Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-89 (SQL命令中使用的特殊元素转义处理不恰当(SQL注入)) — Vulnerability Class 8881

8881 vulnerabilities classified as CWE-89 (SQL命令中使用的特殊元素转义处理不恰当(SQL注入)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2024-1173 WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting <= 1.13.1 - Authenticated (AccountingManager+) SQL Injection — ERP: Complete HR, Accounting & CRM Suite with WooCommerce CRM Support 7.2 High2024-05-02
CVE-2024-2661 Barcode Scanner with Inventory & Order Manager <= 1.5.4 - Authenticated (Subscriber+) SQL Injection — Barcode Scanner (+Mobile App) – Inventory manager, Order fulfillment system, POS (Point of Sale) 8.8 High2024-05-02
CVE-2024-2831 Calendar <= 1.3.14 - Authenticated (Contributor+) SQL Injection via Shortcode — Calendar 8.8 High2024-05-02
CVE-2024-33911 WordPress The School Management Pro plugin <= 10.3.4 - SQL Injection vulnerability — School Management Pro 7.6 High2024-05-02
CVE-2024-4309 SQL injection vulnerability in HubBank — HubBank 8.1 High2024-04-29
CVE-2024-4307 SQL injection vulnerability in HubBank — HubBank 8.1 High2024-04-29
CVE-2024-4308 SQL injection vulnerability in HubBank — HubBank 8.1 High2024-04-29
CVE-2024-33544 WordPress WZone plugin <= 14.0.10 - Unauthenticated SQL Injection vulnerability — WZone 9.3 Critical2024-04-29
CVE-2024-33546 WordPress WZone plugin <= 14.0.10 - Arbitrary SQL Update Execution vulnerability — WZone 9.6 Critical2024-04-29
CVE-2024-33551 WordPress XStore Core plugin <= 5.3.5 - Unauthenticated SQL Injection vulnerability — XStore Core 9.3 Critical2024-04-29
CVE-2024-33559 WordPress XStore theme <= 9.3.5 - Unauthenticated SQL Injection vulnerability — XStore 9.3 Critical2024-04-29
CVE-2024-4257 BlueNet Technology Clinical Browsing System deleteStudy.php sql injection — Clinical Browsing System 6.3 Medium2024-04-27
CVE-2024-3342 Timetable and Event Schedule by MotoPress <= 2.4.11 - Authenticated (Contributor+) SQL Injection — Timetable and Event Schedule by MotoPress 9.9 Critical2024-04-27
CVE-2024-32872 Umbraco Workflow's Backoffice users can execute arbitrary SQL — Umbraco.Workflow.Issues 5.5 Medium2024-04-24
CVE-2024-32706 WordPress ARForms plugin <= 6.4 - Subscriber+ SQL Injection vulnerability — ARForms 8.5 High2024-04-24
CVE-2024-32709 WordPress WP-Recall plugin <= 16.26.5 - SQL Injection vulnerability — WP-Recall 9.3 Critical2024-04-24
CVE-2024-32710 WordPress WP-Recall plugin <= 16.26.5 - SQL Injection vulnerability — WP-Recall 8.5 High2024-04-24
CVE-2024-4093 SourceCodester Simple Subscription Website view_application.php sql injection — Simple Subscription Website 6.3 Medium2024-04-24
CVE-2024-4071 Kashipara Online Furniture Shopping Ecommerce Website prodInfo.php sql injection — Online Furniture Shopping Ecommerce Website 6.3 Medium2024-04-23
CVE-2024-4070 Kashipara Online Furniture Shopping Ecommerce Website prodList.php sql injection — Online Furniture Shopping Ecommerce Website 6.3 Medium2024-04-23
CVE-2024-4069 Kashipara Online Furniture Shopping Ecommerce Website search.php sql injection — Online Furniture Shopping Ecommerce Website 6.3 Medium2024-04-23
CVE-2024-3293 rtMedia for WordPress, BuddyPress and bbPress <= 4.6.18 - Authenticated (Contributor+) SQL Injection via rtmedia_gallery Shortcode — rtMedia for WordPress, BuddyPress and bbPress 8.8 High2024-04-23
CVE-2024-32480 LibreNMS's Time-Based Blind SQL injection leads to database extraction — librenms 7.2 High2024-04-22
CVE-2024-32461 LibreNMS vulnerable to time-based SQL injection that leads to database extraction — librenms 7.1 High2024-04-22
CVE-2024-32551 WordPress SP Project & Document Manage plugin <= 4.71 - Auth. SQL Injection vulnerability — SP Project & Document Manager 7.6 High2024-04-18
CVE-2024-32602 WordPress WooCommerce Multilingual & Multicurrency plugin <= 5.3.3.1 - SQL Injection vulnerability — WooCommerce Multilingual & Multicurrency 7.6 High2024-04-18
CVE-2024-29001 SolarWinds Platform SWQL Injection Vulnerability — SolarWinds Platform 7.5 High2024-04-18
CVE-2022-47151 WordPress JS Help Desk plugin <= 2.7.1 - Unauth. SQL Injection Vulnerability — JS Help Desk – Best Help Desk & Support Plugin 8.6 High2024-04-17
CVE-2024-3067 WooCommerce Google Feed Manager <= 2.4.2 - Authenticated (Admin+) SQL Injection to Reflected Cross-Site Scripting — WPMR Google Feed Manager for WooCommerce – Sell on Google Merchant Center & Shopping 7.2 High2024-04-16
CVE-2024-1601 SQL Injection in parisneo/lollms-webui — parisneo/lollms-webui 7.5 -2024-04-16

Vulnerabilities classified as CWE-89 (SQL命令中使用的特殊元素转义处理不恰当(SQL注入)) represent 8881 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.