Search
Total
2383 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-33338 | 1 Phpgurukul | 1 Old Age Home Management System | 2023-11-14 | N/A | 9.8 CRITICAL |
| Old Age Home Management 1.0 is vulnerable to SQL Injection via the username parameter. | |||||
| CVE-2021-26822 | 1 Phpgurukul | 1 Teachers Record Management System | 2023-11-14 | 7.5 HIGH | 9.8 CRITICAL |
| Teachers Record Management System 1.0 is affected by a SQL injection vulnerability in 'searchteacher' POST parameter in search-teacher.php. This vulnerability can be exploited by a remote unauthenticated attacker to leak sensitive information and perform code execution attacks. | |||||
| CVE-2022-36198 | 1 Phpgurukul | 1 Bus Pass Management System | 2023-11-14 | N/A | 9.8 CRITICAL |
| Multiple SQL injections detected in Bus Pass Management System 1.0 via buspassms/admin/view-enquiry.php, buspassms/admin/pass-bwdates-reports-details.php, buspassms/admin/changeimage.php, buspassms/admin/search-pass.php, buspassms/admin/edit-category-detail.php, and buspassms/admin/edit-pass-detail.php | |||||
| CVE-2022-35156 | 1 Phpgurukul | 1 Bus Pass Management System | 2023-11-14 | N/A | 9.8 CRITICAL |
| Bus Pass Management System 1.0 was discovered to contain a SQL Injection vulnerability via the searchdata parameter at /buspassms/download-pass.php.. | |||||
| CVE-2023-42284 | 1 Tyk | 1 Tyk | 2023-11-14 | N/A | 9.8 CRITICAL |
| Blind SQL injection in api_version parameter in Tyk Gateway version 5.0.3 allows attacker to access and dump the database via a crafted SQL query. | |||||
| CVE-2022-2803 | 1 Phpgurukul | 1 Zoo Management System | 2023-11-14 | N/A | 9.8 CRITICAL |
| A vulnerability was found in SourceCodester Zoo Management System and classified as critical. This issue affects some unknown processing of the file /pages/animals.php. The manipulation of the argument class_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-206249 was assigned to this vulnerability. | |||||
| CVE-2023-33478 | 1 Remoteclinic | 1 Remote Clinic | 2023-11-14 | N/A | 9.8 CRITICAL |
| RemoteClinic 2.0 has a SQL injection vulnerability in the ID parameter of /medicines/stocks.php. | |||||
| CVE-2023-33479 | 1 Remoteclinic | 1 Remote Clinic | 2023-11-14 | N/A | 9.8 CRITICAL |
| RemoteClinic version 2.0 contains a SQL injection vulnerability in the /staff/edit.php file. | |||||
| CVE-2023-33481 | 1 Remoteclinic | 1 Remote Clinic | 2023-11-14 | N/A | 9.8 CRITICAL |
| RemoteClinic 2.0 is vulnerable to a time-based blind SQL injection attack in the 'start' GET parameter of patients/index.php. | |||||
| CVE-2023-42283 | 1 Tyk | 1 Tyk | 2023-11-14 | N/A | 9.8 CRITICAL |
| Blind SQL injection in api_id parameter in Tyk Gateway version 5.0.3 allows attacker to access and dump the database via a crafted SQL query. | |||||
| CVE-2021-33470 | 1 Phpgurukul | 1 Covid19 Testing Management System | 2023-11-14 | 7.5 HIGH | 9.8 CRITICAL |
| COVID19 Testing Management System 1.0 is vulnerable to SQL Injection via the admin panel. | |||||
| CVE-2020-23936 | 1 Phpgurukul | 1 Vehicle Parking Management System | 2023-11-14 | 7.5 HIGH | 9.8 CRITICAL |
| PHPGurukul Vehicle Parking Management System 1.0 is vulnerable to Authentication Bypass via "Username: admin'# && Password: (Write Something)". | |||||
| CVE-2021-46110 | 1 Phpgurukul | 1 Online Shopping Portal | 2023-11-14 | 7.5 HIGH | 9.8 CRITICAL |
| Online Shopping Portal v3.1 was discovered to contain multiple time-based SQL injection vulnerabilities via the email and contactno parameters. | |||||
| CVE-2020-5510 | 1 Phpgurukul | 1 Hostel Management System | 2023-11-14 | 10.0 HIGH | 9.8 CRITICAL |
| PHPGurukul Hostel Management System v2.0 allows SQL injection via the id parameter in the full-profile.php file. | |||||
| CVE-2022-24263 | 1 Phpgurukul | 1 Hospital Management System | 2023-11-14 | 7.5 HIGH | 9.8 CRITICAL |
| Hospital Management System v4.0 was discovered to contain a SQL injection vulnerability in /Hospital-Management-System-master/func.php via the email parameter. | |||||
| CVE-2022-45373 | 1 Wp-slimstat | 1 Slimstat Analytics | 2023-11-14 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Jason Crouse, VeronaLabs Slimstat Analytics allows SQL Injection.This issue affects Slimstat Analytics: from n/a through 5.0.4. | |||||
| CVE-2022-46849 | 1 Weblizar | 1 Responsive Coming Soon \& Maintenance Mode | 2023-11-14 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Weblizar Coming Soon Page – Responsive Coming Soon & Maintenance Mode allows SQL Injection.This issue affects Coming Soon Page – Responsive Coming Soon & Maintenance Mode: from n/a through 1.5.9. | |||||
