Search
Total
8599 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-51050 | 1 S-cms | 1 S-cms | 2023-12-27 | N/A | 9.8 CRITICAL |
| S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_productauth parameter at /admin/ajax.php. | |||||
| CVE-2023-51048 | 1 S-cms | 1 S-cms | 2023-12-27 | N/A | 9.8 CRITICAL |
| S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_newsauth parameter at /admin/ajax.php. | |||||
| CVE-2023-7020 | 1 Tongda2000 | 1 Office Anywhere 2017 | 2023-12-27 | N/A | 9.8 CRITICAL |
| A vulnerability was found in Tongda OA 2017 up to 11.9 and classified as critical. This issue affects some unknown processing of the file general/wiki/cp/ct/view.php. The manipulation of the argument TEMP_ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-248567. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-7021 | 1 Tongda2000 | 1 Office Anywhere 2017 | 2023-12-27 | N/A | 9.8 CRITICAL |
| A vulnerability was found in Tongda OA 2017 up to 11.9. It has been classified as critical. Affected is an unknown function of the file general/vehicle/checkup/delete_search.php. The manipulation of the argument VU_ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-248568. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-7022 | 1 Tongda2000 | 1 Office Anywhere 2017 | 2023-12-27 | N/A | 9.8 CRITICAL |
| A vulnerability was found in Tongda OA 2017 up to 11.9. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file general/work_plan/manage/delete_all.php. The manipulation of the argument DELETE_STR leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-248569 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-49689 | 1 Kashipara | 1 Job Portal | 2023-12-27 | N/A | 9.8 CRITICAL |
| Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'JobId' parameter of the Employer/DeleteJob.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2023-49688 | 1 Kashipara | 1 Job Portal | 2023-12-27 | N/A | 9.8 CRITICAL |
| Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'txtUser' parameter of the login.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2023-49681 | 1 Kashipara | 1 Job Portal | 2023-12-27 | N/A | 9.8 CRITICAL |
| Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'cmbQual' parameter of the Employer/InsertWalkin.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2023-7023 | 1 Tongda2000 | 1 Office Anywhere 2017 | 2023-12-27 | N/A | 9.8 CRITICAL |
| A vulnerability was found in Tongda OA 2017 up to 11.9. It has been rated as critical. Affected by this issue is some unknown functionality of the file general/vehicle/query/delete.php. The manipulation of the argument VU_ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. VDB-248570 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-47990 | 1 Cuppacms | 1 Cuppacms | 2023-12-27 | N/A | 9.8 CRITICAL |
| SQL Injection vulnerability in components/table_manager/html/edit_admin_table.php in CuppaCMS V1.0 allows attackers to run arbitrary SQL commands via the table parameter. | |||||
| CVE-2023-44284 | 1 Dell | 12 Apex Protection Storage, Dd3300, Dd6400 and 9 more | 2023-12-27 | N/A | 4.3 MEDIUM |
| Dell PowerProtect DD , versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an SQL Injection vulnerability. A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application's backend database causing unauthorized read access to application data. | |||||
| CVE-2023-48050 | 2 Camsbiometrics, Odoo | 2 Zkteco\, Essl\, Cams Biometrics Integration Module, Biometric Attendance | 2023-12-27 | N/A | 9.8 CRITICAL |
| SQL injection vulnerability in Cams Biometrics Zkteco, eSSL, Cams Biometrics Integration Module with HR Attendance (aka odoo-biometric-attendance) v. 13.0 through 16.0.1 allows a remote attacker to execute arbitrary code and to gain privileges via the db parameter in the controllers/controllers.py component. | |||||
| CVE-2023-29096 | 1 Bestwebsoft | 1 Contact Form To Db | 2023-12-27 | N/A | 8.8 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BestWebSoft Contact Form to DB by BestWebSoft – Messages Database Plugin For WordPress.This issue affects Contact Form to DB by BestWebSoft – Messages Database Plugin For WordPress: from n/a through 1.7.0. | |||||
| CVE-2023-49166 | 1 Magiclogix | 1 Msync | 2023-12-27 | N/A | 9.1 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Magic Logix MSync.This issue affects MSync: from n/a through 1.0.0. | |||||
| CVE-2023-49161 | 1 Guelbetech | 1 Bravo Translate | 2023-12-27 | N/A | 9.1 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Guelben Bravo Translate.This issue affects Bravo Translate: from n/a through 1.2. | |||||
