Total
18012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-46679 | 1 Projectworlds | 1 Online Job Portal | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Online Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'txt_uname_email' parameter of the index.php resource does not validate the characters received and they are sent unfiltered to the database.
|
|||||
| CVE-2023-46677 | 1 Projectworlds | 1 Online Job Portal | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Online Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'txt_uname' parameter of the sign-up.php resource does not validate the characters received and they are sent unfiltered to the database.
|
|||||
| CVE-2023-46584 | 1 Phpgurukul | 1 Nipah Virus Testing Management System | 2024-11-21 | N/A | 9.8 CRITICAL |
|
SQL Injection vulnerability in PHPGurukul Nipah virus (NiV) " Testing Management System v.1.0 allows a remote attacker to escalate privileges via a crafted request to the new-user-testing.php endpoint.
|
|||||
| CVE-2023-46582 | 1 Code-projects | 1 Inventory Management | 2024-11-21 | N/A | 7.8 HIGH |
|
SQL injection vulnerability in Inventory Management v.1.0 allows a local attacker to execute arbitrary SQL commands via the id paramter in the deleteProduct.php component.
|
|||||
| CVE-2023-46581 | 1 Code-projects | 1 Inventory Management | 2024-11-21 | N/A | 5.5 MEDIUM |
|
SQL injection vulnerability in Inventory Management v.1.0 allows a local attacker to execute arbitrary code via the name, uname and email parameters in the registration.php component.
|
|||||
| CVE-2023-46575 | 1 Layer5 | 1 Meshery | 2024-11-21 | N/A | 9.8 CRITICAL |
|
A SQL injection vulnerability exists in Meshery prior to version v0.6.179, enabling a remote attacker to retrieve sensitive information and execute arbitrary code through the “order” parameter
|
|||||
| CVE-2023-46490 | 1 Cacti | 1 Cacti | 2024-11-21 | N/A | 6.5 MEDIUM |
|
SQL Injection vulnerability in Cacti v1.2.25 allows a remote attacker to obtain sensitive information via the form_actions() function in the managers.php function.
|
|||||
| CVE-2023-46482 | 1 Wuzhicms | 1 Wuzhicms | 2024-11-21 | N/A | 9.8 CRITICAL |
|
SQL injection vulnerability in wuzhicms v.4.1.0 allows a remote attacker to execute arbitrary code via the Database Backup Functionality in the coreframe/app/database/admin/index.php component.
|
|||||
| CVE-2023-46435 | 1 Oretnom23 | 1 Packers And Movers Management System | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Sourcecodester Packers and Movers Management System v1.0 is vulnerable to SQL Injection via mpms/?p=services/view_service&id.
|
|||||
| CVE-2023-46358 | 1 Snegurka | 1 Referralbyphone | 2024-11-21 | N/A | 9.8 CRITICAL |
|
In the module "Referral and Affiliation Program" (referralbyphone) version 3.5.1 and before from Snegurka for PrestaShop, a guest can perform SQL injection. Method `ReferralByPhoneDefaultModuleFrontController::ajaxProcessCartRuleValidate` has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection.
|
|||||
| CVE-2023-46357 | 1 Myprestamodules | 1 Cross Selling In Modal Cart | 2024-11-21 | N/A | 9.8 CRITICAL |
|
In the module "Cross Selling in Modal Cart" (motivationsale) < 3.5.0 from MyPrestaModules for PrestaShop, a guest can perform SQL injection. The method `motivationsaleDataModel::getProductsByIds()` has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection.
|
|||||
| CVE-2023-46356 | 1 Blmodules | 1 Csv Feeds Pro | 2024-11-21 | N/A | 9.8 CRITICAL |
|
In the module "CSV Feeds PRO" (csvfeeds) before 2.6.1 from Bl Modules for PrestaShop, a guest can perform SQL injection. The method `SearchApiCsv::getProducts()` has sensitive SQL call that can be executed with a trivial http call and exploited to forge a SQL injection.
|
|||||
| CVE-2023-46353 | 1 Mypresta | 1 Product Tag Icons Pro | 2024-11-21 | N/A | 9.8 CRITICAL |
|
In the module "Product Tag Icons Pro" (ticons) before 1.8.4 from MyPresta.eu for PrestaShop, a guest can perform SQL injection. The method TiconProduct::getTiconByProductAndTicon() has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection.
|
|||||
| CVE-2023-46349 | 1 Myprestamodules | 1 Updateproducts | 2024-11-21 | N/A | 9.8 CRITICAL |
|
In the module "Product Catalog (CSV, Excel) Export/Update" (updateproducts) < 3.8.5 from MyPrestaModules for PrestaShop, a guest can perform SQL injection. The method `productsUpdateModel::getExportIds()` has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection.
