Search
Total
2383 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-34545 | 1 Cskaza | 1 Cszcms | 2023-08-11 | N/A | 9.8 CRITICAL |
| A SQL injection vulnerability in CSZCMS 1.3.0 allows remote attackers to run arbitrary SQL commands via p parameter or the search URL. | |||||
| CVE-2023-3522 | 1 A2technology | 1 License Portal System | 2023-08-11 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in a2 License Portal System allows SQL Injection.This issue affects License Portal System: before 1.48. | |||||
| CVE-2023-3386 | 1 A2technology | 1 Camera Trap Tracking System | 2023-08-11 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in a2 Camera Trap Tracking System allows SQL Injection.This issue affects Camera Trap Tracking System: before 3.1905. | |||||
| CVE-2023-4193 | 1 Resort Reservation System Project | 1 Resort Reservation System | 2023-08-10 | N/A | 9.8 CRITICAL |
| A vulnerability has been found in SourceCodester Resort Reservation System 1.0 and classified as critical. This vulnerability affects unknown code of the file view_fee.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-236236. | |||||
| CVE-2023-4201 | 1 Mayurik | 1 Inventory Management System | 2023-08-10 | N/A | 9.8 CRITICAL |
| A vulnerability was found in SourceCodester Inventory Management System 1.0 and classified as critical. This issue affects some unknown processing of the file ex_catagory_data.php. The manipulation of the argument columns[1][data] leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-236291. | |||||
| CVE-2023-4200 | 1 Mayurik | 1 Inventory Management System | 2023-08-10 | N/A | 9.8 CRITICAL |
| A vulnerability has been found in SourceCodester Inventory Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file product_data.php.. The manipulation of the argument columns[1][data] leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-236290 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-3717 | 1 Farmakom | 1 Remote Administration Console | 2023-08-10 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Farmakom Remote Administration Console allows SQL Injection.This issue affects Remote Administration Console: before 1.02. | |||||
| CVE-2023-37372 | 1 Siemens | 1 Ruggedcom Crossbow | 2023-08-10 | N/A | 9.8 CRITICAL |
| A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.4). The affected applications is vulnerable to SQL injection. This could allow an unauthenticated remote attackers to execute arbitrary SQL queries on the server database. | |||||
| CVE-2023-3898 | 1 Mayanets | 1 E-commerce | 2023-08-10 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mAyaNet E-Commerce Software allows SQL Injection.This issue affects E-Commerce Software: before 1.1. | |||||
| CVE-2023-39524 | 1 Prestashop | 1 Prestashop | 2023-08-10 | N/A | 9.8 CRITICAL |
| PrestaShop is an open source e-commerce web application. Prior to version 8.1.1, SQL injection possible in the product search field, in BO's product page. Version 8.1.1 contains a patch for this issue. There are no known workarounds. | |||||
| CVE-2023-37682 | 1 Judging Management System Project | 1 Judging Management System | 2023-08-10 | N/A | 9.8 CRITICAL |
| Judging Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /php-jms/deductScores.php. | |||||
| CVE-2023-3716 | 1 Oduyo | 1 Online Collection | 2023-08-10 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Oduyo Online Collection Software allows SQL Injection.This issue affects Online Collection Software: before 1.0.1. | |||||
| CVE-2023-39526 | 1 Prestashop | 1 Prestashop | 2023-08-09 | N/A | 9.8 CRITICAL |
| PrestaShop is an open source e-commerce web application. Versions prior to 1.7.8.10, 8.0.5, and 8.1.1 are vulnerable to remote code execution through SQL injection and arbitrary file write in the back office. Versions 1.7.8.10, 8.0.5, and 8.1.1 contain a patch. There are no known workarounds. | |||||
| CVE-2023-4185 | 1 Mayurik | 1 Online Hospital Management System | 2023-08-09 | N/A | 9.8 CRITICAL |
| A vulnerability was found in SourceCodester Online Hospital Management System 1.0. It has been classified as critical. Affected is an unknown function of the file patientlogin.php. The manipulation of the argument loginid/password leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-236220. | |||||
| CVE-2023-4192 | 1 Resort Reservation System Project | 1 Resort Reservation System | 2023-08-09 | N/A | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, was found in SourceCodester Resort Reservation System 1.0. This affects an unknown part of the file manage_user.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-236235. | |||||
| CVE-2023-34476 | 1 Mooj | 1 Proforms | 2023-08-09 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability allows SQL Injection. | |||||
| CVE-2023-34477 | 1 Braincert | 1 Virtual Classroom | 2023-08-09 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability allows SQL Injection. | |||||
