Search
Total
2383 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-0355 | 1 Phpgurukul | 1 Dairy Farm Shop Management System | 2024-01-12 | N/A | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, was found in PHPGurukul Dairy Farm Shop Management System up to 1.1. Affected is an unknown function of the file add-category.php. The manipulation of the argument category leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-250122 is the identifier assigned to this vulnerability. | |||||
| CVE-2024-0359 | 1 Code-projects | 1 Simple Online Hotel Reservation System | 2024-01-12 | N/A | 9.8 CRITICAL |
| A vulnerability was found in code-projects Simple Online Hotel Reservation System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file login.php. The manipulation of the argument username/password leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-250126 is the identifier assigned to this vulnerability. | |||||
| CVE-2024-0361 | 1 Phpgurukul | 1 Hospital Management System | 2024-01-12 | N/A | 9.8 CRITICAL |
| A vulnerability classified as critical has been found in PHPGurukul Hospital Management System 1.0. Affected is an unknown function of the file admin/contact.php. The manipulation of the argument mobnum leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250128. | |||||
| CVE-2024-0363 | 1 Phpgurukul | 1 Hospital Management System | 2024-01-12 | N/A | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, has been found in PHPGurukul Hospital Management System 1.0. Affected by this issue is some unknown functionality of the file admin/patient-search.php. The manipulation of the argument searchdata leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-250130 is the identifier assigned to this vulnerability. | |||||
| CVE-2024-0364 | 1 Phpgurukul | 1 Hospital Management System | 2024-01-12 | N/A | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, was found in PHPGurukul Hospital Management System 1.0. This affects an unknown part of the file admin/query-details.php. The manipulation of the argument adminremark leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250131. | |||||
| CVE-2024-0360 | 1 Phpgurukul | 1 Hospital Management System | 2024-01-12 | N/A | 9.8 CRITICAL |
| A vulnerability was found in PHPGurukul Hospital Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file admin/edit-doctor-specialization.php. The manipulation of the argument doctorspecilization leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250127. | |||||
| CVE-2024-0362 | 1 Phpgurukul | 1 Hospital Management System | 2024-01-12 | N/A | 9.8 CRITICAL |
| A vulnerability classified as critical was found in PHPGurukul Hospital Management System 1.0. Affected by this vulnerability is an unknown functionality of the file admin/change-password.php. The manipulation of the argument cpass leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-250129 was assigned to this vulnerability. | |||||
| CVE-2023-26443 | 1 Open-xchange | 1 Open-xchange Appsuite Backend | 2024-01-12 | N/A | 9.8 CRITICAL |
| Full-text autocomplete search allows user-provided SQL syntax to be injected to SQL statements. With existing sanitization in place, this can be abused to trigger benign SQL Exceptions but could potentially be escalated to a malicious SQL injection vulnerability. We now properly encode single quotes for SQL FULLTEXT queries. No publicly available exploits are known. | |||||
| CVE-2023-6921 | 1 Prestashow | 1 Google Integrator | 2024-01-11 | N/A | 9.1 CRITICAL |
| Blind SQL Injection vulnerability in PrestaShow Google Integrator (PrestaShop addon) allows for data extraction and modification. This attack is possible via command insertion in one of the cookies. | |||||
| CVE-2024-0301 | 1 Fhs-opensource | 1 Iparking | 2024-01-11 | N/A | 9.8 CRITICAL |
| A vulnerability classified as critical was found in fhs-opensource iparking 1.5.22.RELEASE. This vulnerability affects the function getData of the file src/main/java/com/xhb/pay/action/PayTempOrderAction.java. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249868. | |||||
| CVE-2023-52215 | 1 Ukrsolution | 1 Simple Inventory Management | 2024-01-11 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in UkrSolution Simple Inventory Management – just scan barcode to manage products and orders. For WooCommerce.This issue affects Simple Inventory Management – just scan barcode to manage products and orders. For WooCommerce: from n/a through 1.5.1. | |||||
| CVE-2023-46953 | 1 Abocms | 1 Abo.cms | 2024-01-11 | N/A | 9.8 CRITICAL |
| SQL Injection vulnerability in ABO.CMS v.5.9.3, allows remote attackers to execute arbitrary code via the d parameter in the Documents module. | |||||
| CVE-2024-0267 | 1 Surajghosh | 1 Hospital Management System | 2024-01-11 | N/A | 9.8 CRITICAL |
| A vulnerability classified as critical was found in Kashipara Hospital Management System up to 1.0. Affected by this vulnerability is an unknown functionality of the file login.php of the component Parameter Handler. The manipulation of the argument email/password leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249823. | |||||
| CVE-2024-0268 | 1 Surajghosh | 1 Hospital Management System | 2024-01-11 | N/A | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, has been found in Kashipara Hospital Management System up to 1.0. Affected by this issue is some unknown functionality of the file registration.php. The manipulation of the argument name/email/pass/gender/age/city leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249824. | |||||
