Search Results (37213 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-2410 1 Oretnom23 1 Ac Repair And Services System 2025-01-30 6.3 Medium
A vulnerability has been found in SourceCodester AC Repair and Services System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/bookings/view_booking.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227704.
CVE-2023-2420 1 Mlecms 1 Mlecms 2025-01-30 6.3 Medium
A vulnerability was found in MLECMS 3.0. It has been rated as critical. This issue affects the function get_url in the library /upload/inc/lib/admin of the file upload\inc\include\common.func.php. The manipulation of the argument $_SERVER['REQUEST_URI'] leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227717 was assigned to this vulnerability.
CVE-2023-31433 1 Evasys 1 Evasys 2025-01-30 8.8 High
A SQL injection issue in Logbuch in evasys before 8.2 Build 2286 and 9.x before 9.0 Build 2401 allows authenticated attackers to execute SQL statements via the welche parameter.
CVE-2023-30467 1 Milesight 40 Ms-n1004-uc, Ms-n1004-uc Firmware, Ms-n1004-upc and 37 more 2025-01-30 7.5 High
This vulnerability exists in Milesight 4K/H.265 Series NVR models (MS-Nxxxx-xxG, MS-Nxxxx-xxE, MS-Nxxxx-xxT, MS-Nxxxx-xxH and MS-Nxxxx-xxC), due to improper authorization at the Milesight NVR web-based management interface. A remote attacker could exploit this vulnerability by sending a specially crafted http requests on the targeted device. Successful exploitation of this vulnerability could allow remote attacker to perform unauthorized activities on the targeted device.
CVE-2023-2367 1 Faculty Evaluation System Project 1 Faculty Evaluation System 2025-01-30 4.7 Medium
A vulnerability was found in SourceCodester Faculty Evaluation System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/manage_academic.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227643.
CVE-2022-47874 1 Jedox 2 Cloud, Jedox 2025-01-30 6.5 Medium
Improper Access Control in /tc/rpc in Jedox GmbH Jedox 2020.2.5 allows remote authenticated users to view details of database connections via class 'com.jedox.etl.mngr.Connections' and method 'getGlobalConnection'.
CVE-2024-4609 1 Rockwellautomation 1 Factorytalk View 2025-01-30 9.8 Critical
A vulnerability exists in the Rockwell Automation FactoryTalk® View SE Datalog function that could allow a threat actor to inject a malicious SQL statement if the SQL database has no authentication in place or if legitimate credentials were stolen. If exploited, the attack could result in information exposure, revealing sensitive information. Additionally, a threat actor could potentially modify and delete the data in a remote database. An attack would only affect the HMI design time, not runtime.
CVE-2024-2646 1 Netentsec 1 Application Security Gateway 2025-01-30 6.3 Medium
A vulnerability classified as critical was found in Netentsec NS-ASG Application Security Gateway 6.3. This vulnerability affects unknown code of the file /vpnweb/index.php?para=index. The manipulation of the argument check_VirtualSiteId leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257284. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2023-31435 1 Evasys 1 Evasys 2025-01-30 8.1 High
Multiple components (such as Onlinetemplate-Verwaltung, Liste aller Teilbereiche, Umfragen anzeigen, and questionnaire previews) in evasys before 8.2 Build 2286 and 9.x before 9.0 Build 2401 allow authenticated attackers to read and write to unauthorized data by accessing functions directly.
CVE-2023-1730 1 Supportcandy 1 Supportcandy 2025-01-30 9.8 Critical
The SupportCandy WordPress plugin before 3.1.5 does not validate and escape user input before using it in an SQL statement, which could allow unauthenticated attackers to perform SQL injection attacks
CVE-2023-1383 2 Amazon, Bestbuy 3 Fire Os, Fire Tv Stick 3rd Gen, Insignia Tv 2025-01-30 5.4 Medium
An Improper Enforcement of Behavioral Workflow vulnerability in the exchangeDeviceServices function on the amzn.dmgr service allowed an attacker to register services that are only locally accessible. This issue affects: Amazon Fire TV Stick 3rd gen versions prior to 6.2.9.5. Insignia TV with FireOS versions prior to 7.6.3.3.
CVE-2023-1384 2 Amazon, Bestbuy 3 Fire Os, Fire Tv Stick 3rd Gen, Insignia Tv 2025-01-30 4.3 Medium
The setMediaSource function on the amzn.thin.pl service does not sanitize the "source" parameter allowing for arbitrary javascript code to be run This issue affects: Amazon Fire TV Stick 3rd gen versions prior to 6.2.9.5. Insignia TV with FireOS versions prior to 7.6.3.3.
CVE-2024-3621 1 Mayurik 1 Advocate Office Management System 2025-01-30 4.7 Medium
A vulnerability was found in SourceCodester Kortex Lite Advocate Office Management System 1.0. It has been classified as critical. This affects an unknown part of the file /control/register_case.php. The manipulation of the argument title/case_no/client_name/court/case_type/case_stage/legel_acts/description/filling_date/hearing_date/opposite_lawyer/total_fees/unpaid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-260277 was assigned to this vulnerability.
CVE-2024-34032 1 Deltaww 1 Diaenergie 2025-01-30 8.8 High
Delta Electronics DIAEnergie is vulnerable to an SQL injection vulnerability that exists in the GetDIACloudList endpoint. An authenticated attacker can exploit this issue to potentially compromise the system on which DIAEnergie is deployed.
CVE-2024-34031 1 Deltaww 1 Diaenergie 2025-01-30 8.8 High
Delta Electronics DIAEnergie is vulnerable to an SQL injection vulnerability that exists in the script Handler_CFG.ashx. An authenticated attacker can exploit this issue to potentially compromise the system on which DIAEnergie is deployed.
CVE-2023-30203 1 Judging Management System Project 1 Judging Management System 2025-01-29 9.8 Critical
Judging Management System v1.0 was discovered to contain a SQL injection vulnerability via the event_id parameter at /php-jms/result_sheet.php.
CVE-2023-30092 1 Online Pizza Ordering System Project 1 Online Pizza Ordering System 2025-01-29 9.8 Critical
SourceCodester Online Pizza Ordering System v1.0 is vulnerable to SQL Injection via the QTY parameter.
CVE-2024-51532 1 Dell 12 Powerstore 1000t, Powerstore 1200t, Powerstore 3000t and 9 more 2025-01-29 7.1 High
Dell PowerStore contains an Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to modification of arbitrary system files.
CVE-2024-37204 1 Wp-property-hive 1 Propertyhive 2025-01-29 4.3 Medium
Missing Authorization vulnerability in PropertyHive PropertyHive allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PropertyHive: from n/a through 2.0.9.
CVE-2023-30077 1 Judging Management System Project 1 Judging Management System 2025-01-29 9.8 Critical
Judging Management System v1.0 by oretnom23 was discovered to vulnerable to SQL injection via /php-jms/review_result.php?mainevent_id=, mainevent_id.