Total
18012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-45379 | 1 Posthemes | 1 Posrotatorimg | 2024-11-21 | N/A | 9.8 CRITICAL |
|
In the module "Rotator Img" (posrotatorimg) in versions at least up to 1.1 from PosThemes for PrestaShop, a guest can perform SQL injection.
|
|||||
| CVE-2023-45378 | 1 Hdclic | 1 Prestablog | 2024-11-21 | N/A | 9.8 CRITICAL |
|
In the module "PrestaBlog" (prestablog) version 4.4.7 and before from HDclic for PrestaShop, a guest can perform SQL injection. The script ajax slider_positions.php has a sensitive SQL call that can be executed with a trivial http call and exploited to forge a SQL injection.
|
|||||
| CVE-2023-45376 | 1 Hipresta | 1 Carousels Pack | 2024-11-21 | N/A | 9.8 CRITICAL |
|
In the module "Carousels Pack - Instagram, Products, Brands, Supplier" (hicarouselspack) for PrestaShop up to version 1.5.0 from HiPresta for PrestaShop, a guest can perform SQL injection via HiCpProductGetter::getViewedProduct().`
|
|||||
| CVE-2023-45375 | 1 01generator | 1 Pireospay | 2024-11-21 | N/A | 8.8 HIGH |
|
In the module "PireosPay" (pireospay) before version 1.7.10 from 01generator.com for PrestaShop, a guest can perform SQL injection via `PireosPayValidationModuleFrontController::postProcess().`
|
|||||
| CVE-2023-45347 | 1 Projectworlds | 1 Online Food Ordering Script | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The '*_verified' parameter of the routers/user-router.php resource does not validate the characters received and they are sent unfiltered to the database.
|
|||||
| CVE-2023-45346 | 1 Projectworlds | 1 Online Food Ordering Script | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The '*_role' parameter of the routers/user-router.php resource does not validate the characters received and they are sent unfiltered to the database.
|
|||||
| CVE-2023-45345 | 1 Projectworlds | 1 Online Food Ordering Script | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The '*_deleted' parameter of the routers/user-router.php resource does not validate the characters received and they are sent unfiltered to the database.
|
|||||
| CVE-2023-45344 | 1 Projectworlds | 1 Online Food Ordering System | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The '*_balance' parameter of the routers/user-router.php resource does not validate the characters received and they are sent unfiltered to the database.
|
|||||
| CVE-2023-45343 | 1 Projectworlds | 1 Online Food Ordering System | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'ticket_id' parameter of the routers/ticket-message.php resource does not validate the characters received and they are sent unfiltered to the database.
|
|||||
| CVE-2023-45342 | 1 Projectworlds | 1 Online Food Ordering System | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'phone' parameter of the routers/register-router.php resource does not validate the characters received and they are sent unfiltered to the database.
|
|||||
| CVE-2023-45341 | 1 Projectworlds | 1 Online Food Ordering System | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The '*_price' parameter of the routers/menu-router.php resource does not validate the characters received and they are sent unfiltered to the database.
|
|||||
| CVE-2023-45340 | 1 Projectworlds | 1 Online Food Ordering System | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'phone' parameter of the routers/details-router.php resource does not validate the characters received and they are sent unfiltered to the database.
|
|||||
| CVE-2023-45338 | 1 Projectworlds | 1 Online Food Ordering Script | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'id' parameter of the routers/add-ticket.php resource does not validate the characters received and they are sent unfiltered to the database.
|
|||||
| CVE-2023-45336 | 1 Projectworlds | 1 Online Food Ordering System | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'password' parameter of the routers/router.php resource does not validate the characters received and they are sent unfiltered to the database.
|
|||||
| CVE-2023-45334 | 1 Projectworlds | 1 Online Food Ordering System | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'status' parameter of the routers/edit-orders.php resource does not validate the characters received and they are sent unfiltered to the database.
|
|||||
| CVE-2023-45325 | 1 Projectworlds | 1 Online Food Ordering System | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'address' parameter of the routers/add-users.php resource does not validate the characters received and they are sent unfiltered to the database.
|
|||||
| CVE-2023-45323 | 1 Projectworlds | 1 Online Food Ordering System | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'name' parameter of the routers/add-item.php resource does not validate the characters received and they are sent unfiltered to the database.
|
|||||
| CVE-2023-45111 | 1 Online Examination System Project | 1 Online Examination System | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Online Examination System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'email' parameter of the feed.php resource does not validate the characters received and they are sent unfiltered to the database.
|
|||||
| CVE-2023-45055 | 1 Inspireui | 1 Mstore Api | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in InspireUI MStore API allows SQL Injection.This issue affects MStore API: from n/a through 4.0.6.
|
|||||
| CVE-2023-45046 | 1 Pressference | 1 Pressference Exporter | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Pressference Pressference Exporter allows SQL Injection.This issue affects Pressference Exporter: from n/a through 1.0.3.
|
|||||
| CVE-2023-45019 | 1 Online Bus Booking System Project | 1 Online Bus Booking System | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Online Bus Booking System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'category' parameter of the category.php resource does not validate the characters received and they are sent unfiltered to the database.
|
|||||
| CVE-2023-45018 | 1 Online Bus Booking System Project | 1 Online Bus Booking System | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Online Bus Booking System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the includes/login.php resource does not validate the characters received and they are sent unfiltered to the database.
