Search
Total
2383 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-10099 | 1 Codepeople | 1 Cp Appointment Calendar | 2023-12-20 | N/A | 9.8 CRITICAL |
| A vulnerability classified as critical has been found in CP Appointment Calendar Plugin up to 1.1.5 on WordPress. This affects the function dex_process_ready_to_go_appointment of the file dex_appointments.php. The manipulation of the argument itemnumber leads to sql injection. It is possible to initiate the attack remotely. The patch is named e29a9cdbcb0f37d887dd302a05b9e8bf213da01d. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-225351. | |||||
| CVE-2015-10100 | 1 Qurl | 1 Dynamic Widgets | 2023-12-20 | N/A | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, has been found in Dynamic Widgets Plugin up to 1.5.10 on WordPress. This issue affects some unknown processing of the file classes/dynwid_class.php. The manipulation leads to sql injection. The attack may be initiated remotely. Upgrading to version 1.5.11 is able to address this issue. The identifier of the patch is d0a19c6efcdc86d7093b369bc9e29a0629e57795. It is recommended to upgrade the affected component. The identifier VDB-225353 was assigned to this vulnerability. | |||||
| CVE-2015-10097 | 1 Grinnellplans | 1 Grinnellplans | 2023-12-20 | N/A | 9.8 CRITICAL |
| A vulnerability was found in grinnellplans-php up to 3.0. It has been declared as critical. Affected by this vulnerability is the function interface_disp_page/interface_disp_page of the file read.php. The manipulation leads to sql injection. The attack can be launched remotely. The identifier of the patch is 57e4409e19203a94495140ff1b5a697734d17cfb. It is recommended to apply a patch to fix this issue. The identifier VDB-223801 was assigned to this vulnerability. | |||||
| CVE-2014-125099 | 1 Themeist | 1 I Recommend This | 2023-12-20 | N/A | 9.8 CRITICAL |
| A vulnerability has been found in I Recommend This Plugin up to 3.7.2 on WordPress and classified as critical. Affected by this vulnerability is an unknown functionality of the file dot-irecommendthis.php. The manipulation leads to sql injection. The attack can be launched remotely. Upgrading to version 3.7.3 is able to address this issue. The identifier of the patch is 058b3ef5c7577bf557557904a53ecc8599b13649. It is recommended to upgrade the affected component. The identifier VDB-226309 was assigned to this vulnerability. | |||||
| CVE-2014-125067 | 1 Curiosity Project | 1 Curiosity | 2023-12-20 | N/A | 9.8 CRITICAL |
| A vulnerability classified as critical was found in corincerami curiosity. Affected by this vulnerability is an unknown functionality of the file app/controllers/image_controller.rb. The manipulation of the argument sol leads to sql injection. The patch is named d64fddd74ca72714e73f4efe24259ca05c8190eb. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217639. | |||||
| CVE-2014-125074 | 1 Voyager Project | 1 Voyager | 2023-12-20 | N/A | 9.8 CRITICAL |
| A vulnerability was found in Nayshlok Voyager. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file Voyager/src/models/DatabaseAccess.java. The manipulation leads to sql injection. The identifier of the patch is f1249f438cd8c39e7ef2f6c8f2ab76b239a02fae. It is recommended to apply a patch to fix this issue. The identifier VDB-218005 was assigned to this vulnerability. | |||||
| CVE-2023-48084 | 1 Nagios | 1 Nagios Xi | 2023-12-19 | N/A | 9.8 CRITICAL |
| Nagios XI before version 5.11.3 was discovered to contain a SQL injection vulnerability via the bulk modification tool. | |||||
| CVE-2023-40629 | 1 King-products | 1 Lms King Lite | 2023-12-19 | N/A | 9.8 CRITICAL |
| SQLi vulnerability in LMS Lite component for Joomla. | |||||
| CVE-2023-49708 | 1 Joomstar | 1 Starshop | 2023-12-19 | N/A | 9.8 CRITICAL |
| SQLi vulnerability in Starshop component for Joomla. | |||||
| CVE-2023-49707 | 1 Joomlart | 1 S5 Register | 2023-12-19 | N/A | 9.8 CRITICAL |
| SQLi vulnerability in S5 Register module for Joomla. | |||||
| CVE-2023-6655 | 1 Hrp2000 | 1 E-hr | 2023-12-19 | N/A | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, has been found in Hongjing e-HR 2020. Affected by this issue is some unknown functionality of the file /w_selfservice/oauthservlet/%2e./.%2e/general/inform/org/loadhistroyorgtree of the component Login Interface. The manipulation of the argument parentid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-247358 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-48925 | 1 Buy-addons | 1 Bavideotab | 2023-12-18 | N/A | 9.8 CRITICAL |
