Total
18012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-48384 | 1 Armorxgt | 1 Spamtrap | 2024-11-21 | N/A | 9.8 CRITICAL |
|
ArmorX Global Technology Corporation ArmorX Spam has insufficient validation for user input within a special function. An unauthenticated remote attacker can exploit this vulnerability to inject arbitrary SQL commands to access, modify and delete database.
|
|||||
| CVE-2023-48372 | 1 Itpison | 1 Omicard Edm | 2024-11-21 | N/A | 9.8 CRITICAL |
|
ITPison OMICARD EDM 's SMS-related function has insufficient validation for user input. An unauthenticated remote attacker can exploit this vulnerability to inject arbitrary SQL commands to access, modify and delete database.
|
|||||
| CVE-2023-48327 | 1 Wcvendors | 1 Woocommerce Multi-vendor\, Woocommerce Marketplace\, Product Vendors | 2024-11-21 | N/A | 7.6 HIGH |
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WC Vendors WC Vendors – WooCommerce Multi-Vendor, WooCommerce Marketplace, Product Vendors.This issue affects WC Vendors – WooCommerce Multi-Vendor, WooCommerce Marketplace, Product Vendors: from n/a through 2.4.7.
|
|||||
| CVE-2023-48260 | 1 Bosch | 21 Nexo-os, Nexo Cordless Nutrunner Nxa011s-36v-b \(0608842012\), Nexo Cordless Nutrunner Nxa011s-36v \(0608842011\) and 18 more | 2024-11-21 | N/A | 5.3 MEDIUM |
|
The vulnerability allows a remote unauthenticated attacker to read arbitrary content of the results database via a crafted HTTP request.
|
|||||
| CVE-2023-48259 | 1 Bosch | 21 Nexo-os, Nexo Cordless Nutrunner Nxa011s-36v-b \(0608842012\), Nexo Cordless Nutrunner Nxa011s-36v \(0608842011\) and 18 more | 2024-11-21 | N/A | 5.3 MEDIUM |
|
The vulnerability allows a remote unauthenticated attacker to read arbitrary content of the results database via a crafted HTTP request.
|
|||||
| CVE-2023-48253 | 1 Bosch | 21 Nexo-os, Nexo Cordless Nutrunner Nxa011s-36v-b \(0608842012\), Nexo Cordless Nutrunner Nxa011s-36v \(0608842011\) and 18 more | 2024-11-21 | N/A | 8.8 HIGH |
|
The vulnerability allows a remote authenticated attacker to read or update arbitrary content of the authentication database via a crafted HTTP request.
By abusing this vulnerability it is possible to exfiltrate other users’ password hashes or update them with arbitrary values and access their accounts.
|
|||||
| CVE-2023-48188 | 1 Store-opart | 1 Op\'art Devis | 2024-11-21 | N/A | 9.8 CRITICAL |
|
SQL injection vulnerability in PrestaShop opartdevis v.4.5.18 thru v.4.6.12 allows a remote attacker to execute arbitrary code via a crafted script to the getModuleTranslation function.
|
|||||
| CVE-2023-48084 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Nagios XI before version 5.11.3 was discovered to contain a SQL injection vulnerability via the bulk modification tool.
|
|||||
| CVE-2023-48078 | 1 Code-projects | 1 Simple Crud Functionality | 2024-11-21 | N/A | 9.8 CRITICAL |
|
SQL Injection vulnerability in add.php in Simple CRUD Functionality v1.0 allows attackers to run arbitrary SQL commands via the 'title' parameter.
|
|||||
| CVE-2023-48050 | 2 Camsbiometrics, Odoo | 2 Zkteco\, Essl\, Cams Biometrics Integration Module, Biometric Attendance | 2024-11-21 | N/A | 9.8 CRITICAL |
|
SQL injection vulnerability in Cams Biometrics Zkteco, eSSL, Cams Biometrics Integration Module with HR Attendance (aka odoo-biometric-attendance) v. 13.0 through 16.0.1 allows a remote attacker to execute arbitrary code and to gain privileges via the db parameter in the controllers/controllers.py component.
|
|||||
| CVE-2023-48049 | 1 Cybrosys | 1 Website Blog Search | 2024-11-21 | N/A | 9.8 CRITICAL |
|
A SQL injection vulnerability in Cybrosys Techno Solutions Website Blog Search (aka website_search_blog) v. 13.0 through 13.0.1.0.1 allows a remote attacker to execute arbitrary code and to gain privileges via the name parameter in controllers/main.py component.
|
|||||
| CVE-2023-48016 | 1 Phpgurukul | 1 Restaurant Table Booking System | 2024-11-21 | N/A | 7.5 HIGH |
|
Restaurant Table Booking System V1.0 is vulnerable to SQL Injection in rtbs/admin/index.php via the username parameter.