| CVE-2023-29432 | 1 Favethemes | 1 Houzez | 2023-12-27 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Favethemes Houzez - Real Estate WordPress Theme.This issue affects Houzez - Real Estate WordPress Theme: from n/a before 2.8.3. | |||||
| CVE-2023-26525 | 1 Wedevs | 1 Dokan | 2023-12-27 | N/A | 8.1 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in weDevs Dokan – Best WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy.This issue affects Dokan – Best WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy: from n/a through 3.7.12. | |||||
| CVE-2023-28788 | 1 Pagevisitcounter | 1 Advanced Page Visit Counter | 2023-12-27 | N/A | 8.8 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Page Visit Counter Advanced Page Visit Counter – Most Wanted Analytics Plugin for WordPress.This issue affects Advanced Page Visit Counter – Most Wanted Analytics Plugin for WordPress: from n/a through 6.4.2. | |||||
| CVE-2023-28491 | 1 Tribulant | 1 Slideshow Gallery | 2023-12-27 | N/A | 7.2 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tribulant Slideshow Gallery LITE.This issue affects Slideshow Gallery LITE: from n/a through 1.7.6. | |||||
| CVE-2023-33209 | 1 Crawlspider | 1 Seo Change Monitor | 2023-12-26 | N/A | 8.1 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CrawlSpider SEO Change Monitor – Track Website Changes.This issue affects SEO Change Monitor – Track Website Changes: from n/a through 1.2. | |||||
| CVE-2023-33330 | 1 Woocommerce | 1 Automatewoo | 2023-12-26 | N/A | 8.1 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WooCommerce AutomateWoo.This issue affects AutomateWoo: from n/a through 4.9.50. | |||||
| CVE-2023-49825 | 1 Pencidesign | 1 Soledad | 2023-12-26 | N/A | 8.1 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in PenciDesign Soledad – Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme.This issue affects Soledad – Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme: from n/a through 8.4.1. | |||||
| CVE-2023-5007 | 1 Kashipara | 1 Student Information System | 2023-12-26 | N/A | 9.8 CRITICAL |
| Student Information System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'id' parameter of the marks.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2023-5010 | 1 Kashipara | 1 Student Information System | 2023-12-26 | N/A | 9.8 CRITICAL |
| Student Information System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'coursecode' parameter of the marks.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2023-5011 | 1 Kashipara | 1 Student Information System | 2023-12-26 | N/A | 9.8 CRITICAL |
| Student Information System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'coursename' parameter of the marks.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2023-30495 | 1 Themefic | 1 Ultimate Addons For Contact Form 7 | 2023-12-26 | N/A | 8.1 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themefic Ultimate Addons for Contact Form 7.This issue affects Ultimate Addons for Contact Form 7: from n/a through 3.1.23. | |||||
| CVE-2023-30750 | 1 Cminds | 1 Cm Popup | 2023-12-26 | N/A | 8.1 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CreativeMindsSolutions CM Popup Plugin for WordPress.This issue affects CM Popup Plugin for WordPress: from n/a through 1.5.10. | |||||
| CVE-2023-30872 | 1 Bannersky | 1 Bsk Forms Blacklist | 2023-12-26 | N/A | 6.5 MEDIUM |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BannerSky BSK Forms Blacklist.This issue affects BSK Forms Blacklist: from n/a through 3.6.2. | |||||
| CVE-2023-3391 | 1 Oretnom23 | 1 Human Resource Management System | 2023-12-26 | N/A | 9.8 CRITICAL |
| A vulnerability was found in SourceCodester Human Resource Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file detailview.php. The manipulation of the argument employeeid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-232288. | |||||
| CVE-2022-43318 | 1 Oretnom23 | 1 Human Resource Management System | 2023-12-26 | N/A | 8.8 HIGH |
| Human Resource Management System v1.0 was discovered to contain a SQL injection vulnerability via the stateedit parameter at /hrm/state.php. | |||||
| CVE-2022-43262 | 1 Oretnom23 | 1 Human Resource Management System | 2023-12-26 | N/A | 9.8 CRITICAL |
| Human Resource Management System v1.0 was discovered to contain a SQL injection vulnerability via the password parameter at /hrm/controller/login.php. | |||||
| CVE-2022-4278 | 1 Oretnom23 | 1 Human Resource Management System | 2023-12-26 | N/A | 7.2 HIGH |
| A vulnerability was found in SourceCodester Human Resource Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /hrm/employeeadd.php. The manipulation of the argument empid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214775. | |||||
| CVE-2023-36189 | 1 Langchain | 1 Langchain | 2023-12-26 | N/A | 7.5 HIGH |