| CVE-2022-47428 | 1 Wpdevart | 1 Booking Calendar | 2023-11-14 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WpDevArt Booking calendar, Appointment Booking System allows SQL Injection.This issue affects Booking calendar, Appointment Booking System: from n/a through 3.2.7. | |||||
| CVE-2022-47420 | 1 Adaplugin | 1 Accessibility Suite By Online Ada | 2023-11-14 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Online ADA Accessibility Suite by Online ADA allows SQL Injection.This issue affects Accessibility Suite by Online ADA: from n/a through 4.11. | |||||
| CVE-2022-46860 | 1 Kaizencoders | 1 Short Url | 2023-11-14 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in KaizenCoders Short URL allows SQL Injection.This issue affects Short URL: from n/a through 1.6.4. | |||||
| CVE-2022-47432 | 1 Kemalyazici | 1 Shortcode Imdb | 2023-11-14 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Kemal YAZICI - PluginPress Shortcode IMDB allows SQL Injection.This issue affects Shortcode IMDB: from n/a through 6.0.8. | |||||
| CVE-2022-47430 | 1 Weblizar | 1 School Management - Education \& Learning Management | 2023-11-14 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Weblizar The School Management – Education & Learning Management allows SQL Injection.This issue affects The School Management – Education & Learning Management: from n/a through 4.1. | |||||
| CVE-2023-45657 | 1 Posimyth | 1 Nexter | 2023-11-14 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in POSIMYTH Nexter allows SQL Injection.This issue affects Nexter: from n/a through 2.0.3. | |||||
| CVE-2023-45830 | 1 Adaplugin | 1 Accessibility Suite By Online Ada | 2023-11-14 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Online ADA Accessibility Suite by Online ADA allows SQL Injection.This issue affects Accessibility Suite by Online ADA: from n/a through 4.11. | |||||
| CVE-2023-36529 | 1 Favethemes | 1 Houzez | 2023-11-14 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Favethemes Houzez - Real Estate WordPress Theme allows SQL Injection.This issue affects Houzez - Real Estate WordPress Theme: from n/a through 1.3.4. | |||||
| CVE-2023-25700 | 1 Themeum | 1 Tutor Lms | 2023-11-13 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeum Tutor LMS allows SQL Injection.This issue affects Tutor LMS: from n/a through 2.1.10. | |||||
| CVE-2023-46981 | 1 Xxyopen | 1 Novel-plus | 2023-11-13 | N/A | 9.8 CRITICAL |
| SQL injection vulnerability in Novel-Plus v.4.2.0 allows a remote attacker to execute arbitrary code via a crafted script to the sort parameter in /common/log/list. | |||||
| CVE-2023-40922 | 1 Kerawen | 1 Kerawen | 2023-11-13 | N/A | 9.8 CRITICAL |
| kerawen before v2.5.1 was discovered to contain a SQL injection vulnerability via the ocs_id_cart parameter at KerawenDeliveryModuleFrontController::initContent(). | |||||
| CVE-2023-25960 | 1 Zendrop | 1 Zendrop | 2023-11-13 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Zendrop Zendrop – Global Dropshipping zendrop-dropshipping-and-fulfillment allows SQL Injection.This issue affects Zendrop – Global Dropshipping: from n/a through 1.0.0. | |||||
| CVE-2023-26015 | 1 Mappresspro | 1 Mappress Maps For Wordpress | 2023-11-13 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Chris Richardson MapPress Maps for WordPress mappress-google-maps-for-wordpress allows SQL Injection.This issue affects MapPress Maps for WordPress: from n/a through 2.85.4. | |||||
| CVE-2023-41652 | 1 Carrcommunications | 1 Rsvpmaker | 2023-11-13 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David F. Carr RSVPMaker rsvpmaker allows SQL Injection.This issue affects RSVPMaker: from n/a through 10.6.6. | |||||
| CVE-2022-47588 | 1 Tipsandtricks-hq | 1 Simple Photo Gallery | 2023-11-13 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tips and Tricks HQ, Peter Petreski Simple Photo Gallery simple-photo-gallery allows SQL Injection.This issue affects Simple Photo Gallery: from n/a through v1.8.1. | |||||
| CVE-2023-34383 | 1 Wedevs | 1 Wp Project Manager | 2023-11-13 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in weDevs WP Project Manager wedevs-project-manager allows SQL Injection.This issue affects WP Project Manager: from n/a through 2.6.0. | |||||
| CVE-2022-46818 | 1 Gopiplus | 1 Email Posts To Subscribers | 2023-11-13 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Gopi Ramasamy Email posts to subscribers allows SQL Injection.This issue affects Email posts to subscribers: from n/a through 6.2. | |||||
