 High2024-07-12
CVE-2024-37933 WordPress Woocommerce OpenPos plugin <= 6.4.4 - Unauthenticated SQL Injection vulnerability — Woocommerce OpenPos 9.3 Critical2024-07-12
CVE-2024-5325 Form Vibes <= 1.4.10 - Authenticated (Subscriber+) SQL Injection via fv_export_data — Form Vibes – Database Manager for Forms 8.8 High2024-07-12
CVE-2024-6353 Wallet for WooCommerce <= 1.5.4 - Authenticated (Subscriber+) SQL Injection via 'search[value]' — Wallet for WooCommerce 8.8 High2024-07-12
CVE-2024-6681 witmy my-springsecurity-plus dept sql injection — my-springsecurity-plus 6.3 Medium2024-07-11
CVE-2024-6680 witmy my-springsecurity-plus build sql injection — my-springsecurity-plus 6.3 Medium2024-07-11
CVE-2024-6679 witmy my-springsecurity-plus role sql injection — my-springsecurity-plus 6.3 Medium2024-07-11
CVE-2024-6666 WP ERP <= 1.13.0 - Authenticated (Accounting Manager+) SQL Injection via vendor_id — ERP: Complete HR, Accounting & CRM Suite with WooCommerce CRM Support 8.8 High2024-07-11
CVE-2024-6676 witmy my-springsecurity-plus user sql injection — my-springsecurity-plus 6.3 Medium2024-07-11
CVE-2024-6653 code-projects Simple Task List Login loginForm.php sql injection — Simple Task List 7.3 High2024-07-11
CVE-2024-6652 itsourcecode Gym Management System manage_member.php sql injection — Gym Management System 6.3 Medium2024-07-10
CVE-2024-37148 GLPI allows account takeover via SQL Injection in AJAX scripts — glpi 8.1 High2024-07-10
CVE-2024-5792 Houzez CRM <= 1.4.2 - Authenticated (Seller+) SQL Injection — Houzez CRM 8.8 High2024-07-10
CVE-2024-6527 SQL Injection in MegaBIP — MegaBIP 9.1AICriticalAI2024-07-09
CVE-2024-37090 SQL Injection vulnerability in multiple StylemixThemes premium themes — Masterstudy Elementor Widgets 8.5 High2024-07-09
CVE-2024-37112 WordPress WishList Member X plugin < 3.26.7 - Unauthenticated Arbitrary SQL Query Execution vulnerability — WishList Member X 10.0 Critical2024-07-09
CVE-2024-37225 WordPress Zoho Marketing Automation plugin <= 1.2.7 - SQL Injection vulnerability — Zoho Marketing Automation 8.5 High2024-07-09
CVE-2024-37256 WordPress Tutor LMS plugin <= 2.7.1 - SQL Injection vulnerability — Tutor LMS 7.6 High2024-07-09
CVE-2024-37486 WordPress Paid Memberships Pro plugin <= 3.0.5 - Authenticated SQL Injection vulnerability — Paid Memberships Pro 7.6 High2024-07-09
CVE-2024-37494 WordPress Youzify plugin <= 1.2.5 - SQL Injection vulnerability — Youzify 8.5 High2024-07-09
CVE-2024-3604 OSM – OpenStreetMap <= 6.0.3 - Authenticated (Contributor+) SQL Injection — OSM – OpenStreetMap 9.9 Critical2024-07-09
CVE-2024-6166 Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.112 - Authenticated (Contributor+) Time-Based SQL Injection — Unlimited Elements For Elementor 8.8 High2024-07-09
CVE-2024-5793 Houzez Theme - Functionality <= 3.2.2 - Authenticated (Seller+) SQL Injection — Houzez Theme - Functionality 8.8 High2024-07-09
CVE-2024-39677 NHibernate SQL injection vulnerability in discriminator mappings, static fields referenced in HQL, and some utilities — nhibernate-core 5.9 Medium2024-07-08
CVE-2024-5753 Local File Read (LFI) by Prompt Injection via Postgres SQL in vanna-ai/vanna — vanna-ai/vanna 9.1AICriticalAI2024-07-05
CVE-2024-6471 SourceCodester Online Tours & Travels Management sms_setting.php sql injection — Online Tours & Travels Management 6.3 Medium2024-07-03
CVE-2024-6453 itsourcecode Farm Management System sql injection — Farm Management System 6.3 Medium2024-07-02
CVE-2024-6452 linlinjava litemall AdminGoodscontroller.java sql injection — litemall 6.3 Medium2024-07-02

Vulnerabilities classified as CWE-89 (SQL命令中使用的特殊元素转义处理不恰当(SQL注入)) represent 8881 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.