| SQL injection vulnerability in langchain before v0.0.247 allows a remote attacker to obtain sensitive information via the SQLDatabaseChain component. | |||||
| CVE-2023-29597 | 1 Bloofox | 1 Bloofoxcms | 2023-12-22 | N/A | 8.8 HIGH |
| bloofox v0.5.2 was discovered to contain a SQL injection vulnerability via the component /index.php?mode=content&page=pages&action=edit&eid=1. | |||||
| CVE-2023-48434 | 1 Projectworlds | 1 Online Voting System Project | 2023-12-22 | N/A | 9.8 CRITICAL |
| Online Voting System Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the reg_action.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2023-48433 | 1 Projectworlds | 1 Online Voting System Project | 2023-12-22 | N/A | 9.8 CRITICAL |
| Online Voting System Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the login_action.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2022-43457 | 1 Deltaww | 1 Diaenergie | 2023-12-22 | N/A | 8.8 HIGH |
| SQL Injection in HandlerPage_KID.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network | |||||
| CVE-2023-48372 | 1 Itpison | 1 Omicard Edm | 2023-12-22 | N/A | 9.8 CRITICAL |
| ITPison OMICARD EDM 's SMS-related function has insufficient validation for user input. An unauthenticated remote attacker can exploit this vulnerability to inject arbitrary SQL commands to access, modify and delete database. | |||||
| CVE-2023-48395 | 1 Kaifa | 1 Webitr Attendance System | 2023-12-22 | N/A | 6.5 MEDIUM |
| Kaifa Technology WebITR is an online attendance system, it has insufficient validation for user input within a special function. A remote attacker with regular user privilege can exploit this vulnerability to inject arbitrary SQL commands to read database. | |||||
| CVE-2023-48384 | 1 Armorxgt | 1 Spamtrap | 2023-12-22 | N/A | 9.8 CRITICAL |
| ArmorX Global Technology Corporation ArmorX Spam has insufficient validation for user input within a special function. An unauthenticated remote attacker can exploit this vulnerability to inject arbitrary SQL commands to access, modify and delete database. | |||||
| CVE-2023-49764 | 1 Sigmaplugin | 1 Advanced Database Cleaner | 2023-12-22 | N/A | 7.2 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Younes JFR. Advanced Database Cleaner.This issue affects Advanced Database Cleaner: from n/a through 3.1.2. | |||||
| CVE-2023-49750 | 1 Spoonthemes | 1 Couponis | 2023-12-22 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Spoonthemes Couponis - Affiliate & Submitting Coupons WordPress Theme.This issue affects Couponis - Affiliate & Submitting Coupons WordPress Theme: from n/a before 2.2. | |||||
| CVE-2023-48741 | 1 Quantumcloud | 1 Ai Chatbot | 2023-12-22 | N/A | 7.2 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in QuantumCloud AI ChatBot.This issue affects AI ChatBot: from n/a through 4.7.8. | |||||
| CVE-2023-40010 | 1 Pluginus | 1 Husky - Products Filter Professional For Woocommerce | 2023-12-22 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in realmag777 HUSKY – Products Filter for WooCommerce Professional.This issue affects HUSKY – Products Filter for WooCommerce Professional: from n/a through 1.3.4.2. | |||||
| CVE-2023-47852 | 1 Linkwhisper | 1 Link Whisper Free | 2023-12-22 | N/A | 7.2 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Link Whisper Link Whisper Free.This issue affects Link Whisper Free: from n/a through 0.6.5. | |||||
| CVE-2023-31092 | 1 Foxskav | 1 Easy Bet | 2023-12-22 | N/A | 8.1 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Foxskav Easy Bet.This issue affects Easy Bet: from n/a through 1.0.2. | |||||
| CVE-2023-32128 | 1 Adastracrypto | 1 Cryptocurrency Payment \& Donation Box | 2023-12-22 | N/A | 7.2 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Adastra Crypto Cryptocurrency Payment & Donation Box – Accept Payments in any Cryptocurrency on your WP Site for Free.This issue affects Cryptocurrency Payment & Donation Box – Accept Payments in any Cryptocurrency on your WP Site for Free: from n/a through 2.2.7. | |||||
| CVE-2023-34168 | 1 Esiteq | 1 Wp Report Post | 2023-12-22 | N/A | 8.8 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Alex Raven WP Report Post allows SQL Injection.This issue affects WP Report Post: from n/a through 2.1.2. | |||||
| CVE-2023-33331 | 1 Woo | 1 Product Vendors | 2023-12-22 | N/A | 7.2 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WooCommerce Product Vendors allows SQL Injection.This issue affects Product Vendors: from n/a through 2.1.76. | |||||
| CVE-2023-47506 | 1 Masterslider | 1 Master Slider | 2023-12-22 | N/A | 8.8 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Master slider Master Slider Pro allows SQL Injection.This issue affects Master Slider Pro: from n/a through 3.6.5. | |||||