Search
Total
8599 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-7146 | 1 Masterlab | 1 Masterlab | 2024-01-04 | N/A | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, has been found in gopeak MasterLab up to 3.3.10. This issue affects the function sqlInjectDelete of the file app/ctrl/framework/Feature.php of the component HTTP POST Request Handler. The manipulation of the argument phone leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-249149 was assigned to this vulnerability. | |||||
| CVE-2023-50841 | 1 Reputeinfosystems | 1 Bookingpress | 2024-01-04 | N/A | 8.8 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Repute Infosystems BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin.This issue affects BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin: from n/a through 1.0.72. | |||||
| CVE-2023-50842 | 1 Mf Gig Calendar Project | 1 Mf Gig Calendar | 2024-01-04 | N/A | 8.8 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Matthew Fries MF Gig Calendar.This issue affects MF Gig Calendar: from n/a through 1.2.1. | |||||
| CVE-2023-50840 | 1 Oplugins | 1 Booking Manager | 2024-01-04 | N/A | 8.8 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpdevelop, oplugins Booking Manager.This issue affects Booking Manager: from n/a through 2.1.5. | |||||
| CVE-2023-50843 | 1 Mediaburst | 1 Clockwork Sms Notfications | 2024-01-04 | N/A | 7.2 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Clockwork Clockwork SMS Notfications.This issue affects Clockwork SMS Notfications: from n/a through 3.0.4. | |||||
| CVE-2023-50844 | 1 Jamesward | 1 Wp Mail Catcher | 2024-01-04 | N/A | 7.2 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in James Ward Mail logging – WP Mail Catcher.This issue affects Mail logging – WP Mail Catcher: from n/a through 2.1.3. | |||||
| CVE-2023-50845 | 1 Ayecode | 1 Geodirectory | 2024-01-04 | N/A | 7.2 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AyeCode - WordPress Business Directory Plugins GeoDirectory – WordPress Business Directory Plugin, or Classified Directory.This issue affects GeoDirectory – WordPress Business Directory Plugin, or Classified Directory: from n/a through 2.3.28. | |||||
| CVE-2023-50846 | 1 Metagauss | 1 Registrationmagic | 2024-01-04 | N/A | 7.2 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RegistrationMagic RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login.This issue affects RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login: from n/a through 5.2.4.5. | |||||
| CVE-2023-50847 | 1 Collne | 1 Welcart E-commerce | 2024-01-04 | N/A | 7.2 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Collne Inc. Welcart e-Commerce.This issue affects Welcart e-Commerce: from n/a through 2.9.3. | |||||
| CVE-2023-50839 | 1 Wiselyhub | 1 Js Help Desk | 2024-01-04 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin.This issue affects JS Help Desk – Best Help Desk & Support Plugin: from n/a through 2.8.1. | |||||
| CVE-2023-50838 | 1 Basixonline | 1 Nex-forms | 2024-01-04 | N/A | 7.2 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Basix NEX-Forms – Ultimate Form Builder – Contact forms and much more.This issue affects NEX-Forms – Ultimate Form Builder – Contact forms and much more: from n/a through 8.5.5. | |||||
| CVE-2023-4671 | 1 Talentyazilim | 1 Ecop | 2024-01-04 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Talent Software ECOP allows Command Line Execution through SQL Injection.This issue affects ECOP: before 32255. | |||||
| CVE-2023-7129 | 1 Code-projects | 1 Voting System | 2024-01-04 | N/A | 8.8 HIGH |
| A vulnerability, which was classified as critical, was found in code-projects Voting System 1.0. Affected is an unknown function of the component Voters Login. The manipulation of the argument voter leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249132. | |||||
| CVE-2023-52082 | 1 Lycheeorg | 1 Lychee | 2024-01-04 | N/A | 9.8 CRITICAL |
| Lychee is a free photo-management tool. Prior to 5.0.2, Lychee is vulnerable to an SQL injection on any binding when using mysql/mariadb. This injection is only active for users with the `.env` settings set to DB_LOG_SQL=true and DB_LOG_SQL_EXPLAIN=true. The defaults settings of Lychee are safe. The patch is provided on version 5.0.2. To work around this issue, disable SQL EXPLAIN logging. | |||||
| CVE-2023-50856 | 1 Funnelkit | 1 Funnel Builder | 2024-01-04 | N/A | 7.2 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in FunnelKit Funnel Builder for WordPress by FunnelKit – Customize WooCommerce Checkout Pages, Create Sales Funnels & Maximize Profits.This issue affects Funnel Builder for WordPress by FunnelKit – Customize WooCommerce Checkout Pages, Create Sales Funnels & Maximize Profits: from n/a through 2.14.3. | |||||
| CVE-2023-50857 | 1 Funnelkit | 1 Funnelkit Automations | 2024-01-04 | N/A | 7.2 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in FunnelKit Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit.This issue affects Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit: from n/a through 2.6.1. | |||||
| CVE-2023-50848 | 1 Ajexperience | 1 404 Solution | 2024-01-04 | N/A | 7.2 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Aaron J 404 Solution.This issue affects 404 Solution: from n/a through 2.34.0. | |||||
