Search
Total
1733 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-22174 | 1 Phpgurukul | 1 Hospital Management System | 2023-11-14 | 5.0 MEDIUM | 7.5 HIGH |
| PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\book-appointment.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information. | |||||
| CVE-2020-22171 | 1 Phpgurukul | 1 Hospital Management System | 2023-11-14 | 5.0 MEDIUM | 7.5 HIGH |
| PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\registration.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information. | |||||
| CVE-2020-22168 | 1 Phpgurukul | 1 Hospital Management System | 2023-11-14 | 5.0 MEDIUM | 7.5 HIGH |
| PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\change-emaild.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information. | |||||
| CVE-2020-5192 | 1 Phpgurukul | 1 Hospital Management System | 2023-11-14 | 6.5 MEDIUM | 8.8 HIGH |
| PHPGurukul Hospital Management System in PHP v4.0 suffers from multiple SQL injection vulnerabilities: multiple pages and parameters are not validating user input, and allow for the application's database and information to be fully compromised. | |||||
| CVE-2020-22173 | 1 Phpgurukul | 1 Hospital Management System | 2023-11-14 | 5.0 MEDIUM | 7.5 HIGH |
| PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\edit-profile.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information. | |||||
| CVE-2020-22170 | 1 Phpgurukul | 1 Hospital Management System | 2023-11-14 | 5.0 MEDIUM | 7.5 HIGH |
| PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\get_doctor.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information. | |||||
| CVE-2020-22166 | 1 Phpgurukul | 1 Hospital Management System | 2023-11-14 | 5.0 MEDIUM | 7.5 HIGH |
| PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\forgot-password.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information. | |||||
| CVE-2020-22172 | 1 Phpgurukul | 1 Hospital Management System | 2023-11-14 | 5.0 MEDIUM | 7.5 HIGH |
| PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\get_doctor.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information. | |||||
| CVE-2020-22175 | 1 Phpgurukul | 1 Hospital Management System | 2023-11-14 | 5.0 MEDIUM | 7.5 HIGH |
| PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\admin\betweendates-detailsreports.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information. | |||||
| CVE-2020-22165 | 1 Phpgurukul | 1 Hospital Management System | 2023-11-14 | 5.0 MEDIUM | 7.5 HIGH |
| PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\user-login.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information. | |||||
| CVE-2020-22164 | 1 Phpgurukul | 1 Hospital Management System | 2023-11-14 | 5.0 MEDIUM | 7.5 HIGH |
| PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\check_availability.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information. | |||||
| CVE-2020-22169 | 1 Phpgurukul | 1 Hospital Management System | 2023-11-14 | 5.0 MEDIUM | 7.5 HIGH |
| PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\appointment-history.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information. | |||||
| CVE-2023-5082 | 1 Click5interactive | 1 Sitemap By Click5 | 2023-11-14 | N/A | 7.2 HIGH |
| The History Log by click5 WordPress plugin before 1.0.13 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by admin users when using the Smash Balloon Social Photo Feed plugin alongside it. | |||||
| CVE-2023-46084 | 1 Bplugins | 1 Icons Font Loader | 2023-11-14 | N/A | 8.8 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in bPlugins LLC Icons Font Loader allows SQL Injection.This issue affects Icons Font Loader: from n/a through 1.1.2. | |||||
| CVE-2023-25800 | 1 Themeum | 1 Tutor Lms | 2023-11-14 | N/A | 8.8 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeum Tutor LMS allows SQL Injection.This issue affects Tutor LMS: from n/a through 2.2.0. | |||||
| CVE-2023-32741 | 1 Itpathsolutions | 1 Contact Form To Any Api | 2023-11-14 | N/A | 7.2 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in IT Path Solutions PVT LTD Contact Form to Any API allows SQL Injection.This issue affects Contact Form to Any API: from n/a through 1.1.2. | |||||
| CVE-2023-34179 | 1 Groundhogg | 1 Groundhogg | 2023-11-13 | N/A | 7.2 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Groundhogg Inc. Groundhogg allows SQL Injection.This issue affects Groundhogg: from n/a through 2.7.11. | |||||
| CVE-2023-32508 | 1 Cagewebdev | 1 Order Your Posts Manually | 2023-11-13 | N/A | 7.2 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Rolf van Gelder Order Your Posts Manually allows SQL Injection.This issue affects Order Your Posts Manually: from n/a through 2.2.5. | |||||
| CVE-2023-32121 | 1 Highfivery | 1 Zero Spam For Wordpress | 2023-11-13 | N/A | 7.2 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Highfivery LLC Zero Spam for WordPress allows SQL Injection.This issue affects Zero Spam for WordPress: from n/a through 5.4.4. | |||||
| CVE-2023-25990 | 1 Themeum | 1 Tutor Lms | 2023-11-13 | N/A | 8.8 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeum Tutor LMS allows SQL Injection.This issue affects Tutor LMS: from n/a through 2.1.10. | |||||
