Total
18012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-41685 | 1 Ilghera | 1 Woocommerce Support System | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ilGhera Woocommerce Support System allows SQL Injection.This issue affects Woocommerce Support System: from n/a through 1.2.1.
|
|||||
| CVE-2023-41652 | 1 Carrcommunications | 1 Rsvpmaker | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David F. Carr RSVPMaker rsvpmaker allows SQL Injection.This issue affects RSVPMaker: from n/a through 10.6.6.
|
|||||
| CVE-2023-41640 | 1 Grupposcai | 1 Realgimm | 2024-11-21 | N/A | 8.8 HIGH |
|
An improper error handling vulnerability in the component ErroreNonGestito.aspx of GruppoSCAI RealGimm 1.1.37p38 allows attackers to obtain sensitive technical information via a crafted SQL query.
|
|||||
| CVE-2023-41636 | 1 Grupposcai | 1 Realgimm | 2024-11-21 | N/A | 9.8 CRITICAL |
|
A SQL injection vulnerability in the Data Richiesta dal parameter of GruppoSCAI RealGimm v1.1.37p38 allows attackers to access the database and execute arbitrary commands via a crafted SQL query.
|
|||||
| CVE-2023-41623 | 1 Emlog | 1 Emlog | 2024-11-21 | N/A | 7.2 HIGH |
|
Emlog version pro2.1.14 was discovered to contain a SQL injection vulnerability via the uid parameter at /admin/media.php.
|
|||||
| CVE-2023-41615 | 1 Phpgurukul | 1 Zoo Management System | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Zoo Management System v1.0 was discovered to contain multiple SQL injection vulnerabilities in the Admin sign-in page via the username and password fields.
|
|||||
| CVE-2023-41594 | 1 Phpgurukul | 1 Dairy Farm Shop Management System | 2024-11-21 | N/A | 7.5 HIGH |
|
Dairy Farm Shop Management System Using PHP and MySQL v1.1 was discovered to contain multiple SQL injection vulnerabilities in the Login function via the Username and Password parameters.
|
|||||
| CVE-2023-41543 | 1 Jeecg | 1 Jeecg Boot | 2024-11-21 | N/A | 9.8 CRITICAL |
|
SQL injection vulnerability in jeecg-boot v3.5.3, allows remote attackers to escalate privileges and obtain sensitive information via the component /sys/replicate/check.
|
|||||
| CVE-2023-41542 | 1 Jeecg | 1 Jeecg Boot | 2024-11-21 | N/A | 9.8 CRITICAL |
|
SQL injection vulnerability in jeecg-boot version 3.5.3, allows remote attackers to escalate privileges and obtain sensitive information via the jmreport/qurestSql component.
|
|||||
| CVE-2023-41539 | 1 Phpjabbers | 1 Business Directory Script | 2024-11-21 | N/A | 7.5 HIGH |
|
phpjabbers Business Directory Script 3.2 is vulnerable to SQL Injection via the column parameter.
|
|||||
| CVE-2023-41507 | 1 Superstorefinder | 1 Super Store Finder | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Super Store Finder v3.6 was discovered to contain multiple SQL injection vulnerabilities in the store locator component via the products, distance, lat, and lng parameters.
|
|||||
| CVE-2023-41443 | 1 Xxyopen | 1 Novel-plus | 2024-11-21 | N/A | 7.2 HIGH |
|
SQL injection vulnerability in Novel-Plus v.4.1.0 allows a remote attacker to execute arbitrary code via a crafted script to the sort parameter in /sys/menu/list.
|
|||||
| CVE-2023-41387 | 2 Apple, Patreon | 2 Iphone Os, Flutter Downloader | 2024-11-21 | N/A | 9.1 CRITICAL |
|
A SQL injection in the flutter_downloader component through 1.11.1 for iOS allows remote attackers to steal session tokens and overwrite arbitrary files inside the app's container. The internal database of the framework is exposed to the local user if an app uses UIFileSharingEnabled and LSSupportsOpeningDocumentsInPlace properties. As a result, local users can obtain the same attack primitives as remote attackers by tampering with the internal database of the framework on the device.
|
|||||
| CVE-2023-41364 | 1 Metaways | 1 Tine | 2024-11-21 | N/A | 9.8 CRITICAL |
|
In tine through 2023.01.14.325, the sort parameter of the /index.php endpoint allows SQL Injection.