| CVE-2023-50851 | 1 Nsqua | 1 Simply Schedule Appointments | 2024-01-04 | N/A | 7.2 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in N Squared Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin.This issue affects Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin: from n/a before 1.6.6.1. | |||||
| CVE-2023-5674 | 1 Wpvibes | 1 Wp Mail Log | 2024-01-04 | N/A | 8.8 HIGH |
| The WP Mail Log WordPress plugin before 1.1.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Contributor. | |||||
| CVE-2023-7123 | 1 Oretnom | 1 Medicine Tracker System | 2024-01-04 | N/A | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, has been found in SourceCodester Medicine Tracking System 1.0. This issue affects some unknown processing of the file /classes/Master.php? f=save_medicine. The manipulation of the argument id/name/description leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249095. | |||||
| CVE-2023-46989 | 1 Innovadeluxe | 1 Quick Order | 2024-01-04 | N/A | 7.8 HIGH |
| SQL Injection vulnerability in the Innovadeluxe Quick Order module for PrestaShop before v.1.4.0, allows local attackers to execute arbitrary code via the getProducts() function in the productlist.php file. | |||||
| CVE-2023-5645 | 1 Wpvibes | 1 Wp Mail Log | 2024-01-04 | N/A | 8.8 HIGH |
| The WP Mail Log WordPress plugin before 1.1.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Contributor. | |||||
| CVE-2023-52096 | 1 Steve-community | 1 Ocpp-jaxb | 2024-01-04 | N/A | 7.5 HIGH |
| SteVe Community ocpp-jaxb before 0.0.8 generates invalid timestamps such as ones with month 00 in certain situations (such as when an application receives a StartTransaction Open Charge Point Protocol message with a timestamp parameter of 1000000). This may lead to a SQL exception in applications, and may undermine the integrity of transaction records. | |||||
| CVE-2023-49954 | 1 3cx | 1 3cx | 2024-01-03 | N/A | 9.8 CRITICAL |
| The CRM Integration in 3CX before 18.0.9.23 and 20 before 20.0.0.1494 allows SQL Injection via a first name, search string, or email address. | |||||
| CVE-2022-39822 | 1 Nokia | 1 Network Functions Manager For Transport | 2024-01-03 | N/A | 8.8 HIGH |
| In NOKIA NFM-T R19.9, a SQL Injection vulnerability occurs in /cgi-bin/R19.9/easy1350.pl of the VM Manager WebUI via the id or host HTTP GET parameter. An authenticated attacker is required for exploitation. | |||||
| CVE-2023-7139 | 1 Code-projects | 1 Client Details System | 2024-01-03 | N/A | 9.8 CRITICAL |
| A vulnerability has been found in code-projects Client Details System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /admin/regester.php of the component HTTP POST Request Handler. The manipulation of the argument fname/lname/email/contact leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-249142 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-7140 | 1 Code-projects | 1 Client Details System | 2024-01-03 | N/A | 9.8 CRITICAL |
| A vulnerability was found in code-projects Client Details System 1.0 and classified as problematic. This issue affects some unknown processing of the file /admin/manage-users.php. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249143. | |||||
| CVE-2023-7142 | 1 Code-projects | 1 Client Details System | 2024-01-03 | N/A | 9.8 CRITICAL |
| A vulnerability was found in code-projects Client Details System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/clientview.php. The manipulation of the argument ID leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-249145 was assigned to this vulnerability. | |||||
| CVE-2023-7138 | 1 Code-projects | 1 Client Details System | 2024-01-03 | N/A | 8.8 HIGH |
| A vulnerability, which was classified as critical, was found in code-projects Client Details System 1.0. This affects an unknown part of the file /admin of the component HTTP POST Request Handler. The manipulation of the argument username leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-249141 was assigned to this vulnerability. | |||||
| CVE-2023-7141 | 1 Code-projects | 1 Client Details System | 2024-01-03 | N/A | 9.8 CRITICAL |
| A vulnerability was found in code-projects Client Details System 1.0. It has been classified as problematic. Affected is an unknown function of the file /admin/update-clients.php. The manipulation of the argument uid leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249144. | |||||
| CVE-2023-7137 | 1 Code-projects | 1 Client Details System | 2024-01-03 | N/A | 8.8 HIGH |
| A vulnerability, which was classified as critical, has been found in code-projects Client Details System 1.0. Affected by this issue is some unknown functionality of the component HTTP POST Request Handler. The manipulation of the argument uemail leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249140. | |||||
| CVE-2023-7155 | 1 Mayurik | 1 Free And Open Source Inventory Management System | 2024-01-03 | N/A | 8.8 HIGH |
| A vulnerability, which was classified as critical, was found in SourceCodester Free and Open Source Inventory Management System 1.0. This affects an unknown part of the file /ample/app/action/edit_product.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249177 was assigned to this vulnerability. | |||||
