Search
Total
8599 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-48823 | 1 Mayurik | 1 Courier Management System | 2023-12-09 | N/A | 9.8 CRITICAL |
| A Blind SQL injection issue in ajax.php in GaatiTrack Courier Management System 1.0 allows an unauthenticated attacker to inject a payload via the email parameter during login. | |||||
| CVE-2023-49429 | 1 Tenda | 2 Ax9, Ax9 Firmware | 2023-12-09 | N/A | 9.8 CRITICAL |
| Tenda AX9 V22.03.01.46 was discovered to contain a SQL command injection vulnerability in the 'setDeviceInfo' feature through the 'mac' parameter at /goform/setModules. | |||||
| CVE-2017-20172 | 1 Soundslike Project | 1 Soundslike | 2023-12-08 | N/A | 9.8 CRITICAL |
| A vulnerability was found in ridhoq soundslike. It has been classified as critical. Affected is the function get_song_relations of the file app/api/songs.py. The manipulation leads to sql injection. The patch is identified as 90bb4fb667d9253d497b619b9adaac83bf0ce0f8. It is recommended to apply a patch to fix this issue. VDB-218490 is the identifier assigned to this vulnerability. | |||||
| CVE-2014-125101 | 1 Huge-it | 1 Portfolio Gallery | 2023-12-08 | N/A | 9.8 CRITICAL |
| A vulnerability classified as critical has been found in Portfolio Gallery Plugin up to 1.1.8 on WordPress. This affects an unknown part. The manipulation leads to sql injection. It is possible to initiate the attack remotely. Upgrading to version 1.1.9 is able to address this issue. The identifier of the patch is 58ed88243e17df766036f4857041edaf358076d3. It is recommended to upgrade the affected component. The identifier VDB-230085 was assigned to this vulnerability. | |||||
| CVE-2014-125075 | 1 Gmail-servlet Project | 1 Gmail-servlet | 2023-12-08 | N/A | 9.8 CRITICAL |
| A vulnerability was found in gmail-servlet and classified as critical. This issue affects the function search of the file src/Model.java. The manipulation leads to sql injection. The identifier of the patch is 5d72753c2e95bb373aa86824939397dc25f679ea. It is recommended to apply a patch to fix this issue. The identifier VDB-218021 was assigned to this vulnerability. | |||||
| CVE-2014-125076 | 1 Criminals Project | 1 Criminals | 2023-12-08 | N/A | 9.8 CRITICAL |
| A vulnerability was found in NoxxieNl Criminals. It has been classified as critical. Affected is an unknown function of the file ingame/roulette.php. The manipulation of the argument gambleMoney leads to sql injection. The patch is identified as 0a60b31271d4cbf8babe4be993d2a3a1617f0897. It is recommended to apply a patch to fix this issue. VDB-218022 is the identifier assigned to this vulnerability. | |||||
| CVE-2014-125083 | 1 Anant | 1 Google-enterprise-connector-dctm | 2023-12-08 | N/A | 9.8 CRITICAL |
| A vulnerability has been found in Anant Labs google-enterprise-connector-dctm up to 3.2.3 and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation of the argument username/domain leads to sql injection. The patch is named 6fba04f18ab7764002a1da308e7cd9712b501cb7. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218911. | |||||
| CVE-2014-125072 | 1 Klattr Project | 1 Klattr | 2023-12-08 | N/A | 8.8 HIGH |
| A vulnerability classified as critical has been found in CherishSin klattr. This affects an unknown part. The manipulation leads to sql injection. The patch is named f8e4ecfbb83aef577011b0b4aebe96fb6ec557f1. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217719. | |||||
| CVE-2014-125077 | 1 Searx Stats Project | 1 Searx Stats | 2023-12-08 | N/A | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, has been found in pointhi searx_stats. This issue affects some unknown processing of the file cgi/cron.php. The manipulation leads to sql injection. The patch is named 281bd679a4474ddb222d16c1c380f252839cc18f. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218351. | |||||
| CVE-2014-125073 | 1 Voteapp Project | 1 Voteapp | 2023-12-08 | N/A | 9.8 CRITICAL |
| A vulnerability was found in mapoor voteapp. It has been rated as critical. Affected by this issue is the function create_poll/do_poll/show_poll/show_refresh of the file app.py. The manipulation leads to sql injection. The patch is identified as b290c21a0d8bcdbd55db860afd3cadec97388e72. It is recommended to apply a patch to fix this issue. VDB-217790 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-6063 | 1 Wpfastestcache | 1 Wp Fastest Cache | 2023-12-08 | N/A | 7.5 HIGH |