|
|||||
| CVE-2023-45015 | 1 Online Bus Booking System Project | 1 Online Bus Booking System | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Online Bus Booking System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'date' parameter of the bus_info.php resource does not validate the characters received and they are sent unfiltered to the database.
|
|||||
| CVE-2023-45012 | 1 Online Bus Booking System Project | 1 Online Bus Booking System | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Online Bus Booking System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'user_email' parameter of the bus_info.php resource does not validate the characters received and they are sent unfiltered to the database.
|
|||||
| CVE-2023-45001 | 1 Castos | 1 Seriously Simple Stats | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Castos Seriously Simple Stats allows SQL Injection.This issue affects Seriously Simple Stats: from n/a through 1.5.0.
|
|||||
| CVE-2023-44961 | 1 Koha-community | 1 Koha Library Software | 2024-11-21 | N/A | 7.5 HIGH |
|
SQL Injection vulnerability in Koha Library Software 23.0.5.04 and before allows a remote attacker to obtain sensitive information via the intranet/cgi bin/cataloging/ysearch.pl. component.
|
|||||
| CVE-2023-44694 | 1 Dlink | 2 Dar-7000, Dar-7000 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
|
D-Link Online behavior audit gateway DAR-7000 V31R02B1413C is vulnerable to SQL Injection via /log/mailrecvview.php.
|
|||||
| CVE-2023-44693 | 1 Dlink | 2 Dar-7000, Dar-7000 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
|
D-Link Online behavior audit gateway DAR-7000 V31R02B1413C is vulnerable to SQL Injection via /importexport.php.
|
|||||
| CVE-2023-44482 | 1 Projectworlds | 1 Leave Management System | 2024-11-21 | N/A | 8.8 HIGH |
|
Leave Management System Project v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'setsickleave' parameter of the admin/setleaves.php resource does not validate the characters received and they are sent unfiltered to the database.
|
|||||
| CVE-2023-44481 | 1 Projectworlds | 1 Leave Management System | 2024-11-21 | N/A | 8.8 HIGH |
|
Leave Management System Project v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'setearnleave' parameter of the admin/setleaves.php resource does not validate the characters received and they are sent unfiltered to the database.
|
|||||
| CVE-2023-44480 | 1 Projectworlds | 1 Leave Management System | 2024-11-21 | N/A | 8.8 HIGH |
|
Leave Management System Project v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'setcasualleave' parameter of the admin/setleaves.php resource does not validate the characters received and they are sent unfiltered to the database.
|
|||||
| CVE-2023-44294 | 1 Dell | 1 Secure Connect Gateway | 2024-11-21 | N/A | 5.4 MEDIUM |
|
In Dell Secure Connect Gateway Application and Secure Connect Gateway Appliance (between v5.10.00.00 and v5.18.00.00), a security concern has been identified, where a malicious user with a valid User session may inject malicious content in filters of Collection Rest API.
This issue may potentially lead to unintentional information disclosure from the product database.
|
|||||
| CVE-2023-44293 | 1 Dell | 1 Secure Connect Gateway | 2024-11-21 | N/A | 5.4 MEDIUM |
|
In Dell Secure Connect Gateway Application and Secure Connect Gateway Appliance (between v5.10.00.00 and v5.18.00.00), a security concern has been identified, where a malicious user with a valid User session may inject malicious content in filters of IP Range Rest API. This issue may potentially lead to unintentional information disclosure from the product database.
|
|||||
| CVE-2023-44284 | 1 Dell | 12 Apex Protection Storage, Dd3300, Dd6400 and 9 more | 2024-11-21 | N/A | 4.3 MEDIUM |
|
Dell PowerProtect DD , versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an SQL Injection vulnerability. A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application's backend database causing unauthorized read access to application data.
|
|||||
| CVE-2023-44267 | 1 Projectworlds | 1 Online Art Gallery | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'lnm' parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database.
|
|||||
| CVE-2023-44166 | 1 Projectworlds | 1 Online Movie Ticket Booking System | 2024-11-21 | N/A | 9.8 CRITICAL |
|
The 'age' parameter of the process_registration.php resource
does not validate the characters received and they
are sent unfiltered to the database.
|
|||||
| CVE-2023-44164 | 1 Projectworlds | 1 Online Movie Ticket Booking System | 2024-11-21 | N/A | 9.8 CRITICAL |
|
The 'Email' parameter of the process_login.php resource
does not validate the characters received and they
are sent unfiltered to the database.
|
|||||
| CVE-2023-44163 | 1 Projectworlds | 1 Online Movie Ticket Booking System | 2024-11-21 | N/A | 9.8 CRITICAL |
|
The 'search' parameter of the process_search.php resource
does not validate the characters received and they
are sent unfiltered to the database.
|
|||||
| CVE-2023-44088 | 1 Pandorafms | 1 Pandora Fms | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Pandora FMS on all allows SQL Injection. Arbitrary SQL queries were allowed to be executed using any account with low privileges. This issue affects Pandora FMS: from 700 through 774.
|
|||||
| CVE-2023-44044 | 1 Superstorefinder | 1 Super Store Finder | 2024-11-21 | N/A | 7.2 HIGH |
|
Super Store Finder v3.6 and below was discovered to contain a SQL injection vulnerability via the Search parameter at /admin/stores.php.
|
|||||