|
|||||
| CVE-2023-46348 | 1 Sunnytoo | 1 Sturls | 2024-11-21 | N/A | 9.8 CRITICAL |
|
SQL njection vulnerability in SunnyToo sturls before version 1.1.13, allows attackers to escalate privileges and obtain sensitive information via StUrls::hookActionDispatcher and StUrls::getInstanceId methods.
|
|||||
| CVE-2023-46347 | 1 Ndkdesign | 1 Ndk Steppingpack | 2024-11-21 | N/A | 9.8 CRITICAL |
|
In the module "Step by Step products Pack" (ndk_steppingpack) version 1.5.6 and before from NDK Design for PrestaShop, a guest can perform SQL injection. The method `NdkSpack::getPacks()` has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection.
|
|||||
| CVE-2023-46097 | 1 Siemens | 1 Simatic Pcs Neo | 2024-11-21 | N/A | 6.3 MEDIUM |
|
A vulnerability has been identified in SIMATIC PCS neo (All versions < V4.1). The PUD Manager of affected products does not properly neutralize user provided inputs. This could allow an authenticated adjacent attacker to execute SQL statements in the underlying database.
|
|||||
| CVE-2023-46084 | 1 Bplugins | 1 Icons Font Loader | 2024-11-21 | N/A | 8.8 HIGH |
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in bPlugins LLC Icons Font Loader allows SQL Injection.This issue affects Icons Font Loader: from n/a through 1.1.2.
|
|||||
| CVE-2023-46025 | 1 Phpgurukul | 1 Teacher Subject Allocation Management System | 2024-11-21 | N/A | 4.9 MEDIUM |
|
SQL Injection vulnerability in teacher-info.php in phpgurukul Teacher Subject Allocation Management System 1.0 allows attackers to obtain sensitive information via the 'editid' parameter.
|
|||||
| CVE-2023-46024 | 1 Phpgurukul | 1 Teacher Subject Allocation Management System | 2024-11-21 | N/A | 7.5 HIGH |
|
SQL Injection vulnerability in index.php in phpgurukul Teacher Subject Allocation Management System 1.0 allows attackers to run arbitrary SQL commands and obtain sensitive information via the 'searchdata' parameter.
|
|||||
| CVE-2023-46023 | 1 Code-projects | 1 Simple Task List | 2024-11-21 | N/A | 6.5 MEDIUM |
|
SQL injection vulnerability in addTask.php in Code-Projects Simple Task List 1.0 allows attackers to obtain sensitive information via the 'status' parameter.
|
|||||
| CVE-2023-46022 | 1 Code-projects | 1 Blood Bank | 2024-11-21 | N/A | 7.8 HIGH |
|
SQL Injection vulnerability in delete.php in Code-Projects Blood Bank 1.0 allows attackers to run arbitrary SQL commands via the 'bid' parameter.
|
|||||
| CVE-2023-46021 | 1 Code-projects | 1 Blood Bank | 2024-11-21 | N/A | 5.5 MEDIUM |
|
SQL Injection vulnerability in cancel.php in Code-Projects Blood Bank 1.0 allows attackers to run arbitrary commands via the 'reqid' parameter.
|
|||||
| CVE-2023-46018 | 1 Code-projects | 1 Blood Bank | 2024-11-21 | N/A | 5.5 MEDIUM |
|
SQL injection vulnerability in receiverReg.php in Code-Projects Blood Bank 1.0 \allows attackers to run arbitrary SQL commands via 'remail' parameter.
|
|||||
| CVE-2023-46017 | 1 Code-projects | 1 Blood Bank | 2024-11-21 | N/A | 5.5 MEDIUM |
|
SQL Injection vulnerability in receiverLogin.php in Code-Projects Blood Bank 1.0 allows attackers to run arbitrary SQL commands via 'remail' and 'rpassword' parameters.
|
|||||
| CVE-2023-46014 | 1 Code-projects | 1 Blood Bank | 2024-11-21 | N/A | 5.5 MEDIUM |
|
SQL Injection vulnerability in hospitalLogin.php in Code-Projects Blood Bank 1.0 allows attackers to run arbitrary SQL commands via 'hemail' and 'hpassword' parameters.
|
|||||
| CVE-2023-46007 | 1 Mayurik | 1 Best Courier Management System | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Sourcecodester Best Courier Management System 1.0 is vulnerable to SQL Injection via the parameter id in /edit_staff.php.