|
|||||
| CVE-2023-47990 | 1 Cuppacms | 1 Cuppacms | 2024-11-21 | N/A | 9.8 CRITICAL |
|
SQL Injection vulnerability in components/table_manager/html/edit_admin_table.php in CuppaCMS V1.0 allows attackers to run arbitrary SQL commands via the table parameter.
|
|||||
| CVE-2023-47852 | 1 Linkwhisper | 1 Link Whisper Free | 2024-11-21 | N/A | 8.5 HIGH |
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Link Whisper Link Whisper Free.This issue affects Link Whisper Free: from n/a through 0.6.5.
|
|||||
| CVE-2023-47637 | 1 Pimcore | 1 Pimcore | 2024-11-21 | N/A | 8.8 HIGH |
|
Pimcore is an Open Source Data & Experience Management Platform. In affected versions the `/admin/object/grid-proxy` endpoint calls `getFilterCondition()` on fields of classes to be filtered for, passing input from the request, and later executes the returned SQL. One implementation of `getFilterCondition()` is in `Multiselect`, which does not normalize/escape/validate the passed value. Any backend user with very basic permissions can execute arbitrary SQL statements and thus alter any data or ...
Show More |
|||||
| CVE-2023-47609 | 1 Oss-calendar | 1 Oss Calendar | 2024-11-21 | N/A | 8.8 HIGH |
|
SQL injection vulnerability in OSS Calendar versions prior to v.2.0.3 allows a remote authenticated attacker to execute arbitrary code or obtain and/or alter the information stored in the database by sending a specially crafted request.
|
|||||
| CVE-2023-47568 | 1 Qnap | 3 Qts, Quts Hero, Qutscloud | 2024-11-21 | N/A | 8.8 HIGH |
|
A SQL injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.5.2645 build 20240116 and later
QTS 4.5.4.2627 build 20231225 and later
QuTS hero h5.1.5.2647 build 20240118 and later
QuTS hero h4.5.4.2626 build 20231225 and later
QuTScloud c5.1.5.2651 and later
|
|||||
| CVE-2023-47558 | 1 Lindeni | 1 Who Hit The Page - Hit Counter | 2024-11-21 | N/A | 7.6 HIGH |
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mahlamusa Who Hit The Page – Hit Counter allows SQL Injection.This issue affects Who Hit The Page – Hit Counter: from n/a through 1.4.14.3.
|
|||||
| CVE-2023-47530 | 1 Wpvibes | 1 Redirect 404 Error Page To Homepage Or Custom Page With Logs | 2024-11-21 | N/A | 7.6 HIGH |
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPVibes Redirect 404 Error Page to Homepage or Custom Page with Logs allows SQL Injection.This issue affects Redirect 404 Error Page to Homepage or Custom Page with Logs: from n/a through 1.8.7.
|
|||||
| CVE-2023-47506 | 1 Masterslider | 1 Master Slider | 2024-11-21 | N/A | 7.6 HIGH |
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Master slider Master Slider Pro allows SQL Injection.This issue affects Master Slider Pro: from n/a through 3.6.5.
|
|||||
| CVE-2023-47445 | 1 Phpgurukul | 1 Pre-school Enrollment System | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Pre-School Enrollment version 1.0 is vulnerable to SQL Injection via the username parameter in preschool/admin/ page.
|
|||||
| CVE-2023-47438 | 2024-11-21 | N/A | 6.5 MEDIUM | ||
|
SQL Injection vulnerability in Reportico Till 8.1.0 allows attackers to obtain sensitive information or other system information via the project parameter.
|
|||||
| CVE-2023-47308 | 1 Activedesign | 1 Newsletterpop | 2024-11-21 | N/A | 9.8 CRITICAL |
|
In the module "Newsletter Popup PRO with Voucher/Coupon code" (newsletterpop) before version 2.6.1 from Active Design for PrestaShop, a guest can perform SQL injection in affected versions. The method `NewsletterpopsendVerificationModuleFrontController::checkEmailSubscription()` has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection.
|
|||||
| CVE-2023-47236 | 1 Ipages Flipbook Project | 1 Ipages Flipbook | 2024-11-21 | N/A | 7.6 HIGH |
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Avirtum iPages Flipbook For WordPress.This issue affects iPages Flipbook For WordPress: from n/a through 1.4.8.
|
|||||
| CVE-2023-47219 | 1 Qnap | 1 Qumagie | 2024-11-21 | N/A | 3.5 LOW |
|
A SQL injection vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network.
