Search
Total
1733 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-28491 | 1 Tribulant | 1 Slideshow Gallery | 2023-12-27 | N/A | 7.2 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tribulant Slideshow Gallery LITE.This issue affects Slideshow Gallery LITE: from n/a through 1.7.6. | |||||
| CVE-2023-33209 | 1 Crawlspider | 1 Seo Change Monitor | 2023-12-26 | N/A | 8.1 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CrawlSpider SEO Change Monitor – Track Website Changes.This issue affects SEO Change Monitor – Track Website Changes: from n/a through 1.2. | |||||
| CVE-2023-33330 | 1 Woocommerce | 1 Automatewoo | 2023-12-26 | N/A | 8.1 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WooCommerce AutomateWoo.This issue affects AutomateWoo: from n/a through 4.9.50. | |||||
| CVE-2023-49825 | 1 Pencidesign | 1 Soledad | 2023-12-26 | N/A | 8.1 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in PenciDesign Soledad – Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme.This issue affects Soledad – Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme: from n/a through 8.4.1. | |||||
| CVE-2023-30495 | 1 Themefic | 1 Ultimate Addons For Contact Form 7 | 2023-12-26 | N/A | 8.1 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themefic Ultimate Addons for Contact Form 7.This issue affects Ultimate Addons for Contact Form 7: from n/a through 3.1.23. | |||||
| CVE-2023-30750 | 1 Cminds | 1 Cm Popup | 2023-12-26 | N/A | 8.1 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CreativeMindsSolutions CM Popup Plugin for WordPress.This issue affects CM Popup Plugin for WordPress: from n/a through 1.5.10. | |||||
| CVE-2022-4278 | 1 Oretnom23 | 1 Human Resource Management System | 2023-12-26 | N/A | 7.2 HIGH |
| A vulnerability was found in SourceCodester Human Resource Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /hrm/employeeadd.php. The manipulation of the argument empid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214775. | |||||
| CVE-2022-43318 | 1 Oretnom23 | 1 Human Resource Management System | 2023-12-26 | N/A | 8.8 HIGH |
| Human Resource Management System v1.0 was discovered to contain a SQL injection vulnerability via the stateedit parameter at /hrm/state.php. | |||||
| CVE-2023-36189 | 1 Langchain | 1 Langchain | 2023-12-26 | N/A | 7.5 HIGH |
| SQL injection vulnerability in langchain before v0.0.247 allows a remote attacker to obtain sensitive information via the SQLDatabaseChain component. | |||||
| CVE-2023-29597 | 1 Bloofox | 1 Bloofoxcms | 2023-12-22 | N/A | 8.8 HIGH |
| bloofox v0.5.2 was discovered to contain a SQL injection vulnerability via the component /index.php?mode=content&page=pages&action=edit&eid=1. | |||||
| CVE-2022-43457 | 1 Deltaww | 1 Diaenergie | 2023-12-22 | N/A | 8.8 HIGH |
| SQL Injection in HandlerPage_KID.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network | |||||
| CVE-2023-49764 | 1 Sigmaplugin | 1 Advanced Database Cleaner | 2023-12-22 | N/A | 7.2 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Younes JFR. Advanced Database Cleaner.This issue affects Advanced Database Cleaner: from n/a through 3.1.2. | |||||
| CVE-2023-48741 | 1 Quantumcloud | 1 Ai Chatbot | 2023-12-22 | N/A | 7.2 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in QuantumCloud AI ChatBot.This issue affects AI ChatBot: from n/a through 4.7.8. | |||||
| CVE-2023-47852 | 1 Linkwhisper | 1 Link Whisper Free | 2023-12-22 | N/A | 7.2 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Link Whisper Link Whisper Free.This issue affects Link Whisper Free: from n/a through 0.6.5. | |||||
| CVE-2023-31092 | 1 Foxskav | 1 Easy Bet | 2023-12-22 | N/A | 8.1 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Foxskav Easy Bet.This issue affects Easy Bet: from n/a through 1.0.2. | |||||
| CVE-2023-32128 | 1 Adastracrypto | 1 Cryptocurrency Payment \& Donation Box | 2023-12-22 | N/A | 7.2 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Adastra Crypto Cryptocurrency Payment & Donation Box – Accept Payments in any Cryptocurrency on your WP Site for Free.This issue affects Cryptocurrency Payment & Donation Box – Accept Payments in any Cryptocurrency on your WP Site for Free: from n/a through 2.2.7. | |||||