|
|||||
| CVE-2023-46006 | 1 Mayurik | 1 Best Courier Management System | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Sourcecodester Best Courier Management System 1.0 is vulnerable to SQL Injection via the parameter id in /edit_user.php.
|
|||||
| CVE-2023-46005 | 1 Mayurik | 1 Best Courier Management System | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Sourcecodester Best Courier Management System 1.0 is vulnerable to SQL Injection via the parameter id in /edit_branch.php.
|
|||||
| CVE-2023-45996 | 1 Slims | 2 Senayan Library Management System, Senayan Library Management System Bulian | 2024-11-21 | N/A | 8.8 HIGH |
|
SQL injection vulnerability in Senayan Library Management Systems Slims v.9 and Bulian v.9.6.1 allows a remote attacker to obtain sensitive information and execute arbitrary code via a crafted script to the reborrowLimit parameter in the member_type.php.
|
|||||
| CVE-2023-45951 | 1 Lylme | 1 Lylme Spage | 2024-11-21 | N/A | 9.8 CRITICAL |
|
lylme_spage v1.7.0 was discovered to contain a SQL injection vulnerability via the $userip parameter at function.php.
|
|||||
| CVE-2023-45830 | 1 Adaplugin | 1 Accessibility Suite By Online Ada | 2024-11-21 | N/A | 8.5 HIGH |
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Online ADA Accessibility Suite by Online ADA allows SQL Injection.This issue affects Accessibility Suite by Online ADA: from n/a through 4.12.
|
|||||
| CVE-2023-45826 | 1 Leantime | 1 Leantime | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Leantime is an open source project management system. A 'userId' variable in `app/domain/files/repositories/class.files.php` is not parameterized. An authenticated attacker can send a carefully crafted POST request to `/api/jsonrpc` to exploit an SQL injection vulnerability. Confidentiality is impacted as it allows for dumping information from the database. This issue has been addressed in version 2.4-beta-4. Users are advised to upgrade. There are no known workarounds for this vulnerability.
|
|||||
| CVE-2023-45800 | 1 Hanbiro | 1 Groupware | 2024-11-21 | N/A | 7.5 HIGH |
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Hanbiro Hanbiro groupware allows Information Elicitation.This issue affects Hanbiro groupware: from V3.8.79 before V3.8.81.1.
|
|||||
| CVE-2023-45684 | 1 Northern.tech | 1 Cfengine | 2024-11-21 | N/A | 7.5 HIGH |
|
Northern.tech CFEngine Enterprise before 3.21.3 allows SQL Injection. The fixed versions are 3.18.6 and 3.21.3. The earliest affected version is 3.6.0. The issue is in the Mission Portal login page in the CFEngine hub.
|
|||||
| CVE-2023-45674 | 1 Farmbot | 1 Farmbot Web App | 2024-11-21 | N/A | 7.7 HIGH |
|
Farmbot-Web-App is a web control interface for the Farmbot farm automation platform. An SQL injection vulnerability was found in FarmBot's web app that allows authenticated attackers to extract arbitrary data from its database (including the user table). This issue may lead to Information Disclosure. This issue has been patched in version 15.8.4. Users are advised to upgrade. There are no known workarounds for this issue.
|
|||||
| CVE-2023-45657 | 1 Posimyth | 1 Nexter | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in POSIMYTH Nexter allows SQL Injection.This issue affects Nexter: from n/a through 2.0.3.
|
|||||
| CVE-2023-45387 | 1 Myprestamodules | 1 Exportproducts | 2024-11-21 | N/A | 9.8 CRITICAL |
|
In the module "Product Catalog (CSV, Excel, XML) Export PRO" (exportproducts) in versions up to 5.0.0 from MyPrestaModules for PrestaShop, a guest can perform SQL injection via `exportProduct::_addDataToDb().`
|
|||||
| CVE-2023-45386 | 1 Mypresta | 1 Product Extra Tabs Pro | 2024-11-21 | N/A | 9.8 CRITICAL |
|
In the module extratabspro before version 2.2.8 from MyPresta.eu for PrestaShop, a guest can perform SQL injection via `extratabspro::searchcategory()`, `extratabspro::searchproduct()` and `extratabspro::searchmanufacturer().'
|
|||||
| CVE-2023-45381 | 1 Webshopworks | 1 Creativepopup | 2024-11-21 | N/A | 9.8 CRITICAL |
|
In the module "Creative Popup" (creativepopup) up to version 1.6.9 from WebshopWorks for PrestaShop, a guest can perform SQL injection via `cp_download_popup().`
|
|||||