Total
18012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-28787 | 2024-11-21 | N/A | 9.3 CRITICAL | ||
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ExpressTech Quiz And Survey Master.This issue affects Quiz And Survey Master: from n/a through 8.1.4.
|
|||||
| CVE-2023-28777 | 1 Learndash | 1 Learndash | 2024-11-21 | N/A | 8.8 HIGH |
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LearnDash LearnDash LMS allows SQL Injection.This issue affects LearnDash LMS: from n/a through 4.5.3.
|
|||||
| CVE-2023-28748 | 1 Appjetty | 1 Copy Or Move Comments | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in biztechc Copy or Move Comments allows SQL Injection.This issue affects Copy or Move Comments: from n/a through 5.0.4.
|
|||||
| CVE-2023-28701 | 1 Elite | 1 Webfax | 2024-11-21 | N/A | 9.8 CRITICAL |
|
ELITE TECHNOLOGY CORP. Web Fax has a vulnerability of SQL Injection. An unauthenticated remote attacker can inject SQL commands into the input field of the login page to perform arbitrary system commands, disrupt service or terminate service.
|
|||||
| CVE-2023-28661 | 1 Accesspressthemes | 1 Wp Popup Banners | 2024-11-21 | N/A | 8.8 HIGH |
|
The WP Popup Banners WordPress Plugin, version <= 1.2.5, is affected by an authenticated SQL injection vulnerability in the 'value' parameter in the get_popup_data action.
|
|||||
| CVE-2023-28660 | 1 E-dynamics | 1 Events Made Easy | 2024-11-21 | N/A | 8.8 HIGH |
|
The Events Made Easy WordPress Plugin, version <= 2.3.14 is affected by an authenticated SQL injection vulnerability in the 'search_name' parameter in the eme_recurrences_list action.
|
|||||
| CVE-2023-28491 | 1 Tribulant | 1 Slideshow Gallery | 2024-11-21 | N/A | 6.7 MEDIUM |
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tribulant Slideshow Gallery LITE.This issue affects Slideshow Gallery LITE: from n/a through 1.7.6.
|
|||||
| CVE-2023-28438 | 1 Pimcore | 1 Pimcore | 2024-11-21 | N/A | 6.2 MEDIUM |
|
Pimcore is an open source data and experience management platform. Prior to version 10.5.19, since a user with 'report' permission can already write arbitrary SQL queries and given the fact that this endpoint is using the GET method (no CSRF protection), an attacker can inject an arbitrary query by manipulating a user to click on a link. Users should upgrade to version 10.5.19 to receive a patch or, as a workaround, may apply the patch manually.
|
|||||
| CVE-2023-28437 | 1 Dataease | 1 Dataease | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Dataease is an open source data visualization and analysis tool. The blacklist for SQL injection protection is missing entries. This vulnerability has been fixed in version 1.18.5. There are no known workarounds.
|
|||||
| CVE-2023-28329 | 1 Moodle | 1 Moodle | 2024-11-21 | N/A | 8.8 HIGH |
|
Insufficient validation of profile field availability condition resulted in an SQL injection risk (by default only available to teachers and managers).
|
|||||
| CVE-2023-28108 | 1 Pimcore | 1 Pimcore | 2024-11-21 | N/A | 7.9 HIGH |
|
Pimcore is an open source data and experience management platform. Prior to version 10.5.19, quoting is not done properly in UUID DAO model. There is the theoretical possibility to inject custom SQL if the developer is using this methods with input data and not doing proper input validation in advance and so relies on the auto-quoting being done by the DAO class. Users should update to version 10.5.19 to receive a patch or, as a workaround, apply the patch manually.
|
|||||
| CVE-2023-28019 | 1 Hcltech | 1 Bigfix Webui | 2024-11-21 | N/A | 5.5 MEDIUM |
|
Insufficient validation in Bigfix WebUI API App site version < 14 allows an authenticated WebUI user to issue SQL queries via an unparameterized SQL query.
|
|||||
| CVE-2023-27847 | 1 Xipblog Project | 1 Xipblog | 2024-11-21 | N/A | 9.8 CRITICAL |
|
SQL injection vulnerability found in PrestaShop xipblog v.2.0.1 and before allow a remote attacker to gain privileges via the xipcategoryclass and xippostsclass components.
|
|||||
| CVE-2023-27846 | 1 Themevolty | 1 Theme Volty Cms Blog | 2024-11-21 | N/A | 9.8 CRITICAL |
|
SQL injection vulnerability found in PrestaShop themevolty v.4.0.8 and before allow a remote attacker to gain privileges via the tvcmsblog, tvcmsvideotab, tvcmswishlist, tvcmsbrandlist, tvcmscategorychainslider, tvcmscategoryproduct, tvcmscategoryslider, tvcmspaymenticon, tvcmstestimonial components.
|
|||||
| CVE-2023-27845 | 1 Kerawen | 1 Omnichannel Stocks | 2024-11-21 | N/A | 9.8 CRITICAL |
|
SQL injection vulnerability found in PrestaShop lekerawen_ocs before v.1.4.1 allow a remote attacker to gain privileges via the KerawenHelper::setCartOperationInfo, and KerawenHelper::resetCheckoutSessionData components.
|
|||||
| CVE-2023-27610 | 1 Transbank | 1 Transbank Webpay Rest | 2024-11-21 | N/A | 5.5 MEDIUM |
|
Auth. (admin+) SQL Injection (SQLi) vulnerability in TransbankDevelopers Transbank Webpay REST plugin <= 1.6.6 versions.
