Search Results (37078 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-6310 1 Razormist 1 Loan Management System 2024-11-21 4.7 Medium
A vulnerability has been found in SourceCodester Loan Management System 1.0 and classified as critical. This vulnerability affects the function delete_borrower of the file deleteBorrower.php. The manipulation of the argument borrower_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-246136.
CVE-2023-6306 1 Mayurik 1 Free And Open Source Inventory Management System 2024-11-21 6.3 Medium
A vulnerability classified as critical has been found in SourceCodester Free and Open Source Inventory Management System 1.0. Affected is an unknown function of the file /ample/app/ajax/member_data.php. The manipulation of the argument columns leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-246132.
CVE-2023-6305 1 Mayurik 1 Free And Open Source Inventory Management System 2024-11-21 6.3 Medium
A vulnerability was found in SourceCodester Free and Open Source Inventory Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file ample/app/ajax/suppliar_data.php. The manipulation of the argument columns leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-246131.
CVE-2023-6097 1 Icssolution 1 Ics Business Manager 2024-11-21 9.4 Critical
A SQL injection vulnerability has been found in ICS Business Manager, affecting version 7.06.0028.7089. This vulnerability could allow a remote user to send a specially crafted SQL query and retrieve all the information stored in the database. The data could also be modified or deleted, causing the application to malfunction.
CVE-2023-6084 1 Tongda2000 1 Tongda Office Anywhere 2024-11-21 6.3 Medium
A vulnerability was found in Tongda OA 2017 up to 11.9 and classified as critical. Affected by this issue is some unknown functionality of the file general/vehicle/checkup/delete.php. The manipulation of the argument VU_ID leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. VDB-244994 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2023-6063 1 Wpfastestcache 1 Wp Fastest Cache 2024-11-21 7.5 High
The WP Fastest Cache WordPress plugin before 1.2.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users.
CVE-2023-6054 1 Tongda2000 1 Tongda Office Anywhere 2024-11-21 5.5 Medium
A vulnerability, which was classified as critical, was found in Tongda OA 2017 up to 11.9. This affects an unknown part of the file general/wiki/cp/manage/lock.php. The manipulation of the argument TERM_ID_STR leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-244875. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2023-6053 1 Tongda2000 1 Tongda Office Anywhere 2024-11-21 6.3 Medium
A vulnerability, which was classified as critical, has been found in Tongda OA 2017 up to 11.9. Affected by this issue is some unknown functionality of the file general/system/censor_words/manage/delete.php. The manipulation of the argument DELETE_STR leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. VDB-244874 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2023-6045 1 Openatom 1 Openharmony 2024-11-21 5.9 Medium
in OpenHarmony v3.2.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through type confusion.
CVE-2023-6038 1 H2o 1 H2o 2024-11-21 7.5 High
A Local File Inclusion (LFI) vulnerability exists in the h2o-3 REST API, allowing unauthenticated remote attackers to read arbitrary files on the server with the permissions of the user running the h2o-3 instance. This issue affects the default installation and does not require user interaction. The vulnerability can be exploited by making specific GET or POST requests to the ImportFiles and ParseSetup endpoints, respectively. This issue was identified in version 3.40.0.4 of h2o-3.
CVE-2023-6035 1 Spider-themes 1 Eazydocs 2024-11-21 8.8 High
The EazyDocs WordPress plugin before 2.3.4 does not properly sanitize and escape "data" parameter before using it in an SQL statement via an AJAX action, which could allow any authenticated users, such as subscribers, to perform SQL Injection attacks.
CVE-2023-6020 1 Ray Project 1 Ray 2024-11-21 7.5 High
LFI in Ray's /static/ directory allows attackers to read any file on the server without authentication.
CVE-2023-6017 1 H2o 1 H2o 2024-11-21 7.1 High
H2O included a reference to an S3 bucket that no longer existed allowing an attacker to take over the S3 bucket URL.
CVE-2023-6001 1 Yugabyte 1 Yugabytedb 2024-11-21 5.3 Medium
Prometheus metrics are available without authentication. These expose detailed and sensitive information about the YugabyteDB Anywhere environment.
CVE-2023-5949 1 Wpmudev 1 Smartcrawl 2024-11-21 7.5 High
The SmartCrawl WordPress plugin before 3.8.3 does not prevent unauthorised users from accessing password-protected posts' content.
CVE-2023-5862 1 Hamza417 1 Inure 2024-11-21 3.3 Low
Missing Authorization in GitHub repository hamza417/inure prior to Build95.
CVE-2023-5836 1 Task Reminder System Project 1 Task Reminder System 2024-11-21 6.3 Medium
A vulnerability was found in SourceCodester Task Reminder System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file classes/Users.php?f=delete. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The identifier of this vulnerability is VDB-243800.
CVE-2023-5828 1 Ontall 1 Longxing Industrial Development Zone Project 2024-11-21 7.3 High
A vulnerability was found in Nanning Ontall Longxing Industrial Development Zone Project Construction and Installation Management System up to 20231026. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file login.aspx. The manipulation of the argument tbxUserName leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-243727.
CVE-2023-5826 1 Netentsec 1 Application Security Gateway 2024-11-21 5.5 Medium
A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/list_onlineuser.php. The manipulation of the argument SessionId leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-243716. NOTE: We tried to contact the vendor early about the disclosure but the official mail address was not working properly.
CVE-2023-5814 1 Oretnom23 1 Task Reminder System 2024-11-21 6.3 Medium
A vulnerability was found in SourceCodester Task Reminder System 1.0. It has been classified as critical. This affects an unknown part of the file /classes/Master.php?f=save_reminder. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The identifier VDB-243645 was assigned to this vulnerability.