| CVE-2023-27605 | 1 Wp Reroute Email Project | 1 Wp Reroute Email | 2023-11-10 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Sajjad Hossain WP Reroute Email allows SQL Injection.This issue affects WP Reroute Email: from n/a through 1.4.6. | |||||
| CVE-2023-33924 | 1 Felixwelberg | 1 Sis Handball | 2023-11-10 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Felix Welberg SIS Handball allows SQL Injection.This issue affects SIS Handball: from n/a through 1.0.45. | |||||
| CVE-2023-35911 | 1 Creative-solutions | 1 Contact Form Generator | 2023-11-10 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Creative Solutions Contact Form Generator : Creative form builder for WordPress allows SQL Injection.This issue affects Contact Form Generator : Creative form builder for WordPress: from n/a through 2.6.0. | |||||
| CVE-2023-28748 | 1 Appjetty | 1 Copy Or Move Comments | 2023-11-10 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in biztechc Copy or Move Comments allows SQL Injection.This issue affects Copy or Move Comments: from n/a through 5.0.4. | |||||
| CVE-2023-38382 | 1 Subscribe To Category Project | 1 Subscribe To Category | 2023-11-10 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Daniel Söderström / Sidney van de Stouwe Subscribe to Category allows SQL Injection.This issue affects Subscribe to Category: from n/a through 2.7.4. | |||||
| CVE-2023-40207 | 1 Rednao | 1 Donations Made Easy - Smart Donations | 2023-11-10 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RedNao Donations Made Easy – Smart Donations allows SQL Injection.This issue affects Donations Made Easy – Smart Donations: from n/a through 4.0.12. | |||||
| CVE-2023-45001 | 1 Castos | 1 Seriously Simple Stats | 2023-11-10 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Castos Seriously Simple Stats allows SQL Injection.This issue affects Seriously Simple Stats: from n/a through 1.5.0. | |||||
| CVE-2023-41685 | 1 Ilghera | 1 Woocommerce Support System | 2023-11-10 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ilGhera Woocommerce Support System allows SQL Injection.This issue affects Woocommerce Support System: from n/a through 1.2.1. | |||||
| CVE-2023-40609 | 1 Rocklobster | 1 Contact Form 7 Custom Validation | 2023-11-10 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Aiyaz, maheshpatel Contact form 7 Custom validation allows SQL Injection.This issue affects Contact form 7 Custom validation: from n/a through 1.1.3. | |||||
| CVE-2023-45069 | 1 Total-soft | 1 Video Gallery | 2023-11-10 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Video Gallery by Total-Soft Video Gallery – Best WordPress YouTube Gallery Plugin allows SQL Injection.This issue affects Video Gallery – Best WordPress YouTube Gallery Plugin: from n/a through 2.1.3. | |||||
| CVE-2023-45074 | 1 Pagevisitcounter | 1 Advanced Page Visit Counter | 2023-11-10 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Page Visit Counter Advanced Page Visit Counter – Most Wanted Analytics Plugin for WordPress allows SQL Injection.This issue affects Advanced Page Visit Counter – Most Wanted Analytics Plugin for WordPress: from n/a through 7.1.1. | |||||
| CVE-2023-45046 | 1 Pressference | 1 Pressference Exporter | 2023-11-10 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Pressference Pressference Exporter allows SQL Injection.This issue affects Pressference Exporter: from n/a through 1.0.3. | |||||
| CVE-2023-45055 | 1 Inspireui | 1 Mstore Api | 2023-11-10 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in InspireUI MStore API allows SQL Injection.This issue affects MStore API: from n/a through 4.0.6. | |||||
| CVE-2023-46954 | 1 Relativity | 1 Relativityone | 2023-11-09 | N/A | 9.8 CRITICAL |
| SQL Injection vulnerability in Relativity ODA LLC RelativityOne v.12.1.537.3 Patch 2 and earlier allows a remote attacker to execute arbitrary code via the name parameter. | |||||
| CVE-2023-45346 | 1 Projectworlds | 1 Online Food Ordering Script | 2023-11-09 | N/A | 9.8 CRITICAL |
| Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The '*_role' parameter of the routers/user-router.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2023-45345 | 1 Projectworlds | 1 Online Food Ordering Script | 2023-11-09 | N/A | 9.8 CRITICAL |
| Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The '*_deleted' parameter of the routers/user-router.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||