Search
Total
8599 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-47430 | 1 Weblizar | 1 School Management - Education \& Learning Management | 2023-11-14 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Weblizar The School Management – Education & Learning Management allows SQL Injection.This issue affects The School Management – Education & Learning Management: from n/a through 4.1. | |||||
| CVE-2023-46084 | 1 Bplugins | 1 Icons Font Loader | 2023-11-14 | N/A | 8.8 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in bPlugins LLC Icons Font Loader allows SQL Injection.This issue affects Icons Font Loader: from n/a through 1.1.2. | |||||
| CVE-2023-45830 | 1 Adaplugin | 1 Accessibility Suite By Online Ada | 2023-11-14 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Online ADA Accessibility Suite by Online ADA allows SQL Injection.This issue affects Accessibility Suite by Online ADA: from n/a through 4.11. | |||||
| CVE-2023-45657 | 1 Posimyth | 1 Nexter | 2023-11-14 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in POSIMYTH Nexter allows SQL Injection.This issue affects Nexter: from n/a through 2.0.3. | |||||
| CVE-2023-36529 | 1 Favethemes | 1 Houzez | 2023-11-14 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Favethemes Houzez - Real Estate WordPress Theme allows SQL Injection.This issue affects Houzez - Real Estate WordPress Theme: from n/a through 1.3.4. | |||||
| CVE-2023-25800 | 1 Themeum | 1 Tutor Lms | 2023-11-14 | N/A | 8.8 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeum Tutor LMS allows SQL Injection.This issue affects Tutor LMS: from n/a through 2.2.0. | |||||
| CVE-2023-32741 | 1 Itpathsolutions | 1 Contact Form To Any Api | 2023-11-14 | N/A | 7.2 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in IT Path Solutions PVT LTD Contact Form to Any API allows SQL Injection.This issue affects Contact Form to Any API: from n/a through 1.1.2. | |||||
| CVE-2023-25700 | 1 Themeum | 1 Tutor Lms | 2023-11-13 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeum Tutor LMS allows SQL Injection.This issue affects Tutor LMS: from n/a through 2.1.10. | |||||
| CVE-2023-34179 | 1 Groundhogg | 1 Groundhogg | 2023-11-13 | N/A | 7.2 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Groundhogg Inc. Groundhogg allows SQL Injection.This issue affects Groundhogg: from n/a through 2.7.11. | |||||
| CVE-2023-32508 | 1 Cagewebdev | 1 Order Your Posts Manually | 2023-11-13 | N/A | 7.2 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Rolf van Gelder Order Your Posts Manually allows SQL Injection.This issue affects Order Your Posts Manually: from n/a through 2.2.5. | |||||
| CVE-2023-32121 | 1 Highfivery | 1 Zero Spam For Wordpress | 2023-11-13 | N/A | 7.2 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Highfivery LLC Zero Spam for WordPress allows SQL Injection.This issue affects Zero Spam for WordPress: from n/a through 5.4.4. | |||||
| CVE-2023-25990 | 1 Themeum | 1 Tutor Lms | 2023-11-13 | N/A | 8.8 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeum Tutor LMS allows SQL Injection.This issue affects Tutor LMS: from n/a through 2.1.10. | |||||
| CVE-2023-46981 | 1 Xxyopen | 1 Novel-plus | 2023-11-13 | N/A | 9.8 CRITICAL |
| SQL injection vulnerability in Novel-Plus v.4.2.0 allows a remote attacker to execute arbitrary code via a crafted script to the sort parameter in /common/log/list. | |||||
| CVE-2023-40922 | 1 Kerawen | 1 Kerawen | 2023-11-13 | N/A | 9.8 CRITICAL |
| kerawen before v2.5.1 was discovered to contain a SQL injection vulnerability via the ocs_id_cart parameter at KerawenDeliveryModuleFrontController::initContent(). | |||||
| CVE-2023-26015 | 1 Mappresspro | 1 Mappress Maps For Wordpress | 2023-11-13 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Chris Richardson MapPress Maps for WordPress mappress-google-maps-for-wordpress allows SQL Injection.This issue affects MapPress Maps for WordPress: from n/a through 2.85.4. | |||||
| CVE-2023-25960 | 1 Zendrop | 1 Zendrop | 2023-11-13 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Zendrop Zendrop – Global Dropshipping zendrop-dropshipping-and-fulfillment allows SQL Injection.This issue affects Zendrop – Global Dropshipping: from n/a through 1.0.0. | |||||
| CVE-2023-41652 | 1 Carrcommunications | 1 Rsvpmaker | 2023-11-13 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David F. Carr RSVPMaker rsvpmaker allows SQL Injection.This issue affects RSVPMaker: from n/a through 10.6.6. | |||||
| CVE-2023-34383 | 1 Wedevs | 1 Wp Project Manager | 2023-11-13 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in weDevs WP Project Manager wedevs-project-manager allows SQL Injection.This issue affects WP Project Manager: from n/a through 2.6.0. | |||||