| The WP Fastest Cache WordPress plugin before 1.2.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users. | |||||
| CVE-2023-46575 | 1 Layer5 | 1 Meshery | 2023-12-08 | N/A | 9.8 CRITICAL |
| A SQL injection vulnerability exists in Meshery prior to version v0.6.179, enabling a remote attacker to retrieve sensitive information and execute arbitrary code through the “order” parameter | |||||
| CVE-2014-125063 | 1 Bid Project | 1 Bid | 2023-12-08 | N/A | 9.8 CRITICAL |
| A vulnerability was found in ada-l0velace Bid and classified as critical. This issue affects some unknown processing. The manipulation leads to sql injection. The identifier of the patch is abd71140b8219fa8741d0d8a57ab27d5bfd34222. It is recommended to apply a patch to fix this issue. The identifier VDB-217625 was assigned to this vulnerability. | |||||
| CVE-2014-125062 | 1 Bitstorm Project | 1 Bitstorm | 2023-12-08 | N/A | 9.8 CRITICAL |
| A vulnerability classified as critical was found in ananich bitstorm. Affected by this vulnerability is an unknown functionality of the file announce.php. The manipulation of the argument event leads to sql injection. The identifier of the patch is ea8da92f94cdb78ee7831e1f7af6258473ab396a. It is recommended to apply a patch to fix this issue. The identifier VDB-217621 was assigned to this vulnerability. | |||||
| CVE-2011-0448 | 1 Rubyonrails | 1 Rails | 2023-12-07 | 7.5 HIGH | N/A |
| Ruby on Rails 3.0.x before 3.0.4 does not ensure that arguments to the limit function specify integer values, which makes it easier for remote attackers to conduct SQL injection attacks via a non-numeric argument. | |||||
| CVE-2023-48863 | 1 Sem-cms | 1 Semcms | 2023-12-07 | N/A | 7.5 HIGH |
| SEMCMS 3.9 is vulnerable to SQL Injection. Due to the lack of security checks on the input of the application, the attacker uses the existing application to inject malicious SQL commands into the background database engine for execution, and sends some attack codes as commands or query statements to the interpreter. These malicious data can deceive the interpreter, so as to execute unplanned commands or unauthorized access to data. | |||||
| CVE-2023-5108 | 1 Alphabpo | 1 Easy Newsletter Signups | 2023-12-07 | N/A | 7.2 HIGH |
| The Easy Newsletter Signups WordPress plugin through 1.0.4 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin | |||||
| CVE-2020-36768 | 1 Reiner-lemoine-institut | 1 Nesp2 | 2023-12-07 | N/A | 9.8 CRITICAL |
| A vulnerability was found in rl-institut NESP2 Initial Release/1.0. It has been classified as critical. Affected is an unknown function of the file app/database.py. The manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The patch is identified as 07c0cdf36cf6a4345086d07b54423723a496af5e. It is recommended to apply a patch to fix this issue. VDB-246642 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-6464 | 1 Remyandrade | 1 User Registration And Login System | 2023-12-06 | N/A | 9.8 CRITICAL |
| A vulnerability was found in SourceCodester User Registration and Login System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /endpoint/add-user.php. The manipulation of the argument user leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-246614 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-5634 | 1 Arslansoft Education Portal Project | 1 Arslansoft Education Portal | 2023-12-06 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ArslanSoft Education Portal allows SQL Injection.This issue affects Education Portal: before v1.1. | |||||
| CVE-2023-49371 | 1 Ruoyi | 1 Ruoyi | 2023-12-06 | N/A | 9.8 CRITICAL |
| RuoYi up to v4.6 was discovered to contain a SQL injection vulnerability via /system/dept/edit. | |||||
| CVE-2023-48813 | 1 Slims | 1 Senayan Library Management System Bulian | 2023-12-06 | N/A | 8.8 HIGH |
| Senayan Library Management Systems (Slims) 9 Bulian v9.6.1 is vulnerable to SQL Injection via admin/modules/reporting/customs/fines_report.php. | |||||
| CVE-2023-46956 | 1 Oretnom23 | 1 Packers And Movers Management System | 2023-12-06 | N/A | 7.2 HIGH |