|
|||||
| CVE-2023-27605 | 1 Wp Reroute Email Project | 1 Wp Reroute Email | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Sajjad Hossain WP Reroute Email allows SQL Injection.This issue affects WP Reroute Email: from n/a through 1.4.6.
|
|||||
| CVE-2023-27463 | 1 Siemens | 1 Ruggedcom Crossbow | 2024-11-21 | N/A | 8.8 HIGH |
|
A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.3). The audit log form of affected applications is vulnerable to SQL injection. This could allow authenticated remote attackers to execute arbitrary SQL queries on the server database.
|
|||||
| CVE-2023-27411 | 1 Siemens | 1 Ruggedcom Crossbow | 2024-11-21 | N/A | 8.8 HIGH |
|
A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.4). The affected applications is vulnerable to SQL injection. This could allow an authenticated remote attackers to execute arbitrary SQL queries on the server database and escalate privileges.
|
|||||
| CVE-2023-27262 | 1 Idattend | 1 Idweb | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Unauthenticated SQL injection in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.
|
|||||
| CVE-2023-27260 | 1 Idattend | 1 Idweb | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Unauthenticated SQL injection in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.
|
|||||
| CVE-2023-27255 | 1 Idattend | 1 Idweb | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Unauthenticated SQL injection in the DeleteRoomChanges method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.
|
|||||
| CVE-2023-27254 | 1 Idattend | 1 Idweb | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Unauthenticated SQL injection in the GetRoomChanges method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.
|
|||||
| CVE-2023-27214 | 1 Online Student Management System Project | 1 Online Student Management System | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Online Student Management System v1.0 was discovered to contain multiple SQL injection vulnerabilities via the fromdate and todate parameters at /eduauth/student/between-date-reprtsdetails.php.
|
|||||
| CVE-2023-27213 | 1 Online Student Management System Project | 1 Online Student Management System | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Online Student Management System v1.0 was discovered to contain a SQL injection vulnerability via the searchdata parameter at /eduauth/student/search.php.
|
|||||
| CVE-2023-27210 | 1 Online Pizza Ordering System Project | 1 Online Pizza Ordering System | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Online Pizza Ordering System 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/view_order.php.
|
|||||
| CVE-2023-27207 | 1 Online Pizza Ordering System Project | 1 Online Pizza Ordering System | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Online Pizza Ordering System 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/manage_user.php.
|
|||||
| CVE-2023-27205 | 1 Best Pos Management System Project | 1 Best Pos Management System | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Best POS Management System 1.0 was discovered to contain a SQL injection vulnerability via the month parameter at /kruxton/sales_report.php.
|
|||||
| CVE-2023-27204 | 1 Best Pos Management System Project | 1 Best Pos Management System | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Best POS Management System 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /kruxton/manage_user.php.
|
|||||
| CVE-2023-27074 | 1 Phpgurukul | 1 Bp Monitoring Management System | 2024-11-21 | N/A | 9.8 CRITICAL |
|
BP Monitoring Management System v1.0 was discovered to contain a SQL injection vulnerability via the emailid parameter in the login page.
|
|||||
| CVE-2023-27037 | 1 Qibosoft | 1 Qibocms | 2024-11-21 | N/A | 8.8 HIGH |
|
Qibosoft QiboCMS v7 was discovered to contain a remote code execution (RCE) vulnerability via the Get_Title function at label_set_rs.php
|
|||||
| CVE-2023-27034 | 1 Joommasters | 1 Jms Blog | 2024-11-21 | N/A | 9.8 CRITICAL |
|
PrestaShop jmsblog 2.5.5 was discovered to contain a SQL injection vulnerability.
|
|||||
| CVE-2023-26959 | 1 Phpgurukul | 1 Park Ticketing Management System | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Phpgurukul Park Ticketing Management System 1.0 is vulnerable to SQL Injection via the User Name parameter.
|
|||||
| CVE-2023-26861 | 1 Vivawallet | 1 Viva Wallet | 2024-11-21 | N/A | 9.8 CRITICAL |
|
SQL injection vulnerability found in PrestaShop vivawallet v.1.7.10 and before allows a remote attacker to gain privileges via the vivawallet() module.
|
|||||
| CVE-2023-26859 | 1 Brevo | 1 Brevo | 2024-11-21 | N/A | 9.8 CRITICAL |
|
SQL injection vulnerability found in PrestaShop sendinblue v.4.0.15 and before allow a remote attacker to gain privileges via the ajaxOrderTracking.php component.
|
|||||
| CVE-2023-26784 | 1 Tosec | 1 Kirin Fortress Machine | 2024-11-21 | N/A | 9.8 CRITICAL |
|
SQL Injection vulnerability found in Kirin Fortress Machine v.1.7-2020-0610 allows attackers to execute arbitrary code via the /admin.php?controller=admin_commonuser parameter.
|
|||||
| CVE-2023-26780 | 1 Yf-exam Project | 1 Yf-exam | 2024-11-21 | N/A | 9.8 CRITICAL |
|
CleverStupidDog yf-exam v 1.8.0 is vulnerable to SQL Injection.
|
|||||
| CVE-2023-26584 | 1 Idattend | 1 Idweb | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Unauthenticated SQL injection in the GetStudentInconsistencies method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.
|
|||||
| CVE-2023-26583 | 1 Idattend | 1 Idweb | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Unauthenticated SQL injection in the GetCurrentPeriod method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.
|
|||||
| CVE-2023-26582 | 1 Idattend | 1 Idweb | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Unauthenticated SQL injection in the GetExcursionDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.
|
|||||