| CVE-2023-49934 | 1 Schedmd | 1 Slurm | 2024-01-03 | N/A | 9.8 CRITICAL |
| An issue was discovered in SchedMD Slurm 23.11.x. There is SQL Injection against the SlurmDBD database. The fixed version is 23.11.1. | |||||
| CVE-2023-5203 | 1 Swit | 1 Wp Sessions Time Monitoring Full Automatic | 2024-01-02 | N/A | 7.5 HIGH |
| The WP Sessions Time Monitoring Full Automatic WordPress plugin before 1.0.9 does not sanitize the request URL or query parameters before using them in an SQL query, allowing unauthenticated attackers to extract sensitive data from the database via blind time based SQL injection techniques, or in some cases an error/union based technique. | |||||
| CVE-2022-47532 | 1 Filerun | 1 Filerun | 2024-01-02 | N/A | 9.8 CRITICAL |
| FileRun 20220519 allows SQL Injection via the "dir" parameter in a /?module=users§ion=cpanel&page=list request. | |||||
| CVE-2022-29822 | 1 Feathersjs | 1 Feathers-sequelize | 2024-01-02 | N/A | 9.8 CRITICAL |
| Due to improper parameter filtering in the Feathers js library, which may ultimately lead to SQL injection | |||||
| CVE-2022-2422 | 1 Feathersjs | 1 Feathers-sequelize | 2024-01-02 | N/A | 9.8 CRITICAL |
| Due to improper input validation in the Feathers js library, it is possible to perform a SQL injection attack on the back-end database, in case the feathers-sequelize package is used. | |||||
| CVE-2023-45115 | 1 Projectworlds | 1 Online Examination System | 2024-01-02 | N/A | 8.8 HIGH |
| Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'ch' parameter of the /update.php?q=addqns resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2023-45120 | 1 Projectworlds | 1 Online Examination System | 2024-01-02 | N/A | 8.8 HIGH |
| Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'qid' parameter of the /update.php?q=quiz&step=2 resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2023-45117 | 1 Projectworlds | 1 Online Examination System | 2024-01-02 | N/A | 8.8 HIGH |
| Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'eid' parameter of the /update.php?q=rmquiz resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2023-45118 | 1 Projectworlds | 1 Online Examination System | 2024-01-02 | N/A | 8.8 HIGH |
| Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'fdid' parameter of the /update.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2023-45116 | 1 Projectworlds | 1 Online Examination System | 2024-01-02 | N/A | 8.8 HIGH |
| Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'demail' parameter of the /update.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2023-45121 | 1 Projectworlds | 1 Online Examination System | 2024-01-02 | N/A | 8.8 HIGH |
| Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'desc' parameter of the /update.php?q=addquiz resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2023-45119 | 1 Projectworlds | 1 Online Examination System | 2024-01-02 | N/A | 8.8 HIGH |
| Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'n' parameter of the /update.php?q=quiz resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2023-48893 | 1 Slims | 1 Senayan Library Management System Bulian | 2023-12-31 | N/A | 8.8 HIGH |
| SLiMS (aka SENAYAN Library Management System) through 9.6.1 allows admin/modules/reporting/customs/staff_act.php SQL Injection via startDate or untilDate. | |||||
| CVE-2023-7111 | 1 Fabianros | 1 Library Management System | 2023-12-30 | N/A | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, was found in code-projects Library Management System 2.0. Affected is an unknown function of the file index.php. The manipulation of the argument category leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-249006 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-7097 | 1 Fabianros | 1 Water Billing System | 2023-12-30 | N/A | 9.8 CRITICAL |
| A vulnerability classified as critical has been found in code-projects Water Billing System 1.0. This affects an unknown part of the file /addbill.php. The manipulation of the argument owners_id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-248949 was assigned to this vulnerability. | |||||
| CVE-2023-7096 | 1 Carmelogarcia | 1 Faculty Management System | 2023-12-30 | N/A | 9.8 CRITICAL |
| A vulnerability was found in code-projects Faculty Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/php/crud.php. The manipulation of the argument fieldname leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-248948. | |||||
| CVE-2023-49752 | 1 Spoonthemes | 1 Adifier | 2023-12-30 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Spoon themes Adifier - Classified Ads WordPress Theme.This issue affects Adifier - Classified Ads WordPress Theme: from n/a before 3.1.4. | |||||
| CVE-2023-51448 | 1 Cacti | 1 Cacti | 2023-12-29 | N/A | 8.8 HIGH |
| Cacti provides an operational monitoring and fault management framework. Version 1.2.25 has a Blind SQL Injection (SQLi) vulnerability within the SNMP Notification Receivers feature in the file `‘managers.php’`. An authenticated attacker with the “Settings/Utilities” permission can send a crafted HTTP GET request to the endpoint `‘/cacti/managers.php’` with an SQLi payload in the `‘selected_graphs_array’` HTTP GET parameter. As of time of publication, no patched versions exist. | |||||