| SQL injection vulnerability in Packers and Movers Management System v.1.0 allows a remote attacker to execute arbitrary code via crafted payload to the /mpms/admin/?page=user/manage_user&id file. | |||||
| CVE-2023-48016 | 1 Phpgurukul | 1 Restaurant Table Booking System | 2023-12-06 | N/A | 7.5 HIGH |
| Restaurant Table Booking System V1.0 is vulnerable to SQL Injection in rtbs/admin/index.php via the username parameter. | |||||
| CVE-2023-6402 | 1 Phpgurukul | 1 Nipah Virus Testing Management System | 2023-12-06 | N/A | 8.8 HIGH |
| A vulnerability, which was classified as critical, was found in PHPGurukul Nipah Virus Testing Management System 1.0. This affects an unknown part of the file add-phlebotomist.php. The manipulation of the argument empid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-246423. | |||||
| CVE-2023-6360 | 1 Joedolson | 1 My Calendar | 2023-12-06 | N/A | 9.8 CRITICAL |
| The 'My Calendar' WordPress Plugin, version < 3.4.22 is affected by an unauthenticated SQL injection vulnerability in the 'from' and 'to' parameters in the '/my-calendar/v1/events' rest route. | |||||
| CVE-2023-48742 | 1 Wpexperts | 1 License Manager For Woocommerce | 2023-12-05 | N/A | 7.2 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LicenseManager License Manager for WooCommerce license-manager-for-woocommerce allows SQL Injection.This issue affects License Manager for WooCommerce: from n/a through 2.2.10. | |||||
| CVE-2023-40056 | 1 Solarwinds | 1 Solarwinds Platform | 2023-12-04 | N/A | 8.8 HIGH |
| SQL Injection Remote Code Vulnerability was found in the SolarWinds Platform. This vulnerability can be exploited with a low privileged account. | |||||
| CVE-2023-6415 | 1 Aatifaneeq | 1 Voovi | 2023-12-02 | N/A | 7.5 HIGH |
| A vulnerability has been reported in Voovi Social Networking Script that affects version 1.0 and consists of a SQL injection via signin.php in the user parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the application. | |||||
| CVE-2023-6416 | 1 Aatifaneeq | 1 Voovi | 2023-12-02 | N/A | 7.5 HIGH |
| A vulnerability has been reported in Voovi Social Networking Script that affects version 1.0 and consists of a SQL injection via signup2.php in the emailadd parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the application. | |||||
| CVE-2023-6410 | 1 Aatifaneeq | 1 Voovi | 2023-12-02 | N/A | 7.5 HIGH |
| A vulnerability has been reported in Voovi Social Networking Script that affects version 1.0 and consists of a SQL injection via editprofile.php in multiple parameters. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the application. | |||||
| CVE-2023-6417 | 1 Aatifaneeq | 1 Voovi | 2023-12-02 | N/A | 7.5 HIGH |
| A vulnerability has been reported in Voovi Social Networking Script that affects version 1.0 and consists of a SQL injection via update.php in the id parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the application. | |||||
| CVE-2023-6413 | 1 Aatifaneeq | 1 Voovi | 2023-12-02 | N/A | 7.5 HIGH |
| A vulnerability has been reported in Voovi Social Networking Script that affects version 1.0 and consists of a SQL injection via photos.php in the id and user parameters. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the application. | |||||
| CVE-2023-6414 | 1 Aatifaneeq | 1 Voovi | 2023-12-02 | N/A | 7.5 HIGH |
| A vulnerability has been reported in Voovi Social Networking Script that affects version 1.0 and consists of a SQL injection via perfil.php in the id and user parameters. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the application. | |||||
| CVE-2023-6412 | 1 Aatifaneeq | 1 Voovi | 2023-12-02 | N/A | 7.5 HIGH |
| A vulnerability has been reported in Voovi Social Networking Script that affects version 1.0 and consists of a SQL injection via photo.php in multiple parameters. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the application. | |||||
| CVE-2023-6411 | 1 Aatifaneeq | 1 Voovi | 2023-12-02 | N/A | 7.5 HIGH |
| A vulnerability has been reported in Voovi Social Networking Script that affects version 1.0 and consists of a SQL injection via home.php in the update parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the application. | |||||
