8
CVE-2024-45084 - IBM Cognos Controller CSV injection
IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 could allow an authenticated attacker to conduct formula injection. An attacker could execute arbitrary commands on the system, caused by improper validation of file contents.
8.8
CVE-2024-52902 - IBM Cognos Controller information disclosure
IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 client application contains hard coded database passwords in source code which could be used for unauthorized access to the system.
6.9
CVE-2025-1464 - Baiyi Cloud Asset Management System admin.house.collect.php sql injection
A vulnerability, which was classified as critical, has been found in Baiyi Cloud Asset Management System up to 20250204. This issue affects some unknown processing of the file /wuser/admin.house.collect.php. The manipulation of the argument project_id leads to sql injection. The attack may be initiβ¦
7.5
CVE-2024-13534 - Small Package Quotes β Worldwide Express Edition <= 5.2.18 - Unauthenticated SQL Injection
The Small Package Quotes β Worldwide Express Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' and 'dropship_edit_id' parameters in all versions up to, and including, 5.2.18 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation onβ¦
7.5
CVE-2024-13533 - Small Package Quotes β USPS Edition <= 1.3.5 - Unauthenticated SQL Injection
The Small Package Quotes β USPS Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' parameter in all versions up to, and including, 1.3.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes iβ¦
7.5
CVE-2024-13483 - LTL Freight Quotes β SAIA Edition <= 2.2.10 - Unauthenticated SQL Injection
The LTL Freight Quotes β SAIA Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' and 'dropship_edit_id' parameters in all versions up to, and including, 2.2.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing Sβ¦
7.5
CVE-2024-13491 - Small Package Quotes β For Customers of FedEx <= 4.3.1 - Unauthenticated SQL Injection
The Small Package Quotes β For Customers of FedEx plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' and 'dropship_edit_id' parameters in all versions up to, and including, 4.3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on theβ¦
7.5
CVE-2024-13481 - LTL Freight Quotes β R+L Carriers Edition <= 3.3.4 - Unauthenticated SQL Injection
The LTL Freight Quotes β R+L Carriers Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' and 'dropship_edit_id' parameters in all versions up to, and including, 3.3.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the exiβ¦
7.5
CVE-2024-13485 - LTL Freight Quotes β ABF Freight Edition <= 3.3.7 - Unauthenticated SQL Injection
The LTL Freight Quotes β ABF Freight Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' and 'dropship_edit_id' parameters in all versions up to, and including, 3.3.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the exisβ¦
7.5
CVE-2024-13479 - LTL Freight Quotes β SEFL Edition <= 3.2.4 - Unauthenticated SQL Injection
The LTL Freight Quotes β SEFL Edition plugin for WordPress is vulnerable to SQL Injection via the 'dropship_edit_id' and 'edit_id' parameters in all versions up to, and including, 3.2.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQβ¦