| CVE-2022-47588 | 1 Tipsandtricks-hq | 1 Simple Photo Gallery | 2023-11-13 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tips and Tricks HQ, Peter Petreski Simple Photo Gallery simple-photo-gallery allows SQL Injection.This issue affects Simple Photo Gallery: from n/a through v1.8.1. | |||||
| CVE-2022-46818 | 1 Gopiplus | 1 Email Posts To Subscribers | 2023-11-13 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Gopi Ramasamy Email posts to subscribers allows SQL Injection.This issue affects Email posts to subscribers: from n/a through 6.2. | |||||
| CVE-2023-46490 | 1 Cacti | 1 Cacti | 2023-11-13 | N/A | 6.5 MEDIUM |
| SQL Injection vulnerability in Cacti v1.2.25 allows a remote attacker to obtain sensitive information via the form_actions() function in the managers.php function. | |||||
| CVE-2023-33924 | 1 Felixwelberg | 1 Sis Handball | 2023-11-10 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Felix Welberg SIS Handball allows SQL Injection.This issue affects SIS Handball: from n/a through 1.0.45. | |||||
| CVE-2023-27605 | 1 Wp Reroute Email Project | 1 Wp Reroute Email | 2023-11-10 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Sajjad Hossain WP Reroute Email allows SQL Injection.This issue affects WP Reroute Email: from n/a through 1.4.6. | |||||
| CVE-2023-28748 | 1 Appjetty | 1 Copy Or Move Comments | 2023-11-10 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in biztechc Copy or Move Comments allows SQL Injection.This issue affects Copy or Move Comments: from n/a through 5.0.4. | |||||
| CVE-2023-40207 | 1 Rednao | 1 Donations Made Easy - Smart Donations | 2023-11-10 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RedNao Donations Made Easy – Smart Donations allows SQL Injection.This issue affects Donations Made Easy – Smart Donations: from n/a through 4.0.12. | |||||
| CVE-2023-35911 | 1 Creative-solutions | 1 Contact Form Generator | 2023-11-10 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Creative Solutions Contact Form Generator : Creative form builder for WordPress allows SQL Injection.This issue affects Contact Form Generator : Creative form builder for WordPress: from n/a through 2.6.0. | |||||
| CVE-2023-38382 | 1 Subscribe To Category Project | 1 Subscribe To Category | 2023-11-10 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Daniel Söderström / Sidney van de Stouwe Subscribe to Category allows SQL Injection.This issue affects Subscribe to Category: from n/a through 2.7.4. | |||||
| CVE-2023-45001 | 1 Castos | 1 Seriously Simple Stats | 2023-11-10 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Castos Seriously Simple Stats allows SQL Injection.This issue affects Seriously Simple Stats: from n/a through 1.5.0. | |||||
| CVE-2023-40609 | 1 Rocklobster | 1 Contact Form 7 Custom Validation | 2023-11-10 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Aiyaz, maheshpatel Contact form 7 Custom validation allows SQL Injection.This issue affects Contact form 7 Custom validation: from n/a through 1.1.3. | |||||
| CVE-2023-41685 | 1 Ilghera | 1 Woocommerce Support System | 2023-11-10 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ilGhera Woocommerce Support System allows SQL Injection.This issue affects Woocommerce Support System: from n/a through 1.2.1. | |||||
| CVE-2023-45046 | 1 Pressference | 1 Pressference Exporter | 2023-11-10 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Pressference Pressference Exporter allows SQL Injection.This issue affects Pressference Exporter: from n/a through 1.0.3. | |||||
| CVE-2023-45069 | 1 Total-soft | 1 Video Gallery | 2023-11-10 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Video Gallery by Total-Soft Video Gallery – Best WordPress YouTube Gallery Plugin allows SQL Injection.This issue affects Video Gallery – Best WordPress YouTube Gallery Plugin: from n/a through 2.1.3. | |||||
| CVE-2023-45074 | 1 Pagevisitcounter | 1 Advanced Page Visit Counter | 2023-11-10 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Page Visit Counter Advanced Page Visit Counter – Most Wanted Analytics Plugin for WordPress allows SQL Injection.This issue affects Advanced Page Visit Counter – Most Wanted Analytics Plugin for WordPress: from n/a through 7.1.1. | |||||
| CVE-2023-45055 | 1 Inspireui | 1 Mstore Api | 2023-11-10 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in InspireUI MStore API allows SQL Injection.This issue affects MStore API: from n/a through 4.0.6. | |||||
| CVE-2023-46954 | 1 Relativity | 1 Relativityone | 2023-11-09 | N/A | 9.8 CRITICAL |
| SQL Injection vulnerability in Relativity ODA LLC RelativityOne v.12.1.537.3 Patch 2 and earlier allows a remote attacker to execute arbitrary code via the name parameter. | |||||
| CVE-2023-5923 | 1 Simple Student Information System Project | 1 Simple Student Information System | 2023-11-09 | N/A | 7.5 HIGH |