| CVE-2023-23757 | 1 Bestaddon | 1 Bestaddon Gallery | 2023-08-09 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability allows SQL Injection. | |||||
| CVE-2023-23758 | 1 Creative-solutions | 1 Creative Gallery | 2023-08-09 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability allows SQL Injection. | |||||
| CVE-2023-38044 | 1 Hikashop | 1 Hikashop | 2023-08-09 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability allows SQL Injection. | |||||
| CVE-2023-33367 | 1 Assaabloy | 1 Control Id Idsecure | 2023-08-09 | N/A | 9.8 CRITICAL |
| A SQL injection vulnerability exists in Control ID IDSecure 4.7.26.0 and prior, allowing unauthenticated attackers to write PHP files on the server's root directory, resulting in remote code execution. | |||||
| CVE-2023-4176 | 1 Hospital Management System Project | 1 Hospital Management System | 2023-08-09 | N/A | 9.8 CRITICAL |
| A vulnerability was found in SourceCodester Hospital Management System 1.0. It has been classified as critical. This affects an unknown part of the file appointmentapproval.php. The manipulation of the argument time leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-236211. | |||||
| CVE-2023-4179 | 1 Mayurik | 1 Free Hospital Management System For Small Practices | 2023-08-09 | N/A | 9.8 CRITICAL |
| A vulnerability classified as critical has been found in SourceCodester Free Hospital Management System for Small Practices 1.0. Affected is an unknown function of the file /vm/doctor/doctors.php?action=view. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-236214 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-4180 | 1 Mayurik | 1 Free Hospital Management System For Small Practices | 2023-08-09 | N/A | 9.8 CRITICAL |
| A vulnerability classified as critical was found in SourceCodester Free Hospital Management System for Small Practices 1.0. Affected by this vulnerability is an unknown functionality of the file /vm/login.php. The manipulation of the argument useremail/userpassword leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-236215. | |||||
| CVE-2023-4182 | 1 Inventory Management System Project | 1 Inventory Management System | 2023-08-09 | N/A | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, was found in SourceCodester Inventory Management System 1.0. This affects an unknown part of the file edit_sell.php. The manipulation of the argument up_pid leads to sql injection. It is possible to initiate the attack remotely. The identifier VDB-236217 was assigned to this vulnerability. | |||||
| CVE-2023-4184 | 1 Inventory Management System Project | 1 Inventory Management System | 2023-08-09 | N/A | 9.8 CRITICAL |
| A vulnerability was found in SourceCodester Inventory Management System 1.0 and classified as critical. This issue affects some unknown processing of the file sell_return.php. The manipulation of the argument pid leads to sql injection. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-236219. | |||||
| CVE-2023-4188 | 1 Instantcms | 1 Instantcms | 2023-08-09 | N/A | 9.1 CRITICAL |
| SQL Injection in GitHub repository instantsoft/icms2 prior to 2.16.1-git. | |||||
| CVE-2023-36213 | 1 Motocms | 1 Motocms | 2023-08-08 | N/A | 9.8 CRITICAL |
| SQL injection vulnerability in MotoCMS v.3.4.3 allows a remote attacker to gain privileges via the keyword parameter of the search function. | |||||
| CVE-2023-33666 | 1 Ai-dev | 1 Aioptimizedcombinations | 2023-08-08 | N/A | 9.8 CRITICAL |
| ai-dev aioptimizedcombinations before v0.1.3 was discovered to contain a SQL injection vulnerability via the component /includes/ajax.php. | |||||
| CVE-2023-33665 | 1 Ai-dev | 1 Ai-table | 2023-08-08 | N/A | 9.8 CRITICAL |
| ai-dev aitable before v0.2.2 was discovered to contain a SQL injection vulnerability via the component /includes/ajax.php. | |||||
| CVE-2023-38954 | 1 Zkteco | 1 Bioaccess Ivs | 2023-08-07 | N/A | 9.8 CRITICAL |
| ZKTeco BioAccess IVS v3.3.1 was discovered to contain a SQL injection vulnerability. | |||||
| CVE-2022-4557 | 1 Gruparge | 1 Smartpower | 2023-08-05 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Group Arge Energy and Control Systems Smartpower Web allows SQL Injection.This issue affects Smartpower Web: before 23.01.01. | |||||
| CVE-2023-34635 | 1 Wifi-soft | 1 Unibox Administration | 2023-08-04 | N/A | 9.8 CRITICAL |
| Wifi Soft Unibox Administration 3.0 and 3.1 is vulnerable to SQL Injection. The vulnerability occurs because of not validating or sanitizing the user input in the username field of the login page. | |||||
| CVE-2023-37771 | 1 Phpgurukul | 1 Art Gallery Management System | 2023-08-04 | N/A | 9.8 CRITICAL |
| Art Gallery Management System v1.0 contains a SQL injection vulnerability via the cid parameter at /agms/product.php. | |||||
| CVE-2023-39122 | 1 Bmc | 1 Control-m | 2023-08-04 | N/A | 9.8 CRITICAL |