| CVE-2023-34168 | 1 Esiteq | 1 Wp Report Post | 2023-12-22 | N/A | 8.8 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Alex Raven WP Report Post allows SQL Injection.This issue affects WP Report Post: from n/a through 2.1.2. | |||||
| CVE-2023-33331 | 1 Woo | 1 Product Vendors | 2023-12-22 | N/A | 7.2 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WooCommerce Product Vendors allows SQL Injection.This issue affects Product Vendors: from n/a through 2.1.76. | |||||
| CVE-2023-47506 | 1 Masterslider | 1 Master Slider | 2023-12-22 | N/A | 8.8 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Master slider Master Slider Pro allows SQL Injection.This issue affects Master Slider Pro: from n/a through 3.6.5. | |||||
| CVE-2023-47530 | 1 Wpvibes | 1 Redirect 404 Error Page To Homepage Or Custom Page With Logs | 2023-12-22 | N/A | 7.2 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPVibes Redirect 404 Error Page to Homepage or Custom Page with Logs allows SQL Injection.This issue affects Redirect 404 Error Page to Homepage or Custom Page with Logs: from n/a through 1.8.7. | |||||
| CVE-2023-31932 | 1 Phpgurukul | 1 Rail Pass Management System | 2023-12-20 | N/A | 7.2 HIGH |
| Sql injection vulnerability found in Rail Pass Management System v.1.0 allows a remote attacker to execute arbitrary code via the viewid parameter of the view-enquiry.php file. | |||||
| CVE-2023-31933 | 1 Phpgurukul | 1 Rail Pass Management System | 2023-12-20 | N/A | 7.2 HIGH |
| Sql injection vulnerability found in Rail Pass Management System v.1.0 allows a remote attacker to execute arbitrary code via the editid parameter of the edit-pass-detail.php file. | |||||
| CVE-2023-31937 | 1 Phpgurukul | 1 Rail Pass Management System | 2023-12-20 | N/A | 7.2 HIGH |
| Sql injection vulnerability found in Rail Pass Management System v.1.0 allows a remote attacker to execute arbitrary code via the editid parameter of the edit-cateogry-detail.php file. | |||||
| CVE-2023-31936 | 1 Phpgurukul | 1 Rail Pass Management System | 2023-12-20 | N/A | 7.2 HIGH |
| Sql injection vulnerability found in Rail Pass Management System v.1.0 allows a remote attacker to execute arbitrary code via the viewid parameter of the view-pass-detail.php file. | |||||
| CVE-2022-1800 | 1 Soflyy | 1 Export Any Wordpress Data To Xml\/csv | 2023-12-20 | 6.5 MEDIUM | 7.2 HIGH |
| The Export any WordPress data to XML/CSV WordPress plugin before 1.3.5 does not sanitize the cpt POST parameter when exporting post data before using it in a database query, leading to an SQL injection vulnerability. | |||||
| CVE-2023-39417 | 3 Debian, Postgresql, Redhat | 4 Debian Linux, Postgresql, Enterprise Linux and 1 more | 2023-12-20 | N/A | 8.8 HIGH |
| IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct (dollar quoting, '', or ""). If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with database-level CREATE privilege can execute arbitrary code as the bootstrap superuser. | |||||
| CVE-2015-10091 | 1 Bywatersolutions | 1 Bywater-koha-xslt | 2023-12-20 | N/A | 7.2 HIGH |
| A vulnerability has been found in ByWater Solutions bywater-koha-xslt and classified as critical. This vulnerability affects the function StringSearch of the file admin/systempreferences.pl. The manipulation of the argument name leads to sql injection. The attack can be initiated remotely. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The patch is identified as 9513b93c828dfbc4413f9e0df63647401aaf4e58. It is recommended to apply a patch to fix this issue. VDB-222322 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-25651 | 1 Zte | 4 Mf286r, Mf286r Firmware, Mf833u1 and 1 more | 2023-12-19 | N/A | 8.0 HIGH |
| There is a SQL injection vulnerability in some ZTE mobile internet products. Due to insufficient input validation of SMS interface parameter, an authenticated attacker could use the vulnerability to execute SQL injection and cause information leak. | |||||
