Search Results (37314 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-1360 1 Employee Payslip Generator System Project 1 Employee Payslip Generator System 2025-02-27 4.7 Medium
A vulnerability was found in SourceCodester Employee Payslip Generator with Sending Mail 1.2.0 and classified as critical. This issue affects some unknown processing of the file classes/Users.php?f=save of the component New User Creation. The manipulation of the argument username leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222863.
CVE-2023-1361 1 Bumsys Project 1 Bumsys 2025-02-27 6.5 Medium
SQL Injection in GitHub repository unilogies/bumsys prior to v2.0.2.
CVE-2023-1368 1 Xhcms Project 1 Xhcms 2025-02-27 7.3 High
A vulnerability was found in XHCMS 1.0. It has been declared as critical. This vulnerability affects unknown code of the file login.php of the component POST Parameter Handler. The manipulation of the argument user leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-222874 is the identifier assigned to this vulnerability.
CVE-2023-27310 1 Siemens 1 Ruggedcom Crossbow 2025-02-27 6.6 Medium
A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.2). The client query handler of the affected application fails to check for proper permissions when assigning groups to user accounts. This could allow an authenticated remote attacker to assign administrative groups to otherwise non-privileged user accounts.
CVE-2023-27463 1 Siemens 1 Ruggedcom Crossbow 2025-02-27 8.8 High
A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.3). The audit log form of affected applications is vulnerable to SQL injection. This could allow authenticated remote attackers to execute arbitrary SQL queries on the server database.
CVE-2023-25615 1 Sap 1 Abap Platform 2025-02-27 6.8 Medium
Due to insufficient input sanitization, SAP ABAP - versions 751, 753, 753, 754, 756, 757, 791, allows an authenticated high privileged user to alter the current session of the user by injecting the malicious database queries over the network and gain access to the unintended data. This may lead to a high impact on the confidentiality and no impact on the availability and integrity of the application.
CVE-2024-3226 1 Campcodes 1 Online Patient Record Management System 2025-02-27 7.3 High
A vulnerability was found in Campcodes Online Patient Record Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/login.php. The manipulation of the argument password leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259071.
CVE-2023-26905 1 Alphaware - Simple E-commerce System Project 1 Alphaware - Simple E-commerce System 2025-02-27 9.8 Critical
An issue was discovered in Alphaware - Simple E-Commerce System v1.0. There is a SQL injection that can directly issue instructions to the background database system via /alphaware/details.php?id.
CVE-2023-1541 1 Answer 1 Answer 2025-02-27 3.8 Low
Business Logic Errors in GitHub repository answerdev/answer prior to 1.0.6.
CVE-2023-27462 1 Siemens 1 Ruggedcom Crossbow 2025-02-27 3.1 Low
A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.3). The client query handler of the affected application fails to check for proper permissions for specific read queries. This could allow authenticated remote attackers to access data they are not authorized for.
CVE-2023-1296 1 Hashicorp 1 Nomad 2025-02-27 2.7 Low
HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.5.0 did not correctly enforce deny policies applied to a workload’s variables. Fixed in 1.4.6 and 1.5.1.
CVE-2023-1299 1 Hashicorp 1 Nomad 2025-02-27 7.4 High
HashiCorp Nomad and Nomad Enterprise 1.5.0 allow a job submitter to escalate to management-level privileges using workload identity and task API. Fixed in 1.5.1.
CVE-2023-25206 1 Prestashop 1 Advanced Reviews 2025-02-27 8.8 High
PrestaShop ws_productreviews < 3.6.2 is vulnerable to SQL Injection.
CVE-2023-25594 1 Arubanetworks 1 Clearpass Policy Manager 2025-02-27 6.3 Medium
A vulnerability in the web-based management interface of ClearPass Policy Manager allows an attacker with read-only privileges to perform actions that change the state of the ClearPass Policy Manager instance. Successful exploitation of this vulnerability allows an attacker to complete state-changing actions in the web-based management interface that should not be allowed by their current level of authorization on the platform.
CVE-2023-27309 1 Siemens 1 Ruggedcom Crossbow 2025-02-27 5 Medium
A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.2). The client query handler of the affected application fails to check for proper permissions for specific write queries. This could allow an authenticated remote attacker to perform unauthorized actions.
CVE-2024-25574 1 Deltaww 1 Diaenergie 2025-02-27 8.8 High
SQL injection vulnerability exists in GetDIAE_usListParameters.
CVE-2025-0491 1 Fanli2012 1 Native-php-cms 2025-02-27 6.3 Medium
A vulnerability, which was classified as critical, was found in Fanli2012 native-php-cms 1.0. Affected is an unknown function of the file /fladmin/cat_dodel.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2023-5454 1 Templately 1 Templately 2025-02-26 7.5 High
The Templately WordPress plugin before 2.2.6 does not properly authorize the `saved-templates/delete` REST API call, allowing unauthenticated users to delete arbitrary posts.
CVE-2023-5352 1 Getawesomesupport 1 Awesome Support 2025-02-26 4.3 Medium
The Awesome Support WordPress plugin before 6.1.5 does not correctly authorize the wpas_edit_reply function, allowing users to edit posts for which they do not have permission.
CVE-2023-5082 1 Click5interactive 1 Sitemap By Click5 2025-02-26 7.2 High
The History Log by click5 WordPress plugin before 1.0.13 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by admin users when using the Smash Balloon Social Photo Feed plugin alongside it.