| SQL injection vulnerability in Buy Addons bavideotab before version 1.0.6, allows attackers to escalate privileges and obtain sensitive information via the component BaVideoTabSaveVideoModuleFrontController::run(). | |||||
| CVE-2023-46348 | 1 Sunnytoo | 1 Sturls | 2023-12-18 | N/A | 9.8 CRITICAL |
| SQL njection vulnerability in SunnyToo sturls before version 1.1.13, allows attackers to escalate privileges and obtain sensitive information via StUrls::hookActionDispatcher and StUrls::getInstanceId methods. | |||||
| CVE-2023-49581 | 1 Sap | 1 Netweaver Application Server Abap | 2023-12-18 | N/A | 9.4 CRITICAL |
| SAP GUI for Windows and SAP GUI for Java allow an unauthenticated attacker to access information which would otherwise be restricted and confidential. In addition, this vulnerability allows the unauthenticated attacker to write data to a database table. By doing so the attacker could increase response times of the AS ABAP, leading to mild impact on availability. | |||||
| CVE-2023-50073 | 1 Leadscloud | 1 Empirecms | 2023-12-18 | N/A | 9.8 CRITICAL |
| EmpireCMS v7.5 was discovered to contain a SQL injection vulnerability via the ftppassword parameter at SetEnews.php. | |||||
| CVE-2023-50563 | 1 Sem-cms | 1 Semcms | 2023-12-18 | N/A | 9.8 CRITICAL |
| Semcms v4.8 was discovered to contain a SQL injection vulnerability via the AID parameter at SEMCMS_Function.php. | |||||
| CVE-2023-40921 | 1 Common-services | 1 Soliberte | 2023-12-18 | N/A | 9.8 CRITICAL |
| SQL Injection vulnerability in functions/point_list.php in Common Services soliberte before v4.3.03 allows attackers to obtain sensitive information via the lat and lng parameters. | |||||
| CVE-2023-6765 | 1 Mayurik | 1 Online Tours \& Travels Management System | 2023-12-18 | N/A | 9.8 CRITICAL |
| A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0. It has been rated as critical. This issue affects the function prepare of the file email_setup.php. The manipulation of the argument name leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-247895. | |||||
| CVE-2023-6771 | 1 Oretnom23 | 1 Simple Student Attendance System | 2023-12-18 | N/A | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, has been found in SourceCodester Simple Student Attendance System 1.0. This issue affects the function save_attendance of the file actions.class.php. The manipulation of the argument sid leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-247907. | |||||
| CVE-2023-46727 | 1 Glpi-project | 1 Glpi | 2023-12-18 | N/A | 9.8 CRITICAL |
| GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.11, GLPI inventory endpoint can be used to drive a SQL injection attack. Version 10.0.11 contains a patch for the issue. As a workaround, disable native inventory. | |||||
| CVE-2023-49363 | 1 Rockoa | 1 Rockoa | 2023-12-18 | N/A | 9.8 CRITICAL |
| Rockoa <2.3.3 is vulnerable to SQL Injection. The problem exists in the indexAction method in reimpAction.php. | |||||
| CVE-2023-6053 | 1 Tongda2000 | 1 Tongda Office Anywhere | 2023-12-16 | N/A | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, has been found in Tongda OA 2017 up to 11.9. Affected by this issue is some unknown functionality of the file general/system/censor_words/manage/delete.php. The manipulation of the argument DELETE_STR leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. VDB-244874 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-6052 | 1 Tongda2000 | 1 Tongda Office Anywhere | 2023-12-16 | N/A | 9.8 CRITICAL |
| A vulnerability classified as critical has been found in Tongda OA 2017 up to 11.9. Affected is an unknown function of the file general/system/censor_words/module/delete.php. The manipulation of the argument DELETE_STR leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-244872. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-5780 | 1 Tongda2000 | 1 Tongda Office Anywhere | 2023-12-16 | N/A | 9.8 CRITICAL |
| A vulnerability classified as critical was found in Tongda OA 2017 11.10. This vulnerability affects unknown code of the file general/system/approve_center/flow_guide/flow_type/set_print/delete.php. The manipulation of the argument DELETE_STR leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-243586 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-4166 | 1 Tongda2000 | 1 Tongda Office Anywhere | 2023-12-16 | N/A | 9.8 CRITICAL |
| A vulnerability has been found in Tongda OA and classified as critical. This vulnerability affects unknown code of the file general/system/seal_manage/dianju/delete_log.php. The manipulation of the argument DELETE_STR leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. VDB-236182 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2022-23902 | 1 Tongda2000 | 1 Tongda Office Anywhere | 2023-12-16 | 7.5 HIGH | 9.8 CRITICAL |