| CVE-2023-5923 | 1 Simple Student Information System Project | 1 Simple Student Information System | 2023-11-09 | N/A | 7.5 HIGH |
| A vulnerability classified as critical has been found in Campcodes Simple Student Information System 1.0. This affects an unknown part of the file /admin/index.php. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-244323. | |||||
| CVE-2023-5924 | 1 Simple Student Information System Project | 1 Simple Student Information System | 2023-11-09 | N/A | 7.5 HIGH |
| A vulnerability classified as critical was found in Campcodes Simple Student Information System 1.0. This vulnerability affects unknown code of the file /admin/courses/view_course.php. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-244324. | |||||
| CVE-2023-5925 | 1 Simple Student Information System Project | 1 Simple Student Information System | 2023-11-09 | N/A | 7.5 HIGH |
| A vulnerability, which was classified as critical, has been found in Campcodes Simple Student Information System 1.0. This issue affects some unknown processing of the file /classes/Master.php. The manipulation of the argument f leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-244325 was assigned to this vulnerability. | |||||
| CVE-2023-5926 | 1 Simple Student Information System Project | 1 Simple Student Information System | 2023-11-09 | N/A | 7.5 HIGH |
| A vulnerability, which was classified as critical, was found in Campcodes Simple Student Information System 1.0. Affected is an unknown function of the file /admin/students/update_status.php. The manipulation of the argument student_id leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-244326 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-5927 | 1 Simple Student Information System Project | 1 Simple Student Information System | 2023-11-09 | N/A | 7.5 HIGH |
| A vulnerability has been found in Campcodes Simple Student Information System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/courses/manage_course.php. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-244327. | |||||
| CVE-2023-5928 | 1 Simple Student Information System Project | 1 Simple Student Information System | 2023-11-09 | N/A | 7.5 HIGH |
| A vulnerability was found in Campcodes Simple Student Information System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/departments/manage_department.php. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-244328. | |||||
| CVE-2023-36677 | 1 Smartypantsplugins | 1 Sp Project \& Document Manager | 2023-11-09 | N/A | 8.8 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Smartypants SP Project & Document Manager allows SQL Injection.This issue affects SP Project & Document Manager: from n/a through 4.67. | |||||
| CVE-2023-5929 | 1 Simple Student Information System Project | 1 Simple Student Information System | 2023-11-09 | N/A | 7.5 HIGH |
| A vulnerability was found in Campcodes Simple Student Information System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/students/manage_academic.php. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-244329 was assigned to this vulnerability. | |||||
| CVE-2023-35910 | 1 Quasar-form | 1 Quasar Form | 2023-11-09 | N/A | 8.8 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Nucleus_genius Quasar form free – Contact Form Builder for WordPress allows SQL Injection.This issue affects Quasar form free – Contact Form Builder for WordPress: from n/a through 6.0. | |||||
| CVE-2023-38391 | 1 Themesgrove | 1 Onepage Builder | 2023-11-09 | N/A | 7.2 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themesgrove Onepage Builder allows SQL Injection.This issue affects Onepage Builder: from n/a through 2.4.1. | |||||
| CVE-2023-40215 | 1 Superwhite | 1 Demon Image Annotation | 2023-11-09 | N/A | 7.2 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Demonisblack demon image annotation allows SQL Injection.This issue affects demon image annotation: from n/a through 5.1. | |||||
| CVE-2023-39359 | 2 Cacti, Fedoraproject | 2 Cacti, Fedora | 2023-11-09 | N/A | 8.8 HIGH |
| Cacti is an open source operational monitoring and fault management framework. An authenticated SQL injection vulnerability was discovered which allows authenticated users to perform privilege escalation and remote code execution. The vulnerability resides in the `graphs.php` file. When dealing with the cases of ajax_hosts and ajax_hosts_noany, if the `site_id` parameter is greater than 0, it is directly reflected in the WHERE clause of the SQL statement. This creates an SQL injection vulnerability. This issue has been addressed in version 1.2.25. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-39357 | 2 Cacti, Fedoraproject | 2 Cacti, Fedora | 2023-11-09 | N/A | 8.8 HIGH |
| Cacti is an open source operational monitoring and fault management framework. A defect in the sql_save function was discovered. When the column type is numeric, the sql_save function directly utilizes user input. Many files and functions calling the sql_save function do not perform prior validation of user input, leading to the existence of multiple SQL injection vulnerabilities in Cacti. This allows authenticated users to exploit these SQL injection vulnerabilities to perform privilege escalation and remote code execution. This issue has been addressed in version 1.2.25. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-37434 | 1 Arubanetworks | 1 Edgeconnect Sd-wan Orchestrator | 2023-08-29 | N/A | 8.1 HIGH |
| Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database potentially leading to the exposure and corruption of sensitive data controlled by the EdgeConnect SD-WAN Orchestrator host. | |||||
| CVE-2023-37433 | 1 Arubanetworks | 1 Edgeconnect Sd-wan Orchestrator | 2023-08-29 | N/A | 8.1 HIGH |
| Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database potentially leading to the exposure and corruption of sensitive data controlled by the EdgeConnect SD-WAN Orchestrator host. | |||||
| CVE-2023-37432 | 1 Arubanetworks | 1 Edgeconnect Sd-wan Orchestrator | 2023-08-29 | N/A | 8.1 HIGH |
| Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database potentially leading to the exposure and corruption of sensitive data controlled by the EdgeConnect SD-WAN Orchestrator host. | |||||
| CVE-2023-37431 | 1 Arubanetworks | 1 Edgeconnect Sd-wan Orchestrator | 2023-08-29 | N/A | 8.1 HIGH |
| Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database potentially leading to the exposure and corruption of sensitive data controlled by the EdgeConnect SD-WAN Orchestrator host. | |||||
| CVE-2023-37430 | 1 Arubanetworks | 1 Edgeconnect Sd-wan Orchestrator | 2023-08-29 | N/A | 8.1 HIGH |
| Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database potentially leading to the exposure and corruption of sensitive data controlled by the EdgeConnect SD-WAN Orchestrator host. | |||||
| CVE-2023-37429 | 1 Arubanetworks | 1 Edgeconnect Sd-wan Orchestrator | 2023-08-29 | N/A | 8.1 HIGH |
| Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database potentially leading to the exposure and corruption of sensitive data controlled by the EdgeConnect SD-WAN Orchestrator host. | |||||
| CVE-2023-38899 | 1 Berkaygediz | 1 O Blog | 2023-08-24 | N/A | 7.8 HIGH |
| SQL injection vulnerability in berkaygediz O_Blog v.1.0 allows a local attacker to escalate privileges via the secure_file_priv component. | |||||
| CVE-2023-4449 | 1 Inventory Management System Project | 1 Inventory Management System | 2023-08-23 | N/A | 8.8 HIGH |
| A vulnerability was found in SourceCodester Free and Open Source Inventory Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /index.php?page=member. The manipulation of the argument columns[0][data] leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-237570 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-38839 | 1 Kidus | 1 Minimati | 2023-08-23 | N/A | 7.5 HIGH |
| SQL injection vulnerability in Kidus Minimati v.1.0.0 allows a remote attacker to obtain sensitive information via theID parameter in the fulldelete.php component. | |||||
| CVE-2023-35811 | 1 Sugarcrm | 1 Sugarcrm | 2023-08-23 | N/A | 8.8 HIGH |
| An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3. Two SQL Injection vectors have been identified in the REST API. By using crafted requests, custom SQL code can be injected through the REST API because of missing input validation. Regular user privileges can use used for exploitation. Editions other than Enterprise are also affected. | |||||
| CVE-2023-38916 | 1 Mohammad-ajazuddin | 1 Evotingsystem-php | 2023-08-22 | N/A | 8.8 HIGH |
| SQL Injection vulnerability in eVotingSystem-PHP v.1.0 allows a remote attacker to execute arbitrary code and obtain sensitive information via the user input fields. | |||||
| CVE-2023-0579 | 1 Yarpp | 1 Yarpp | 2023-08-22 | N/A | 8.8 HIGH |
| The YARPP WordPress plugin before 5.30.3 does not validate and escape some of its shortcode attributes before using them in SQL statement/s, which could allow any authenticated users, such as subscribers to perform SQL Injection attacks. | |||||
| CVE-2023-38838 | 1 Kiduswb | 1 Minimati | 2023-08-22 | N/A | 7.5 HIGH |
| SQL injection vulnerability in Kidus Minimati v.1.0.0 allows a remote attacker to obtain sensitive information via the edit.php component. | |||||
| CVE-2023-31938 | 1 Online Travel Agency System Project | 1 Online Travel Agency System | 2023-08-18 | N/A | 7.2 HIGH |
| SQL injection vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via the emp_id parameter at employee_detail.php. | |||||
| CVE-2023-31939 | 1 Online Travel Agency System Project | 1 Online Travel Agency System | 2023-08-18 | N/A | 7.2 HIGH |
| SQL injection vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via the costomer_id parameter at customer_edit.php. | |||||
| CVE-2023-31940 | 1 Online Travel Agency System Project | 1 Online Travel Agency System | 2023-08-18 | N/A | 7.2 HIGH |
| SQL injection vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via the page_id parameter at article_edit.php. | |||||
| CVE-2023-31943 | 1 Online Travel Agency System Project | 1 Online Travel Agency System | 2023-08-18 | N/A | 7.2 HIGH |
| SQL injection vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via the ticket_id parameter at ticket_detail.php. | |||||