Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-89 (SQL命令中使用的特殊元素转义处理不恰当(SQL注入)) — Vulnerability Class 8881

8881 vulnerabilities classified as CWE-89 (SQL命令中使用的特殊元素转义处理不恰当(SQL注入)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2024-3549 Blog2Social: Social Media Auto Post & Scheduler <= 7.4.1 - Authenticated (Subscriber+) SQL Injection — Blog2Social: Social Media Auto Post & Scheduler 9.9 Critical2024-06-11
CVE-2024-36412 SuiteCRM unauthenticated SQL Injection — SuiteCRM 10.0 Critical2024-06-10
CVE-2024-36411 SuiteCRM authenticated SQL Injection in EmailUIAjax displayView controller — SuiteCRM 9.6 Critical2024-06-10
CVE-2024-36410 SuiteCRM authenticated SQL Injection in EmailUIAjax messages count controller — SuiteCRM 9.6 Critical2024-06-10
CVE-2024-36409 SuiteCRM authenticated SQL Injection in TreeData entrypoint — SuiteCRM 9.6 Critical2024-06-10
CVE-2024-36408 SuiteCRM authenticated SQL Injection in Alerts — SuiteCRM 9.6 Critical2024-06-10
CVE-2024-35305 Unauth Time-Based SQL Injection via API — Pandora FMS 9.8 -2024-06-10
CVE-2024-5775 SourceCodester Vehicle Management System updatebill.php sql injection — Vehicle Management System 6.3 Medium2024-06-09
CVE-2024-5774 SourceCodester Stock Management System Login index.php sql injection — Stock Management System 7.3 High2024-06-09
CVE-2024-5773 Netentsec NS-ASG Application Security Gateway deletemacbind.php sql injection — NS-ASG Application Security Gateway 6.3 Medium2024-06-09
CVE-2024-5772 Netentsec NS-ASG Application Security Gateway deleteiscuser.php sql injection — NS-ASG Application Security Gateway 6.3 Medium2024-06-09
CVE-2024-5771 LabVantage LIMS POST Request sql injection — LIMS 6.3 Medium2024-06-08
CVE-2024-35678 WordPress Contact Form to DB by BestWebSoft plugin <= 1.7.2 - SQL Injection vulnerability — Contact Form to DB by BestWebSoft 8.5 High2024-06-08
CVE-2024-35736 WordPress Visualizer plugin <= 3.11.1 - SQL Injection vulnerability — Visualizer 8.5 High2024-06-08
CVE-2024-35750 WordPress Gallery – Image and Video Gallery with Thumbnails plugin <= 2.0.3 - SQL Injection vulnerability — Responsive Image Gallery, Gallery Album 8.5 High2024-06-08
CVE-2024-5733 itsourcecode Online Discussion Forum register_me.php sql injection — Online Discussion Forum 7.3 High2024-06-07
CVE-2024-3592 Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress <= 9.0.1 - Authenticated (Contributor+) SQL Injection — Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker 9.9 Critical2024-06-07
CVE-2024-4902 Tutor LMS – eLearning and online course solution <= 2.7.1 -Authenticated (Administrator+) SQL Injection — Tutor LMS – eLearning and online course solution 7.2 High2024-06-07
CVE-2024-4890 Blind SQL Injection in berriai/litellm — berriai/litellm 7.5AIHighAI2024-06-06
CVE-2024-5225 SQL Injection in berriai/litellm — berriai/litellm 9.8AICriticalAI2024-06-06
CVE-2024-5329 Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.109 - Authenticated (Contributor+) Blind SQL Injection via data[addonID] Parameter — Unlimited Elements For Elementor 8.8 High2024-06-06
CVE-2024-36393 SysAid - CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') — SysAid 9.9 Critical2024-06-06
CVE-2024-5653 Chanjet Smooth T+system keyEdit.aspx sql injection — Smooth T+system 7.3 High2024-06-05
CVE-2024-4743 LifterLMS – WordPress LMS Plugin for eLearning <= 7.6.2 - Authenticated (Contributor+) SQL Injection via Shortcode — LifterLMS – WP LMS for eLearning, Online Courses, & Quizzes 8.8 High2024-06-05
CVE-2024-4295 Email Subscribers by Icegram Express <= 5.7.20 - Unauthenticated SQL Injection via hash — Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress 9.8 Critical2024-06-05
CVE-2024-5636 itsourcecode Bakery Online Ordering System index.php sql injection — Bakery Online Ordering System 6.3 Medium2024-06-05
CVE-2024-5635 itsourcecode Bakery Online Ordering System index.php sql injection — Bakery Online Ordering System 6.3 Medium2024-06-04
CVE-2024-28996 SolarWinds Platform SWQL Injection Vulnerability — SolarWinds Platform 7.5 High2024-06-04
CVE-2024-35630 WordPress WP TripAdvisor Review Slider plugin <= 12.6 - SQL Injection vulnerability — WP TripAdvisor Review Slider 7.6 High2024-06-03
CVE-2024-5311 DigiWin EasyFlow .NET - SQL Injection — EasyFlow .NET 9.8 Critical2024-06-03

Vulnerabilities classified as CWE-89 (SQL命令中使用的特殊元素转义处理不恰当(SQL注入)) represent 8881 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.