CVE-2024-13726

HIGH Year: 2024
CVSS v3 Score
8.6
High
Weakness Type
CWE-89
View all →

Vulnerability Description

The Coder WordPress plugin through 1.3.4 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection

Related Vulnerabilities

CVE-2016-0249

HIGH
CVSS:8.6(High)

SQL injection vulnerability in IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 allows remote attackers to execute arbitr...

CWE-892016

CVE-2020-15176

HIGH
CVSS:8.6(High)

In GLPI before version 9.5.2, when supplying a back tick in input that gets put into a SQL query,the application does not escape or sanitize allowing for SQL Injection to occur. Leveraging this vulner...

CWE-892020

CVE-2022-41272

HIGH
CVSS:8.6(High)

An unauthenticated attacker over the network can attach to an open interface exposed through JNDI by the User Defined Search (UDS) of SAP NetWeaver Process Integration (PI) - version 7.50 and make use...

CWE-892022

CVE-2022-47151

HIGH
CVSS:8.6(High)

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin.This issue affects JS Help Desk – Best...

CWE-892022

CVE-2024-22917

HIGH
CVSS:8.6(High)

SQL injection vulnerability in Dynamic Lab Management System Project in PHP v.1.0 allows a remote attacker to execute arbitrary code via a crafted script.

CWE-892024

CVE-2024-31507

HIGH
CVSS:8.6(High)

Sourcecodester Online Graduate Tracer System v1.0 is vulnerable to SQL Injection via the "request" parameter in admin/fetch_gendercs.php.

CWE-892024