We have already fixed the vulnerability in the following version:
QuMagie 2.2.1 and later
|
|||||
| CVE-2023-47128 | 1 Piccolo-orm | 1 Piccolo | 2024-11-21 | N/A | 9.1 CRITICAL |
|
Piccolo is an object-relational mapping and query builder which supports asyncio. Prior to version 1.1.1, the handling of named transaction `savepoints` in all database implementations is vulnerable to SQL Injection via f-strings. While the likelihood of an end developer exposing a `savepoints` `name` parameter to a user is highly unlikely, it would not be unheard of. If a malicious user was able to abuse this functionality they would have essentially direct access to the database and the abilit ...
Show More |
|||||
| CVE-2023-46989 | 1 Innovadeluxe | 1 Quick Order | 2024-11-21 | N/A | 7.8 HIGH |
|
SQL Injection vulnerability in the Innovadeluxe Quick Order module for PrestaShop before v.1.4.0, allows local attackers to execute arbitrary code via the getProducts() function in the productlist.php file.
|
|||||
| CVE-2023-46981 | 1 Xxyopen | 1 Novel-plus | 2024-11-21 | N/A | 9.8 CRITICAL |
|
SQL injection vulnerability in Novel-Plus v.4.2.0 allows a remote attacker to execute arbitrary code via a crafted script to the sort parameter in /common/log/list.
|
|||||
| CVE-2023-46956 | 1 Oretnom23 | 1 Packers And Movers Management System | 2024-11-21 | N/A | 7.2 HIGH |
|
SQL injection vulnerability in Packers and Movers Management System v.1.0 allows a remote attacker to execute arbitrary code via crafted payload to the /mpms/admin/?page=user/manage_user&id file.
|
|||||
| CVE-2023-46954 | 1 Relativity | 1 Relativityone | 2024-11-21 | N/A | 9.8 CRITICAL |
|
SQL Injection vulnerability in Relativity ODA LLC RelativityOne v.12.1.537.3 Patch 2 and earlier allows a remote attacker to execute arbitrary code via the name parameter.
|
|||||
| CVE-2023-46914 | 1 Bookingcalendar Project | 1 Bookingcalendar | 2024-11-21 | N/A | 9.8 CRITICAL |
|
SQL Injection vulnerability in RM bookingcalendar module for PrestaShop versions 2.7.9 and before, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via ics_export.php.
|
|||||
| CVE-2023-46821 | 1 Dev4press | 1 Gd Security Headers | 2024-11-21 | N/A | 7.2 HIGH |
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Milan Petrovic GD Security Headers allows auth. (admin+) SQL Injection.This issue affects GD Security Headers: from n/a through 1.7.
|
|||||
| CVE-2023-46800 | 1 Projectworlds | 1 Online Matrimonial Project | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'id' parameter of the view_profile.php resource does not validate the characters received and they are sent unfiltered to the database.
|
|||||
| CVE-2023-46793 | 1 Projectworlds | 1 Online Matrimonial Project | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'day' parameter in the 'register()' function of the functions.php resource does not validate the characters received and they are sent unfiltered to the database.
|
|||||
| CVE-2023-46789 | 1 Projectworlds | 1 Online Matrimonial Project | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'filename' attribute of the 'pic1' multipart parameter of the functions.php resource does not validate the characters received and they are sent unfiltered to the database.
|
|||||
| CVE-2023-46788 | 1 Projectworlds | 1 Online Matrimonial Project | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'id' parameter in the 'uploadphoto()' function of the functions.php resource does not validate the characters received and they are sent unfiltered to the database.
|
|||||
| CVE-2023-46787 | 1 Projectworlds | 1 Online Matrimonial Project | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the auth/auth.php resource does not validate the characters received and they are sent unfiltered to the database.
|
|||||
| CVE-2023-46785 | 1 Projectworlds | 1 Online Matrimonial Project | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'id' parameter of the partner_preference.php resource does not validate the characters received and they are sent unfiltered to the database.
|
|||||
| CVE-2023-46727 | 1 Glpi-project | 1 Glpi | 2024-11-21 | N/A | 8.6 HIGH |
|
GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.11, GLPI inventory endpoint can be used to drive a SQL injection attack. Version 10.0.11 contains a patch for the issue. As a workaround, disable native inventory.
|
|||||
| CVE-2023-46700 | 1 Luxsoft | 1 Luxcal Web Calendar | 2024-11-21 | N/A | 9.8 CRITICAL |
|
SQL injection vulnerability in LuxCal Web Calendar prior to 5.2.4M (MySQL version) and LuxCal Web Calendar prior to 5.2.4L (SQLite version) allows a remote unauthenticated attacker to execute an arbitrary SQL command by sending a crafted request, and obtain or alter information stored in the database.
|
|||||