Search Results (37314 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-24774 1 Funadmin 1 Funadmin 2025-02-28 9.8 Critical
Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the selectFields parameter at \controller\auth\Auth.php.
CVE-2023-1301 1 Friendly Island Pizza Website And Ordering System Project 1 Friendly Island Pizza Website And Ordering System 2025-02-28 6.3 Medium
A vulnerability, which was classified as critical, has been found in SourceCodester Friendly Island Pizza Website and Ordering System 1.0. Affected by this issue is some unknown functionality of the file deleteorder.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-222662 is the identifier assigned to this vulnerability.
CVE-2024-23675 1 Splunk 2 Cloud, Splunk 2025-02-28 6.5 Medium
In Splunk Enterprise versions below 9.0.8 and 9.1.3, Splunk app key value store (KV Store) improperly handles permissions for users that use the REST application programming interface (API). This can potentially result in the deletion of KV Store collections.
CVE-2024-36995 1 Splunk 2 Splunk, Splunk Cloud Platform 2025-02-28 4.3 Medium
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could create experimental items.
CVE-2024-45732 1 Splunk 3 Splunk, Splunk Cloud Platform, Splunk Enterprise 2025-02-28 7.1 High
In Splunk Enterprise versions below 9.3.1, and 9.2.0 versions below 9.2.3, and Splunk Cloud Platform versions below 9.2.2403.103, 9.1.2312.200, 9.1.2312.110 and 9.1.2308.208, a low-privileged user that does not hold the "admin" or "power" Splunk roles could run a search as the "nobody" Splunk user in the SplunkDeploymentServerConfig app. This could let the low-privileged user access potentially restricted data.
CVE-2024-36990 1 Splunk 2 Splunk, Splunk Cloud Platform 2025-02-28 6.5 Medium
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.2.2403.100, an authenticated, low-privileged user that does not hold the admin or power Splunk roles could send a specially crafted HTTP POST request to the datamodel/web REST endpoint in Splunk Enterprise, potentially causing a denial of service.
CVE-2025-1173 1 1000projects 1 Bookstore Management System 2025-02-28 4.7 Medium
A vulnerability, which was classified as critical, was found in 1000 Projects Bookstore Management System 1.0. This affects an unknown part of the file process_users_del.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely.
CVE-2025-1172 1 1000projects 1 Bookstore Management System 2025-02-28 6.3 Medium
A vulnerability, which was classified as critical, has been found in 1000 Projects Bookstore Management System 1.0. Affected by this issue is some unknown functionality of the file addtocart.php. The manipulation of the argument bcid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-0562 1 Codezips 1 Gym Management System 2025-02-28 6.3 Medium
A vulnerability was found in Codezips Gym Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /dashboard/admin/health_status_entry.php. The manipulation of the argument usrid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-0564 1 Anisha 1 Fantasy-cricket 2025-02-28 7.3 High
A vulnerability was found in code-projects Fantasy-Cricket 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /authenticate.php. The manipulation of the argument uname leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-0563 1 Anisha 1 Fantasy-cricket 2025-02-28 6.3 Medium
A vulnerability was found in code-projects Fantasy-Cricket 1.0. It has been classified as critical. Affected is an unknown function of the file /dash/update.php. The manipulation of the argument uname leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2023-27052 1 Moosikay Project 1 Moosikay 2025-02-27 9.8 Critical
E-Commerce System v1.0 ws discovered to contain a SQL injection vulnerability via the id parameter at /admin/delete_user.php.
CVE-2023-27411 1 Siemens 1 Ruggedcom Crossbow 2025-02-27 8.8 High
A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.4). The affected applications is vulnerable to SQL injection. This could allow an authenticated remote attackers to execute arbitrary SQL queries on the server database and escalate privileges.
CVE-2023-37372 1 Siemens 1 Ruggedcom Crossbow 2025-02-27 9.8 Critical
A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.4). The affected applications is vulnerable to SQL injection. This could allow an unauthenticated remote attackers to execute arbitrary SQL queries on the server database.
CVE-2023-38209 1 Adobe 1 Commerce 2025-02-27 6.5 Medium
Adobe Commerce versions 2.4.6-p1 (and earlier), 2.4.5-p3 (and earlier) and 2.4.4-p4 (and earlier) are affected by an Incorrect Authorization vulnerability that could lead to a Security feature bypass. A low-privileged attacker could leverage this vulnerability to access other user's data. Exploitation of this issue does not require user interaction.
CVE-2023-38234 3 Adobe, Apple, Microsoft 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more 2025-02-27 7.8 High
Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2023-1311 1 Friendly Island Pizza Website And Ordering System Project 1 Friendly Island Pizza Website And Ordering System 2025-02-27 6.3 Medium
A vulnerability, which was classified as critical, was found in SourceCodester Friendly Island Pizza Website and Ordering System 1.0. This affects an unknown part of the file large.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222699.
CVE-2023-0083 1 Openatom 1 Openharmony 2025-02-27 4 Medium
The ArKUI framework subsystem within OpenHarmony-v3.1.5 and prior versions, OpenHarmony-v3.0.7 and prior versions has an Improper Input Validation vulnerability which local attackers can exploit this vulnerability to send malicious data, causing the current application to crash.
CVE-2023-28564 1 Qualcomm 498 Aqt1000, Aqt1000 Firmware, Ar8031 and 495 more 2025-02-27 7.8 High
Memory corruption in WLAN HAL while passing command parameters through WMI interfaces.
CVE-2023-29245 1 Nozominetworks 2 Cmc, Guardian 2025-02-27 8.1 High
A SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in certain fields used in the Asset Intelligence functionality of our IDS, may allow an unauthenticated attacker to execute arbitrary SQL statements on the DBMS used by the web application by sending specially crafted malicious network packets. Malicious users with extensive knowledge on the underlying system may be able to extract arbitrary information from the DBMS in an uncontrolled way, alter its structure and data, and/or affect its availability.