| A vulnerability classified as critical has been found in Campcodes Simple Student Information System 1.0. This affects an unknown part of the file /admin/index.php. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-244323. | |||||
| CVE-2023-5924 | 1 Simple Student Information System Project | 1 Simple Student Information System | 2023-11-09 | N/A | 7.5 HIGH |
| A vulnerability classified as critical was found in Campcodes Simple Student Information System 1.0. This vulnerability affects unknown code of the file /admin/courses/view_course.php. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-244324. | |||||
| CVE-2023-5925 | 1 Simple Student Information System Project | 1 Simple Student Information System | 2023-11-09 | N/A | 7.5 HIGH |
| A vulnerability, which was classified as critical, has been found in Campcodes Simple Student Information System 1.0. This issue affects some unknown processing of the file /classes/Master.php. The manipulation of the argument f leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-244325 was assigned to this vulnerability. | |||||
| CVE-2023-5926 | 1 Simple Student Information System Project | 1 Simple Student Information System | 2023-11-09 | N/A | 7.5 HIGH |
| A vulnerability, which was classified as critical, was found in Campcodes Simple Student Information System 1.0. Affected is an unknown function of the file /admin/students/update_status.php. The manipulation of the argument student_id leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-244326 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-5927 | 1 Simple Student Information System Project | 1 Simple Student Information System | 2023-11-09 | N/A | 7.5 HIGH |
| A vulnerability has been found in Campcodes Simple Student Information System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/courses/manage_course.php. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-244327. | |||||
| CVE-2023-5928 | 1 Simple Student Information System Project | 1 Simple Student Information System | 2023-11-09 | N/A | 7.5 HIGH |
| A vulnerability was found in Campcodes Simple Student Information System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/departments/manage_department.php. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-244328. | |||||
| CVE-2023-36677 | 1 Smartypantsplugins | 1 Sp Project \& Document Manager | 2023-11-09 | N/A | 8.8 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Smartypants SP Project & Document Manager allows SQL Injection.This issue affects SP Project & Document Manager: from n/a through 4.67. | |||||
| CVE-2023-5929 | 1 Simple Student Information System Project | 1 Simple Student Information System | 2023-11-09 | N/A | 7.5 HIGH |
| A vulnerability was found in Campcodes Simple Student Information System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/students/manage_academic.php. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-244329 was assigned to this vulnerability. | |||||
| CVE-2023-35910 | 1 Quasar-form | 1 Quasar Form | 2023-11-09 | N/A | 8.8 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Nucleus_genius Quasar form free – Contact Form Builder for WordPress allows SQL Injection.This issue affects Quasar form free – Contact Form Builder for WordPress: from n/a through 6.0. | |||||
| CVE-2023-40215 | 1 Superwhite | 1 Demon Image Annotation | 2023-11-09 | N/A | 7.2 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Demonisblack demon image annotation allows SQL Injection.This issue affects demon image annotation: from n/a through 5.1. | |||||
| CVE-2023-38391 | 1 Themesgrove | 1 Onepage Builder | 2023-11-09 | N/A | 7.2 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themesgrove Onepage Builder allows SQL Injection.This issue affects Onepage Builder: from n/a through 2.4.1. | |||||
| CVE-2023-45338 | 1 Projectworlds | 1 Online Food Ordering Script | 2023-11-09 | N/A | 9.8 CRITICAL |
| Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'id' parameter of the routers/add-ticket.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2023-45345 | 1 Projectworlds | 1 Online Food Ordering Script | 2023-11-09 | N/A | 9.8 CRITICAL |
| Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The '*_deleted' parameter of the routers/user-router.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2023-45346 | 1 Projectworlds | 1 Online Food Ordering Script | 2023-11-09 | N/A | 9.8 CRITICAL |
| Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The '*_role' parameter of the routers/user-router.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2023-5918 | 1 Visitor Management System Project | 1 Visitor Management System | 2023-11-09 | N/A | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, was found in SourceCodester Visitor Management System 1.0. Affected is an unknown function of the file manage_user.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-244308. | |||||