| CVE-2023-43813 | 1 Glpi-project | 1 Glpi | 2023-12-18 | N/A | 8.8 HIGH |
| GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.11, the saved search feature can be used to perform a SQL injection. Version 10.0.11 contains a patch for the issue. | |||||
| CVE-2023-6772 | 1 Otcms | 1 Otcms | 2023-12-18 | N/A | 7.2 HIGH |
| A vulnerability, which was classified as critical, was found in OTCMS 7.01. Affected is an unknown function of the file /admin/ind_backstage.php. The manipulation of the argument sqlContent leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-247908. | |||||
| CVE-2023-6611 | 1 Tongda2000 | 2 Tongda Oa, Tongda Office Anywhere | 2023-12-16 | N/A | 7.5 HIGH |
| A vulnerability was found in Tongda OA 2017 up to 11.9. It has been declared as critical. This vulnerability affects unknown code of the file pda/pad/email/delete.php. The manipulation of the argument EMAIL_ID leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. VDB-247246 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-6608 | 1 Tongda2000 | 2 Tongda Oa, Tongda Office Anywhere | 2023-12-16 | N/A | 7.5 HIGH |
| A vulnerability was found in Tongda OA 2017 up to 11.9 and classified as critical. Affected by this issue is some unknown functionality of the file general/notify/manage/delete.php. The manipulation of the argument DELETE_STR leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-247244. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-5298 | 1 Tongda2000 | 1 Tongda Office Anywhere | 2023-12-16 | N/A | 7.5 HIGH |
| A vulnerability was found in Tongda OA 2017. It has been rated as critical. Affected by this issue is some unknown functionality of the file general/hr/recruit/requirements/delete.php. The manipulation of the argument REQUIREMENTS_ID leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. VDB-240938 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-5285 | 1 Tongda2000 | 1 Tongda Office Anywhere | 2023-12-16 | N/A | 7.5 HIGH |
| A vulnerability classified as critical was found in Tongda OA 2017. Affected by this vulnerability is an unknown functionality of the file general/hr/recruit/recruitment/delete.php. The manipulation of the argument RECRUITMENT_ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-240913 was assigned to this vulnerability. | |||||
| CVE-2023-5030 | 1 Tongda2000 | 1 Tongda Office Anywhere | 2023-12-16 | N/A | 8.8 HIGH |
| A vulnerability has been found in Tongda OA up to 11.10 and classified as critical. This vulnerability affects unknown code of the file general/hr/recruit/plan/delete.php. The manipulation of the argument PLAN_ID leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-239872. | |||||
| CVE-2023-6276 | 1 Tongda2000 | 1 Tongda Office Anywhere | 2023-12-16 | N/A | 7.5 HIGH |
| A vulnerability classified as critical has been found in Tongda OA 2017 up to 11.9. This affects an unknown part of the file general/wiki/cp/ct/delete.php. The manipulation of the argument PROJ_ID_STR leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-246105 was assigned to this vulnerability. | |||||
| CVE-2023-5023 | 1 Tongda2000 | 1 Tongda Office Anywhere | 2023-12-16 | N/A | 8.8 HIGH |
| A vulnerability was found in Tongda OA 2017 and classified as critical. Affected by this issue is some unknown functionality of the file general/hr/manage/staff_relatives/delete.php. The manipulation of the argument RELATIVES_ID leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-239864. | |||||
| CVE-2023-5783 | 1 Tongda2000 | 1 Tongda Office Anywhere | 2023-12-16 | N/A | 7.5 HIGH |
| A vulnerability has been found in Tongda OA 2017 up to 11.9 and classified as critical. Affected by this vulnerability is an unknown functionality of the file general/system/approve_center/flow_sort/flow/delete.php. The manipulation of the argument id/sort_parent leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-243589 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-6607 | 1 Tongda2000 | 1 Tongda Office Anywhere | 2023-12-16 | N/A | 7.5 HIGH |
