CVE-2024-33970

HIGH Year: 2024
CVSS v3 Score
7.5
High
Weakness Type
CWE-89
View all →

Vulnerability Description

SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'studid' in '/candidate/controller.php' parameter.

Related Vulnerabilities

CVE-2007-10001

HIGH
CVSS:7.5(High)

A vulnerability classified as problematic has been found in web-cyradm. This affects an unknown part of the file search.php. The manipulation of the argument searchstring leads to sql injection. It is...

CWE-892007

CVE-2016-10556

HIGH
CVSS:7.5(High)

sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server into usable data for NodeJS In Postgres, SQLite, and Microsof...

CWE-892016

CVE-2016-20018

HIGH
CVSS:7.5(High)

Knex Knex.js through 2.3.0 has a limited SQL injection vulnerability that can be exploited to ignore the WHERE clause of a SQL query.

CWE-892016

CVE-2016-6419

HIGH
CVSS:7.5(High)

SQL injection vulnerability in Cisco Firepower Management Center 4.10.3 through 5.4.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCur25485...

CWE-892016

CVE-2016-6616

HIGH
CVSS:7.5(High)

An issue was discovered in phpMyAdmin. In the "User group" and "Designer" features, a user can execute an SQL injection attack against the account of the control user. All 4.6.x versions (prior to 4.6...

CWE-892016

CVE-2016-7508

HIGH
CVSS:7.5(High)

Multiple SQL injection vulnerabilities in GLPI 0.90.4 allow an authenticated remote attacker to execute arbitrary SQL commands by using a certain character when the database is configured to use Big5 ...

CWE-892016