| Tongda2000 v11.10 was discovered to contain a SQL injection vulnerability in export_data.php via the d_name parameter. | |||||
| CVE-2023-5261 | 1 Tongda2000 | 1 Tongda Office Anywhere | 2023-12-16 | N/A | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, was found in Tongda OA 2017. Affected is an unknown function of the file general/hr/manage/staff_title_evaluation/delete.php. The manipulation of the argument EVALUATION_ID leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. VDB-240870 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-4165 | 1 Tongda2000 | 1 Tongda Office Anywhere | 2023-12-16 | N/A | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, was found in Tongda OA. This affects an unknown part of the file general/system/seal_manage/iweboffice/delete_seal.php. The manipulation of the argument DELETE_STR leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-236181 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-6054 | 1 Tongda2000 | 1 Tongda Office Anywhere | 2023-12-16 | N/A | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, was found in Tongda OA 2017 up to 11.9. This affects an unknown part of the file general/wiki/cp/manage/lock.php. The manipulation of the argument TERM_ID_STR leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-244875. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-5682 | 1 Tongda2000 | 1 Tongda Office Anywhere | 2023-12-16 | N/A | 9.8 CRITICAL |
| A vulnerability has been found in Tongda OA 2017 and classified as critical. This vulnerability affects unknown code of the file general/hr/training/record/delete.php. The manipulation of the argument RECORD_ID leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. VDB-243058 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-5267 | 1 Tongda2000 | 1 Tongda Office Anywhere | 2023-12-16 | N/A | 9.8 CRITICAL |
| A vulnerability has been found in Tongda OA 2017 and classified as critical. This vulnerability affects unknown code of the file general/hr/recruit/hr_pool/delete.php. The manipulation of the argument EXPERT_ID leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-240880. | |||||
| CVE-2022-24206 | 1 Tongda2000 | 1 Tongda Office Anywhere | 2023-12-16 | 7.5 HIGH | 9.8 CRITICAL |
| Tongda2000 v11.10 was discovered to contain a SQL injection vulnerability in /mobile_seal/get_seal.php via the DEVICE_LIST parameter. | |||||
| CVE-2023-6084 | 1 Tongda2000 | 1 Tongda Office Anywhere | 2023-12-16 | N/A | 9.8 CRITICAL |
| A vulnerability was found in Tongda OA 2017 up to 11.9 and classified as critical. Affected by this issue is some unknown functionality of the file general/vehicle/checkup/delete.php. The manipulation of the argument VU_ID leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. VDB-244994 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-5019 | 1 Tongda2000 | 1 Tongda Office Anywhere | 2023-12-16 | N/A | 9.8 CRITICAL |
| A vulnerability classified as critical was found in Tongda OA. This vulnerability affects unknown code of the file general/hr/manage/staff_reinstatement/delete.php. The manipulation of the argument REINSTATEMENT_ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-239860. | |||||
| CVE-2023-5782 | 1 Tongda2000 | 1 Tongda Office Anywhere | 2023-12-16 | N/A | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, was found in Tongda OA 2017 up to 11.10. Affected is an unknown function of the file /manage/delete_query.php of the component General News. The manipulation of the argument NEWS_ID leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-243588. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-5265 | 1 Tongda2000 | 1 Tongda Office Anywhere | 2023-12-16 | N/A | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, has been found in Tongda OA 2017. Affected by this issue is some unknown functionality of the file general/hr/manage/staff_transfer/delete.php. The manipulation of the argument TRANSFER_ID leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. VDB-240878 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-5781 | 1 Tongda2000 | 1 Tongda Office Anywhere | 2023-12-16 | N/A | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, has been found in Tongda OA 2017 11.10. This issue affects the function DELETE_STR of the file general/system/res_manage/monitor/delete_webmail.php. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-243587. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-6647 | 1 Amttgroup | 1 Hibos | 2023-12-14 | N/A | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, has been found in AMTT HiBOS 1.0. Affected by this issue is some unknown functionality. The manipulation of the argument Type leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-247340. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-50429 | 1 Izybat | 1 Orange Casiers | 2023-12-14 | N/A | 9.1 CRITICAL |