| CVE-2024-0247 | 1 Online Food Ordering System Project | 1 Online Food Ordering System | 2024-01-11 | N/A | 9.8 CRITICAL |
| A vulnerability classified as critical was found in CodeAstro Online Food Ordering System 1.0. This vulnerability affects unknown code of the file /admin/ of the component Admin Panel. The manipulation of the argument Username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-249778 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-50027 | 1 Buy-addons | 1 Bazoom Magnifier | 2024-01-11 | N/A | 9.8 CRITICAL |
| SQL Injection vulnerability in Buy Addons baproductzoommagnifier module for PrestaShop versions 1.0.16 and before, allows remote attackers to escalate privileges and gain sensitive information via BaproductzoommagnifierZoomModuleFrontController::run() method. | |||||
| CVE-2023-49625 | 1 Kashipara | 1 Billing Software | 2024-01-10 | N/A | 9.8 CRITICAL |
| Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'id' parameter of the partylist_edit_submit.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2023-49624 | 1 Kashipara | 1 Billing Software | 2024-01-10 | N/A | 9.8 CRITICAL |
| Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'cancelid' parameter of the material_bill.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2023-49622 | 1 Kashipara | 1 Billing Software | 2024-01-10 | N/A | 9.8 CRITICAL |
| Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'itemnameid' parameter of the material_bill.php?action=itemRelation resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2023-49633 | 1 Kashipara | 1 Billing Software | 2024-01-10 | N/A | 9.8 CRITICAL |
| Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'buyer_address' parameter of the buyer_detail_submit.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2023-49658 | 1 Kashipara | 1 Billing Software | 2024-01-10 | N/A | 9.8 CRITICAL |
| Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'bank_details' parameter of the party_submit.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2023-50753 | 1 Kashipara | 1 Online Notice Board System | 2024-01-10 | N/A | 9.8 CRITICAL |
| Online Notice Board System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'dd' parameter of the user/update_profile.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2023-49665 | 1 Kashipara | 1 Billing Software | 2024-01-10 | N/A | 9.8 CRITICAL |
| Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'quantity[]' parameter of the submit_delivery_list.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2023-49639 | 1 Kashipara | 1 Billing Software | 2024-01-10 | N/A | 9.8 CRITICAL |
| Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'customer_details' parameter of the buyer_invoice_submit.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2023-50752 | 1 Kashipara | 1 Online Notice Board System | 2024-01-10 | N/A | 9.8 CRITICAL |
| Online Notice Board System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'e' parameter of the login.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2023-50743 | 1 Kashipara | 1 Online Notice Board System | 2024-01-10 | N/A | 9.8 CRITICAL |
| Online Notice Board System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'dd' parameter of the registration.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2023-49666 | 1 Kashipara | 1 Billing System | 2024-01-10 | N/A | 9.8 CRITICAL |
| Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'custmer_details' parameter of the submit_material_list.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2023-50862 | 1 Kashipara | 1 Travel Website | 2024-01-10 | N/A | 9.8 CRITICAL |
| Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'hotelIDHidden' parameter of the booking.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2023-50867 | 1 Kashipara | 1 Travel Website | 2024-01-10 | N/A | 9.8 CRITICAL |
| Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the signupAction.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2023-50864 | 1 Kashipara | 1 Travel Website | 2024-01-10 | N/A | 9.8 CRITICAL |
| Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'hotelId' parameter of the hotelDetails.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2023-50866 | 1 Kashipara | 1 Travel Website | 2024-01-10 | N/A | 9.8 CRITICAL |
| Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the loginAction.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2023-50865 | 1 Kashipara | 1 Travel Website | 2024-01-10 | N/A | 9.8 CRITICAL |
| Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'city' parameter of the hotelSearch.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2023-50863 | 1 Kashipara | 1 Travel Website | 2024-01-10 | N/A | 9.8 CRITICAL |
| Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'hotelIDHidden' parameter of the generateReceipt.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2023-28883 | 1 Cerebrate-project | 1 Cerebrate | 2024-01-09 | N/A | 9.8 CRITICAL |
| In Cerebrate 1.13, a blind SQL injection exists in the searchAll API endpoint. | |||||
| CVE-2023-5693 | 1 Martmbithi | 1 Internet Banking System | 2024-01-09 | N/A | 9.8 CRITICAL |
