Total
18012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-44025 | 1 Addify | 1 Free Gifts | 2024-11-21 | N/A | 9.8 CRITICAL |
|
SQL injection vulnerability in addify Addifyfreegifts v.1.0.2 and before allows a remote attacker to execute arbitrary code via a crafted script to the getrulebyid function in the AddifyfreegiftsModel.php component.
|
|||||
| CVE-2023-44024 | 1 Knowband | 1 One Page Checkout\, Social Login \& Mailchimp | 2024-11-21 | N/A | 9.8 CRITICAL |
|
SQL injection vulnerability in KnowBand Module One Page Checkout, Social Login & Mailchimp (supercheckout) v.8.0.3 and before allows a remote attacker to execute arbitrary code via a crafted request to the updateCheckoutBehaviour function in the supercheckout.php component.
|
|||||
| CVE-2023-43986 | 1 Dmconcept | 1 Configurator | 2024-11-21 | N/A | 9.8 CRITICAL |
|
DM Concept configurator before v4.9.4 was discovered to contain a SQL injection vulnerability via the component ConfiguratorAttachment::getAttachmentByToken.
|
|||||
| CVE-2023-43983 | 1 Presto-changeo | 1 Attribute Grid | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Presto Changeo attributegrid up to 2.0.3 was discovered to contain a SQL injection vulnerability via the component disable_json.php.
|
|||||
| CVE-2023-43980 | 1 Presto-changeo | 1 Testsitecreator | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Presto Changeo testsitecreator up to v1.1.1 was discovered to contain a SQL injection vulnerability via the component disable_json.php.
|
|||||
| CVE-2023-43979 | 1 Prestahero | 1 Ybc Blog | 2024-11-21 | N/A | 9.8 CRITICAL |
|
ETS Soft ybc_blog before v4.4.0 was discovered to contain a SQL injection vulnerability via the component Ybc_blogBlogModuleFrontController::getPosts().
|
|||||
| CVE-2023-43909 | 1 Hospital Management System Project | 1 Hospital Management System | 2024-11-21 | N/A | 9.1 CRITICAL |
|
Hospital Management System thru commit 4770d was discovered to contain a SQL injection vulnerability via the app_contact parameter in appsearch.php.
|
|||||
| CVE-2023-43899 | 1 Hansuncms Project | 1 Hansuncms | 2024-11-21 | N/A | 9.8 CRITICAL |
|
hansun CMS v1.0 was discovered to contain a SQL injection vulnerability via the component /ajax/ajax_login.ashx.
|
|||||
| CVE-2023-43836 | 1 Jizhicms | 1 Jizhicms | 2024-11-21 | N/A | 6.5 MEDIUM |
|
There is a SQL injection vulnerability in the Jizhicms 2.4.9 backend, which users can use to obtain database information
|
|||||
| CVE-2023-43813 | 1 Glpi-project | 1 Glpi | 2024-11-21 | N/A | 6.5 MEDIUM |
|
GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.11, the saved search feature can be used to perform a SQL injection. Version 10.0.11 contains a patch for the issue.
|
|||||
| CVE-2023-43739 | 1 Online Book Store Project Project | 1 Online Book Store Project | 2024-11-21 | N/A | 9.8 CRITICAL |
|
The 'bookisbn' parameter of the cart.php resource
does not validate the characters received and they
are sent unfiltered to the database.
|
|||||
| CVE-2023-43640 | 1 Speciesfilegroup | 1 Taxonworks | 2024-11-21 | N/A | 6.5 MEDIUM |
|
TaxonWorks is a web-based workbench designed for taxonomists and biodiversity scientists. Prior to version 0.34.0, a SQL injection vulnerability was found in TaxonWorks that allows authenticated attackers to extract arbitrary data from the TaxonWorks database (including the users table). This issue may lead to information disclosure. Version 0.34.0 contains a fix for the issue.
|
|||||
| CVE-2023-43507 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2024-11-21 | N/A | 7.2 HIGH |
|
A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An attacker could exploit this vulnerability to obtain and modify sensitive information in the underlying database potentially leading to complete compromise of the ClearPass Policy Manager cluster.