| BMC Control-M through 9.0.20.200 allows SQL injection via the /RF-Server/report/deleteReport report-id parameter. This is fixed in 9.0.21 (and is also fixed by a patch for 9.0.20.200). | |||||
| CVE-2023-37647 | 1 Sem-cms | 1 Semcms | 2023-08-04 | N/A | 9.8 CRITICAL |
| SEMCMS v1.5 was discovered to contain a SQL injection vulnerability via the id parameter at /Ant_Suxin.php. | |||||
| CVE-2020-21662 | 1 Yunyecms | 1 Yunyecms | 2023-08-03 | N/A | 9.8 CRITICAL |
| SQL injection vulnerability in yunyecms 2.0.2 allows remote attackers to run arbitrary SQL commands via XFF. | |||||
| CVE-2023-38992 | 1 Jeecg | 1 Jeecg Boot | 2023-08-03 | N/A | 9.8 CRITICAL |
| jeecg-boot v3.5.1 was discovered to contain a SQL injection vulnerability via the title parameter at /sys/dict/loadTreeData. | |||||
| CVE-2023-3987 | 1 Simple Online Mens Salon Management System Project | 1 Simple Online Mens Salon Management System | 2023-08-03 | N/A | N/A |
| A vulnerability was found in SourceCodester Simple Online Mens Salon Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/?page=user/manage_user&id=3. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-235608. | |||||
| CVE-2023-3988 | 1 Cafe Billing System Project | 1 Cafe Billing System | 2023-08-03 | N/A | 9.8 CRITICAL |
| A vulnerability was found in Cafe Billing System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file index.php of the component Order Handler. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-235609 was assigned to this vulnerability. | |||||
| CVE-2023-26859 | 1 Brevo | 1 Brevo | 2023-08-02 | N/A | 9.8 CRITICAL |
| SQL injection vulnerability found in PrestaShop sendinblue v.4.0.15 and before allow a remote attacker to gain privileges via the ajaxOrderTracking.php component. | |||||
| CVE-2023-2601 | 1 Wp Brutal Ai Project | 1 Wp Brutal Ai | 2023-08-02 | N/A | 9.8 CRITICAL |
| The wpbrutalai WordPress plugin before 2.0.0 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by admin via CSRF. | |||||
| CVE-2023-35088 | 1 Apache | 1 Inlong | 2023-08-02 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements Used in an SQL Command ('SQL Injection') vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.7.0. In the toAuditCkSql method, the groupId, streamId, auditId, and dt are directly concatenated into the SQL query statement, which may lead to SQL injection attacks. Users are advised to upgrade to Apache InLong's 1.8.0 or cherry-pick [1] to solve it. [1] https://github.com/apache/inlong/pull/8198 | |||||
| CVE-2023-37258 | 1 Dataease | 1 Dataease | 2023-08-01 | N/A | 9.8 CRITICAL |
| DataEase is an open source data visualization analysis tool. Prior to version 1.18.9, DataEase has a SQL injection vulnerability that can bypass blacklists. The vulnerability has been fixed in v1.18.9. There are no known workarounds. | |||||
| CVE-2023-30151 | 1 Prestashop | 1 Prestashop | 2023-08-01 | N/A | 9.8 CRITICAL |
| A SQL injection vulnerability in the Boxtal (envoimoinscher) module for PrestaShop, after version 3.1.10, allows remote attackers to execute arbitrary SQL commands via the `key` GET parameter. | |||||
| CVE-2023-37165 | 1 Millhouse-project Project | 1 Millhouse-project | 2023-07-31 | N/A | 9.8 CRITICAL |
| Millhouse-Project v1.414 was discovered to contain a remote code execution (RCE) vulnerability via the component /add_post_sql.php. | |||||
| CVE-2023-3854 | 1 Phpscriptpoint | 1 Bloodbank | 2023-07-31 | N/A | 9.8 CRITICAL |
| A vulnerability classified as critical has been found in phpscriptpoint BloodBank 1.1. Affected is an unknown function of the file /search of the component POST Parameter Handler. The manipulation of the argument country/city/blood_group_id leads to sql injection. It is possible to launch the attack remotely. VDB-235206 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-35066 | 1 Infodrom | 1 E-invoice Approval System | 2023-07-31 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Infodrom Software E-Invoice Approval System allows SQL Injection.This issue affects E-Invoice Approval System: before v.20230701. | |||||
| CVE-2023-3046 | 1 Biltay | 1 Scienta | 2023-07-31 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Biltay Technology Scienta allows SQL Injection.This issue affects Scienta: before 20230630.1953. | |||||
| CVE-2023-3859 | 1 Phpscriptpoint | 1 Car Listing | 2023-07-31 | N/A | 9.8 CRITICAL |
| A vulnerability was found in phpscriptpoint Car Listing 1.6 and classified as critical. This issue affects some unknown processing of the file /search.php of the component GET Parameter Handler. The manipulation of the argument brand_id/model_id/car_condition/car_category_id/body_type_id/fuel_type_id/transmission_type_id/year/mileage_start/mileage_end/country/state/city leads to sql injection. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-235211. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||