| IzyBat Orange casiers before 20230803_1 allows getEnsemble.php ensemble SQL injection. | |||||
| CVE-2023-6658 | 1 Oretnom23 | 1 Simple Student Attendance System | 2023-12-13 | N/A | 9.8 CRITICAL |
| A vulnerability classified as critical was found in SourceCodester Simple Student Attendance System 1.0. This vulnerability affects unknown code of the file ajax-api.php?action=save_attendance. The manipulation of the argument class_id leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-247366 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-6657 | 1 Oretnom23 | 1 Simple Student Attendance System | 2023-12-13 | N/A | 9.8 CRITICAL |
| A vulnerability classified as critical has been found in SourceCodester Simple Student Attendance System 1.0. This affects an unknown part of the file /modals/student_form.php. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-247365 was assigned to this vulnerability. | |||||
| CVE-2023-6648 | 1 Phpgurukul | 1 Nipah Virus Testing Management System | 2023-12-13 | N/A | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, was found in PHPGurukul Nipah Virus Testing Management System 1.0. This affects an unknown part of the file password-recovery.php. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-247341 was assigned to this vulnerability. | |||||
| CVE-2023-6652 | 1 Carmelogarcia | 1 Matrimonial Site | 2023-12-13 | N/A | 9.8 CRITICAL |
| A vulnerability was found in code-projects Matrimonial Site 1.0. It has been declared as critical. Affected by this vulnerability is the function register of the file /register.php. The manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-247345 was assigned to this vulnerability. | |||||
| CVE-2023-6651 | 1 Carmelogarcia | 1 Matrimonial Site | 2023-12-13 | N/A | 9.8 CRITICAL |
| A vulnerability was found in code-projects Matrimonial Site 1.0. It has been classified as critical. Affected is an unknown function of the file /auth/auth.php?user=1. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-247344. | |||||
| CVE-2023-6579 | 1 Oscommerce | 1 Oscommerce | 2023-12-12 | N/A | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, has been found in osCommerce 4. Affected by this issue is some unknown functionality of the file /b2b-supermarket/shopping-cart of the component POST Parameter Handler. The manipulation of the argument estimate[country_id] leads to sql injection. The attack may be launched remotely. The identifier of this vulnerability is VDB-247160. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-6617 | 1 Oretnom23 | 1 Simple Student Attendance System | 2023-12-12 | N/A | 9.8 CRITICAL |
| A vulnerability was found in SourceCodester Simple Student Attendance System 1.0. It has been classified as critical. Affected is an unknown function of the file attendance.php. The manipulation of the argument class_id leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-247254 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-6619 | 1 Oretnom23 | 1 Simple Student Attendance System | 2023-12-12 | N/A | 9.8 CRITICAL |
| A vulnerability was found in SourceCodester Simple Student Attendance System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /modals/class_form.php. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-247256. | |||||
| CVE-2023-6581 | 1 Dlink | 2 Dar-7000, Dar-7000 Firmware | 2023-12-12 | N/A | 9.8 CRITICAL |
| A vulnerability has been found in D-Link DAR-7000 up to 20231126 and classified as critical. This vulnerability affects unknown code of the file /user/inc/workidajax.php. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-247162 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-5008 | 1 Imsurajghosh | 1 Student Information System | 2023-12-11 | N/A | 9.8 CRITICAL |
| Student Information System v1.0 is vulnerable to an unauthenticated SQL Injection vulnerability on the 'regno' parameter of index.php page, allowing an external attacker to dump all the contents of the database contents and bypass the login control. | |||||
| CVE-2023-46353 | 1 Mypresta | 1 Product Tag Icons Pro | 2023-12-09 | N/A | 9.8 CRITICAL |
| In the module "Product Tag Icons Pro" (ticons) before 1.8.4 from MyPresta.eu for PrestaShop, a guest can perform SQL injection. The method TiconProduct::getTiconByProductAndTicon() has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection. | |||||