|
|||||
| CVE-2023-43470 | 1 Janobe | 1 Online Voting System | 2024-11-21 | N/A | 9.8 CRITICAL |
|
SQL injection vulnerability in janobe Online Voting System v.1.0 allows a remote attacker to execute arbitrary code via the checklogin.php component.
|
|||||
| CVE-2023-43469 | 1 Online Job Portal Project | 1 Online Job Portal | 2024-11-21 | N/A | 9.8 CRITICAL |
|
SQL injection vulnerability in janobe Online Job Portal v.2020 allows a remote attacker to execute arbitrary code via the ForPass.php component.
|
|||||
| CVE-2023-43468 | 1 Online Job Portal Project | 1 Online Job Portal | 2024-11-21 | N/A | 9.8 CRITICAL |
|
SQL injection vulnerability in janobe Online Job Portal v.2020 allows a remote attacker to execute arbitrary code via the login.php component.
|
|||||
| CVE-2023-43381 | 1 Tianchoy | 1 Blog | 2024-11-21 | N/A | 7.5 HIGH |
|
SQL Injection vulnerability in Tianchoy Blog v.1.8.8 allows a remote attacker to obtain sensitive information via the id parameter in the login.php
|
|||||
| CVE-2023-43377 | 1 Digitaldruid | 1 Hoteldruid | 2024-11-21 | N/A | 5.4 MEDIUM |
|
A cross-site scripting (XSS) vulnerability in /hoteldruid/visualizza_contratto.php of Hoteldruid v3.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the destinatario_email1 parameter.
|
|||||
| CVE-2023-43375 | 1 Digitaldruid | 1 Hoteldruid | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Hoteldruid v3.0.5 was discovered to contain multiple SQL injection vulnerabilities at /hoteldruid/clienti.php via the annonascita, annoscaddoc, giornonascita, giornoscaddoc, lingua_cli, mesenascita, and mesescaddoc parameters.
|
|||||
| CVE-2023-43374 | 1 Digitaldruid | 1 Hoteldruid | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the id_utente_log parameter at /hoteldruid/personalizza.php.
|
|||||
| CVE-2023-43373 | 1 Digitaldruid | 1 Hoteldruid | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the n_utente_agg parameter at /hoteldruid/interconnessioni.php.
|
|||||
| CVE-2023-43371 | 1 Digitaldruid | 1 Hoteldruid | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the numcaselle parameter at /hoteldruid/creaprezzi.php.
|
|||||
| CVE-2023-43274 | 1 Phpjabbers | 1 Php Shopping Cart | 2024-11-21 | N/A | 7.5 HIGH |
|
Phpjabbers PHP Shopping Cart 4.2 is vulnerable to SQL Injection via the id parameter.
|
|||||
| CVE-2023-43192 | 1 Jrecms | 1 Springbootcms | 2024-11-21 | N/A | 8.8 HIGH |
|
SQL injection can exist in a newly created part of the SpringbootCMS 1.0 background, and the parameters submitted by users are not filtered. As a result, special characters in parameters destroy the original logic of SQL statements. Attackers can use this vulnerability to execute any SQL statement.
|
|||||
| CVE-2023-43144 | 1 Projectworlds | 1 Asset Management System Project In Php | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Projectworldsl Assets-management-system-in-php 1.0 is vulnerable to SQL Injection via the "id" parameter in delete.php.
|
|||||
| CVE-2023-43132 | 1 Szvone | 1 Vmqphp | 2024-11-21 | N/A | 6.5 MEDIUM |
|
szvone vmqphp <=1.13 is vulnerable to SQL Injection. Unauthorized remote users can use sql injection attacks to obtain the hash of the administrator password.
|
|||||
| CVE-2023-43014 | 1 Projectworlds | 1 Asset Management System | 2024-11-21 | N/A | 8.8 HIGH |
|
Asset Management System v1.0 is vulnerable to
an Authenticated SQL Injection vulnerability
on the 'first_name' and 'last_name' parameters
of user.php page, allowing an authenticated
attacker to dump all the contents of the database
contents.
|
|||||
| CVE-2023-43013 | 1 Projectworlds | 1 Asset Management System | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Asset Management System v1.0 is vulnerable to an
unauthenticated SQL Injection vulnerability on the
'email' parameter of index.php page, allowing an
external attacker to dump all the contents of the
database contents and bypass the login control.