| A vulnerability was found in CodeAstro Internet Banking System 1.0 and classified as critical. This issue affects some unknown processing of the file pages_reset_pwd.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-243131. | |||||
| CVE-2016-15031 | 1 Php-login Project | 1 Php-login | 2024-01-09 | N/A | 9.8 CRITICAL |
| A vulnerability was found in PHP-Login 1.0. It has been declared as critical. This vulnerability affects the function checkLogin of the file login/scripts/class.loginscript.php of the component POST Parameter Handler. The manipulation of the argument myusername leads to sql injection. The attack can be initiated remotely. Upgrading to version 2.0 is able to address this issue. The patch is identified as 0083ec652786ddbb81335ea20da590df40035679. It is recommended to upgrade the affected component. VDB-228022 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-6436 | 1 Ekolbilisim | 1 Web Sablonu Yazilimi | 2024-01-08 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ekol Informatics Website Template allows SQL Injection.This issue affects Website Template: through 20231215. | |||||
| CVE-2024-0182 | 1 Janobe | 1 Engineers Online Portal | 2024-01-08 | N/A | 9.8 CRITICAL |
| A vulnerability was found in SourceCodester Engineers Online Portal 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/ of the component Admin Login. The manipulation of the argument username/password leads to sql injection. The attack may be launched remotely. The identifier of this vulnerability is VDB-249440. | |||||
| CVE-2023-4541 | 1 Ween | 1 Management Panel | 2024-01-08 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ween Software Admin Panel allows SQL Injection.This issue affects Admin Panel: through 20231229. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-0288 | 1 Kashipara | 1 Food Management System | 2024-01-08 | N/A | 9.8 CRITICAL |
| A vulnerability classified as critical has been found in Kashipara Food Management System 1.0. This affects an unknown part of the file rawstock_used_damaged_submit.php. The manipulation of the argument product_name leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249849 was assigned to this vulnerability. | |||||
| CVE-2024-0290 | 1 Kashipara | 1 Food Management System | 2024-01-08 | N/A | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, has been found in Kashipara Food Management System 1.0. This issue affects some unknown processing of the file stock_edit.php. The manipulation of the argument item_type leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249851. | |||||
| CVE-2024-0289 | 1 Kashipara | 1 Food Management System | 2024-01-08 | N/A | 9.8 CRITICAL |
| A vulnerability classified as critical was found in Kashipara Food Management System 1.0. This vulnerability affects unknown code of the file stock_entry_submit.php. The manipulation of the argument itemype leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-249850 is the identifier assigned to this vulnerability. | |||||
| CVE-2024-0287 | 1 Kashipara | 1 Food Management System | 2024-01-08 | N/A | 9.8 CRITICAL |
| A vulnerability was found in Kashipara Food Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file itemBillPdf.php. The manipulation of the argument printid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249848. | |||||
| CVE-2023-4674 | 1 Yaztekteknoloji | 1 E-commerce | 2024-01-08 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Yaztek Software Technologies and Computer Systems E-Commerce Software allows SQL Injection.This issue affects E-Commerce Software: through 20231229. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-50578 | 1 Mingsoft | 1 Mcms | 2024-01-08 | N/A | 9.8 CRITICAL |
| Mingsoft MCMS v5.2.9 was discovered to contain a SQL injection vulnerability via the categoryType parameter at /content/list.do. | |||||
| CVE-2023-7175 | 1 Campcodes | 1 Online College Library System | 2024-01-08 | N/A | 9.8 CRITICAL |
| A vulnerability was found in Campcodes Online College Library System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/borrow_add.php of the component HTTP POST Request Handler. The manipulation of the argument student leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-249362 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-41543 | 1 Jeecg | 1 Jeecg Boot | 2024-01-05 | N/A | 9.8 CRITICAL |
| SQL injection vulnerability in jeecg-boot v3.5.3, allows remote attackers to escalate privileges and obtain sensitive information via the component /sys/replicate/check. | |||||
| CVE-2023-41542 | 1 Jeecg | 1 Jeecg Boot | 2024-01-05 | N/A | 9.8 CRITICAL |
| SQL injection vulnerability in jeecg-boot version 3.5.3, allows remote attackers to escalate privileges and obtain sensitive information via the jmreport/qurestSql component. | |||||
| CVE-2023-51423 | 1 Saleswonder | 1 Webinarignition | 2024-01-05 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Saleswonder Team Webinar Plugin: Create live/evergreen/automated/instant webinars, stream & Zoom Meetings | WebinarIgnition.This issue affects Webinar Plugin: Create live/evergreen/automated/instant webinars, stream & Zoom Meetings | WebinarIgnition: from n/a through 3.05.0. | |||||
| CVE-2023-51469 | 1 Mestresdowp | 1 Checkout Mestres Wp | 2024-01-05 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mestres do WP Checkout Mestres WP.This issue affects Checkout Mestres WP: from n/a through 7.1.9.6. | |||||