|
|||||
| CVE-2023-41328 | 1 Frappe | 1 Frappe | 2024-11-21 | N/A | 4.2 MEDIUM |
|
Frappe is a low code web framework written in Python and Javascript. A SQL Injection vulnerability has been identified in the Frappe Framework which could allow a malicious actor to access sensitive information. This issue has been addressed in versions 13.46.1 and 14.20.0. Users are advised to upgrade. There's no workaround to fix this without upgrading.
|
|||||
| CVE-2023-41320 | 1 Glpi-project | 1 Glpi | 2024-11-21 | N/A | 8.1 HIGH |
|
GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. UI layout preferences management can be hijacked to lead to SQL injection. This injection can be use to takeover an administrator account. Users are advised to upgrade to version 10.0.10. There are no known workarounds for this vulnerability.
|
|||||
| CVE-2023-41287 | 1 Qnap | 1 Video Station | 2024-11-21 | N/A | 4.3 MEDIUM |
|
A SQL injection vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow users to inject malicious code via a network.
We have already fixed the vulnerability in the following version:
Video Station 5.7.2 ( 2023/11/23 ) and later
|
|||||
| CVE-2023-41285 | 1 Qnap | 1 Qumagie | 2024-11-21 | N/A | 7.4 HIGH |
|
A SQL injection vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network.
We have already fixed the vulnerability in the following version:
QuMagie 2.1.4 and later
|
|||||
| CVE-2023-41284 | 1 Qnap | 1 Qumagie | 2024-11-21 | N/A | 7.4 HIGH |
|
A SQL injection vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network.
We have already fixed the vulnerability in the following version:
QuMagie 2.1.4 and later
|
|||||
| CVE-2023-41262 | 1 Plixer | 1 Scrutinizer | 2024-11-21 | N/A | 9.8 CRITICAL |
|
An issue was discovered in /fcgi/scrut_fcgi.fcgi in Plixer Scrutinizer before 19.3.1. The csvExportReport endpoint action generateCSV is vulnerable to SQL injection through the sorting parameter, allowing an unauthenticated user to execute arbitrary SQL statements in the context of the application's backend database server.
|
|||||
| CVE-2023-40989 | 1 Jeecg | 1 Jeecg Boot | 2024-11-21 | N/A | 9.8 CRITICAL |
|
SQL injection vulnerbility in jeecgboot jeecg-boot v 3.0, 3.5.3 that allows a remote attacker to execute arbitrary code via a crafted request to the report/jeecgboot/jmreport/queryFieldBySql component.
|
|||||
| CVE-2023-40970 | 1 Slims | 1 Senayan Library Management System | 2024-11-21 | N/A | 8.8 HIGH |
|
Senayan Library Management Systems SLIMS 9 Bulian v 9.6.1 is vulnerable to SQL Injection via admin/modules/circulation/loan_rules.php.
|
|||||
| CVE-2023-40958 | 1 Didotech | 1 Engineering \& Lifecycle Management | 2024-11-21 | N/A | 8.8 HIGH |
|
A SQL injection vulnerability in Didotech srl Engineering & Lifecycle Management (aka pdm) v.14.0, v.15.0 and v.16.0 fixed in pdm-14.0.1.0.0, pdm-15.0.1.0.0, and pdm-16.0.1.0.0 allows a remote authenticated attacker to execute arbitrary code via the query parameter in models/base_client.py component.
|
|||||
| CVE-2023-40957 | 1 Didotech | 1 Engineering \& Lifecycle Management | 2024-11-21 | N/A | 8.8 HIGH |
|
A SQL injection vulnerability in Didotech srl Engineering & Lifecycle Management (aka pdm) v.14.0, v.15.0 and v.16.0 fixed in pdm-14.0.1.0.0, pdm-15.0.1.0.0, and pdm-16.0.1.0.0 allows a remote authenticated attacker to execute arbitrary code via the request parameter in models/base_client.py component.
|
|||||
| CVE-2023-40956 | 1 Cloudroits | 1 Wesite Job Search | 2024-11-21 | N/A | 8.8 HIGH |
|
A SQL injection vulnerability in Cloudroits Website Job Search v.15.0 allows a remote authenticated attacker to execute arbitrary code via the name parameter in controllers/main.py component.
|
|||||
| CVE-2023-40955 | 1 Didotech | 1 Engineering \& Lifecycle Management | 2024-11-21 | N/A | 8.8 HIGH |
|
A SQL injection vulnerability in Didotech srl Engineering & Lifecycle Management (aka pdm) v.14.0, v.15.0 and v.16.0 fixed in pdm-14.0.1.0.0, pdm-15.0.1.0.0, and pdm-16.0.1.0.0 allows a remote authenticated attacker to execute arbitrary code via the select parameter in models/base_client.py component.