| CVE-2023-6418 | 1 Aatifaneeq | 1 Voovi | 2023-12-02 | N/A | 7.5 HIGH |
| A vulnerability has been reported in Voovi Social Networking Script that affects version 1.0 and consists of a SQL injection via videos.php in the id parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the application. | |||||
| CVE-2014-125081 | 1 Debutsav Project | 1 Debutsav | 2023-12-01 | N/A | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, has been found in risheesh debutsav. This issue affects some unknown processing. The manipulation leads to sql injection. The patch is named 7a8430df79277c613449262201cc792db894fc76. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218459. | |||||
| CVE-2014-125084 | 1 Gimmie Project | 1 Gimmie | 2023-12-01 | N/A | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, has been found in Gimmie Plugin 1.2.2 on vBulletin. This issue affects some unknown processing of the file trigger_referral.php. The manipulation of the argument referrername leads to sql injection. Upgrading to version 1.3.0 is able to address this issue. The identifier of the patch is 7194a09353dd24a274678383a4418f2fd3fce6f7. It is recommended to upgrade the affected component. The identifier VDB-220205 was assigned to this vulnerability. | |||||
| CVE-2023-46349 | 1 Myprestamodules | 1 Updateproducts | 2023-12-01 | N/A | 9.8 CRITICAL |
| In the module "Product Catalog (CSV, Excel) Export/Update" (updateproducts) < 3.8.5 from MyPrestaModules for PrestaShop, a guest can perform SQL injection. The method `productsUpdateModel::getExportIds()` has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection. | |||||
| CVE-2023-48188 | 1 Store-opart | 1 Op\'art Devis | 2023-12-01 | N/A | 9.8 CRITICAL |
| SQL injection vulnerability in PrestaShop opartdevis v.4.5.18 thru v.4.6.12 allows a remote attacker to execute arbitrary code via a crafted script to the getModuleTranslation function. | |||||
| CVE-2023-3631 | 1 Medart Notification Panel Project | 1 Medart Notification Panel | 2023-11-30 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Medart Health Services Medart Notification Panel allows SQL Injection.This issue affects Medart Notification Panel: through 20231123. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-45340 | 1 Projectworlds | 1 Online Food Ordering System | 2023-11-30 | N/A | 9.8 CRITICAL |
| Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'phone' parameter of the routers/details-router.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2023-45336 | 1 Projectworlds | 1 Online Food Ordering System | 2023-11-30 | N/A | 9.8 CRITICAL |
| Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'password' parameter of the routers/router.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2023-45342 | 1 Projectworlds | 1 Online Food Ordering System | 2023-11-30 | N/A | 9.8 CRITICAL |
| Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'phone' parameter of the routers/register-router.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2023-45341 | 1 Projectworlds | 1 Online Food Ordering System | 2023-11-30 | N/A | 9.8 CRITICAL |
| Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The '*_price' parameter of the routers/menu-router.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2023-45343 | 1 Projectworlds | 1 Online Food Ordering System | 2023-11-30 | N/A | 9.8 CRITICAL |
| Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'ticket_id' parameter of the routers/ticket-message.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2023-3377 | 1 Veribase | 1 Veribase | 2023-11-30 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Veribilim Software Computer Veribase allows SQL Injection.This issue affects Veribase: through 20231123. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-5046 | 1 Biltay | 1 Procost | 2023-11-30 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Biltay Technology Procost allows SQL Injection, Command Line Execution through SQL Injection.This issue affects Procost: before 1390. | |||||
| CVE-2023-5045 | 1 Biltay | 1 Kayisi | 2023-11-30 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Biltay Technology Kayisi allows SQL Injection, Command Line Execution through SQL Injection.This issue affects Kayisi: before 1286. | |||||