| A vulnerability has been found in Tongda OA 2017 up to 11.10 and classified as critical. Affected by this vulnerability is an unknown functionality of the file general/wiki/cp/manage/delete.php. The manipulation of the argument TERM_ID_STR leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-247243. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-6755 | 1 Dedebiz | 1 Dedebiz | 2023-12-15 | N/A | 7.2 HIGH |
| A vulnerability was found in DedeBIZ 6.2 and classified as critical. This issue affects some unknown processing of the file /src/admin/content_batchup_action.php. The manipulation of the argument endid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-247883. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-45800 | 1 Hanbiro | 1 Groupware | 2023-12-15 | N/A | 7.5 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Hanbiro Hanbiro groupware allows Information Elicitation.This issue affects Hanbiro groupware: from V3.8.79 before V3.8.81.1. | |||||
| CVE-2023-41623 | 1 Emlog | 1 Emlog | 2023-12-14 | N/A | 7.2 HIGH |
| Emlog version pro2.1.14 was discovered to contain a SQL injection vulnerability via the uid parameter at /admin/media.php. | |||||
| CVE-2023-49030 | 1 32ns | 1 Klive | 2023-12-13 | N/A | 7.5 HIGH |
| SQL Injection vulnerability in32ns KLive v.2019-1-19 and before allows a remote attacker to obtain sensitive information via a crafted script to the web/user.php component. | |||||
| CVE-2023-6659 | 1 Campcodes | 1 Student Clearance System | 2023-12-13 | N/A | 7.5 HIGH |
| A vulnerability, which was classified as critical, has been found in Campcodes Web-Based Student Clearance System 1.0. This issue affects some unknown processing of the file /libsystem/login.php. The manipulation of the argument student leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-247367. | |||||
| CVE-2023-6575 | 1 Byzoro | 2 Smart S210, Smart S210 Firmware | 2023-12-13 | N/A | 8.8 HIGH |
| A vulnerability was found in Beijing Baichuo S210 up to 20231121. It has been classified as critical. This affects an unknown part of the file /Tool/repair.php of the component HTTP POST Request Handler. The manipulation of the argument txt leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-247155. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-6035 | 1 Spider-themes | 1 Eazydocs | 2023-12-13 | N/A | 8.8 HIGH |
| The EazyDocs WordPress plugin before 2.3.4 does not properly sanitize and escape "data" parameter before using it in an SQL statement via an AJAX action, which could allow any authenticated users, such as subscribers, to perform SQL Injection attacks. | |||||
| CVE-2023-43743 | 1 Zultys | 12 Mx-e, Mx-e Firmware, Mx-se and 9 more | 2023-12-13 | N/A | 8.8 HIGH |
| A SQL injection vulnerability in Zultys MX-SE, MX-SE II, MX-E, MX-Virtual, MX250, and MX30 with firmware versions prior to 17.0.10 patch 17161 and 16.04 patch 16109 allows an authenticated attacker to execute arbitrary SQL queries on the backend database via the filter parameter in requests to the /newapi/ endpoint in the Zultys MX web interface. | |||||
| CVE-2023-5761 | 1 Burst-statistics | 1 Burst Statistics | 2023-12-12 | N/A | 7.5 HIGH |
| The Burst Statistics – Privacy-Friendly Analytics for WordPress plugin for WordPress is vulnerable to SQL Injection via the 'url' parameter in versions 1.4.0 to 1.4.6.1 (free) and versions 1.4.0 to 1.5.0 (pro) due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | |||||
| CVE-2014-125072 | 1 Klattr Project | 1 Klattr | 2023-12-08 | N/A | 8.8 HIGH |
| A vulnerability classified as critical has been found in CherishSin klattr. This affects an unknown part. The manipulation leads to sql injection. The patch is named f8e4ecfbb83aef577011b0b4aebe96fb6ec557f1. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217719. | |||||
| CVE-2023-6063 | 1 Wpfastestcache | 1 Wp Fastest Cache | 2023-12-08 | N/A | 7.5 HIGH |
| The WP Fastest Cache WordPress plugin before 1.2.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users. | |||||