|
|||||
| CVE-2023-40954 | 1 Gmarczynski | 1 Dynamic Progress Bar | 2024-11-21 | N/A | 9.8 CRITICAL |
|
A SQL injection vulnerability in Grzegorz Marczynski Dynamic Progress Bar (aka web_progress) v. 11.0 through 11.0.2, v12.0 through v12.0.2, v.13.0 through v13.0.2, v.14.0 through v14.0.2.1, v.15.0 through v15.0.2, and v16.0 through v16.0.2.1 allows a remote attacker to gain privileges via the recency parameter in models/web_progress.py component.
|
|||||
| CVE-2023-40946 | 1 Schoolmate Project | 1 Schoolmate | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Schoolmate 1.3 is vulnerable to SQL Injection in the variable $username from SESSION in ValidateLogin.php.
|
|||||
| CVE-2023-40945 | 1 Doctor Appointment System Project | 1 Doctor Appointment System | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Sourcecodester Doctor Appointment System 1.0 is vulnerable to SQL Injection in the variable $userid at doctors\myDetails.php.
|
|||||
| CVE-2023-40944 | 1 Schoolmate Project | 1 Schoolmate | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Schoolmate 1.3 is vulnerable to SQL Injection in the variable $schoolname from Database at ~\header.php.
|
|||||
| CVE-2023-40934 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | N/A | 7.2 HIGH |
|
A SQL injection vulnerability in Nagios XI 5.11.1 and below allows authenticated attackers with privileges to manage host escalations in the Core Configuration Manager to execute arbitrary SQL commands via the host escalation notification settings.
|
|||||
| CVE-2023-40933 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | N/A | 8.8 HIGH |
|
A SQL injection vulnerability in Nagios XI v5.11.1 and below allows authenticated attackers with announcement banner configuration privileges to execute arbitrary SQL commands via the ID parameter sent to the update_banner_message() function.
|
|||||
| CVE-2023-40931 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | N/A | 6.5 MEDIUM |
|
A SQL injection vulnerability in Nagios XI from version 5.11.0 up to and including 5.11.1 allows authenticated attackers to execute arbitrary SQL commands via the ID parameter in the POST request to /nagiosxi/admin/banner_message-ajaxhelper.php
|
|||||
| CVE-2023-40922 | 1 Kerawen | 1 Kerawen | 2024-11-21 | N/A | 9.8 CRITICAL |
|
kerawen before v2.5.1 was discovered to contain a SQL injection vulnerability via the ocs_id_cart parameter at KerawenDeliveryModuleFrontController::initContent().
|
|||||
| CVE-2023-40921 | 1 Common-services | 1 Soliberte | 2024-11-21 | N/A | 9.8 CRITICAL |
|
SQL Injection vulnerability in functions/point_list.php in Common Services soliberte before v4.3.03 allows attackers to obtain sensitive information via the lat and lng parameters.
|
|||||
| CVE-2023-40920 | 1 Prixan | 1 Prixanconnect | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Prixan prixanconnect up to v1.62 was discovered to contain a SQL injection vulnerability via the component CartsGuruCatalogModuleFrontController::importProducts().
|
|||||
| CVE-2023-40852 | 1 User Registration \& Login And User Management System With Admin Panel Project | 1 User Registration \& Login And User Management System With Admin Panel | 2024-11-21 | N/A | 9.8 CRITICAL |
|
SQL Injection vulnerability in Phpgurukul User Registration & Login and User Management System With admin panel 3.0 allows attackers to obtain sensitive information via crafted string in the admin user name field on the admin log in page.
|
|||||
| CVE-2023-40787 | 1 Bladex | 1 Springblade | 2024-11-21 | N/A | 9.8 CRITICAL |
|
In SpringBlade V3.6.0 when executing SQL query, the parameters submitted by the user are not wrapped in quotation marks, which leads to SQL injection.
|
|||||
| CVE-2023-40771 | 1 Dataease | 1 Dataease | 2024-11-21 | N/A | 7.5 HIGH |
|
SQL injection vulnerability in DataEase v.1.18.9 allows a remote attacker to obtain sensitive information via a crafted string outside of the blacklist function.
|
|||||
| CVE-2023-40749 | 1 Phpjabbers | 1 Food Delivery Script | 2024-11-21 | N/A | 9.8 CRITICAL |
|
PHPJabbers Food Delivery Script v3.0 is vulnerable to SQL Injection in the "column" parameter of index.php.
|
|||||