|
|||||
| CVE-2023-42660 | 1 Progress | 1 Moveit Transfer | 2024-11-21 | N/A | 8.8 HIGH |
|
In Progress MOVEit Transfer versions released before 2021.1.8 (13.1.8), 2022.0.8 (14.0.8), 2022.1.9 (14.1.9), 2023.0.6 (15.0.6), a SQL injection vulnerability has been identified in the MOVEit Transfer machine interface that could allow an authenticated attacker to gain unauthorized access to the MOVEit Transfer database. An attacker could submit a crafted payload to the MOVEit Transfer machine interface which could result in modification and disclosure of MOVEit database content.
|
|||||
| CVE-2023-42461 | 1 Glpi-project | 1 Glpi | 2024-11-21 | N/A | 6.5 MEDIUM |
|
GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. The ITIL actors input field from the Ticket form can be used to perform a SQL injection. Users are advised to upgrade to version 10.0.10. There are no known workarounds for this vulnerability.
|
|||||
| CVE-2023-42406 | 1 Dlink | 2 Dar-7000, Dar-7000 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
|
SQL injection vulnerability in D-Link Online behavior audit gateway DAR-7000 V31R02B1413C allows a remote attacker to obtain sensitive information and execute arbitrary code via the editrole.php component.
|
|||||
| CVE-2023-42405 | 1 Fit2cloud | 1 Rackshift | 2024-11-21 | N/A | 9.8 CRITICAL |
|
SQL injection vulnerability in FIT2CLOUD RackShift v1.7.1 allows attackers to execute arbitrary code via the `sort` parameter to taskService.list(), bareMetalService.list(), and switchService.list().
|
|||||
| CVE-2023-42359 | 1 Exam Form Submission In Php With Source Code Project | 1 Exam Form Submission In Php With Source Code | 2024-11-21 | N/A | 9.8 CRITICAL |
|
SQL injection vulnerability in Exam Form Submission in PHP with Source Code v.1.0 allows a remote attacker to escalate privileges via the val-username parameter in /index.php.
|
|||||
| CVE-2023-42284 | 1 Tyk | 1 Tyk | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Blind SQL injection in api_version parameter in Tyk Gateway version 5.0.3 allows attacker to access and dump the database via a crafted SQL query.
|
|||||
| CVE-2023-42283 | 1 Tyk | 1 Tyk | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Blind SQL injection in api_id parameter in Tyk Gateway version 5.0.3 allows attacker to access and dump the database via a crafted SQL query.
|
|||||
| CVE-2023-42279 | 1 Iteachyou | 1 Dreamer Cms | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Dreamer CMS v4.1.3 was discovered to contain a SQL injection vulnerability via the model-form-management-field form.
|
|||||
| CVE-2023-42268 | 1 Jeecg | 1 Jeecg Boot | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Jeecg boot up to v3.5.3 was discovered to contain a SQL injection vulnerability via the component /jeecg-boot/jmreport/show.
|
|||||
| CVE-2023-41891 | 1 Flyte | 1 Flyteadmin | 2024-11-21 | N/A | 3.5 LOW |
|
FlyteAdmin is the control plane for Flyte responsible for managing entities and administering workflow executions. Prior to version 1.1.124, list endpoints on FlyteAdmin have a SQL vulnerability where a malicious user can send a REST request with custom SQL statements as list filters. The attacker needs to have access to the FlyteAdmin installation, typically either behind a VPN or authentication. Version 1.1.124 contains a patch for this issue.
|
|||||
| CVE-2023-41887 | 1 Openrefine | 1 Openrefine | 2024-11-21 | N/A | 9.8 CRITICAL |
|
OpenRefine is a powerful free, open source tool for working with messy data. Prior to version 3.7.5, a remote code execution vulnerability allows any unauthenticated user to execute code on the server. Version 3.7.5 has a patch for this issue.
|
|||||
| CVE-2023-41886 | 1 Openrefine | 1 Openrefine | 2024-11-21 | N/A | 7.5 HIGH |
|
OpenRefine is a powerful free, open source tool for working with messy data. Prior to version 3.7.5, an arbitrary file read vulnerability allows any unauthenticated user to read a file on a server. Version 3.7.5 fixes this issue.
|
|||||