Search Results (37044 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-39122 1 Bmc 1 Control-m 2024-11-21 9.8 Critical
BMC Control-M through 9.0.20.200 allows SQL injection via the /RF-Server/report/deleteReport report-id parameter. This is fixed in 9.0.21 (and is also fixed by a patch for 9.0.20.200).
CVE-2023-39121 1 Emlog 1 Emlog 2024-11-21 7.2 High
emlog v2.1.9 was discovered to contain a SQL injection vulnerability via the component /admin/user.php.
CVE-2023-39073 1 Voltronicpower 1 Snmp Web Pro 2024-11-21 9.8 Critical
An issue in SNMP Web Pro v.1.1 allows a remote attacker to execute arbitrary code and obtain senstive information via a crafted request.
CVE-2023-38992 1 Jeecg 1 Jeecg Boot 2024-11-21 9.8 Critical
jeecg-boot v3.5.1 was discovered to contain a SQL injection vulnerability via the title parameter at /sys/dict/loadTreeData.
CVE-2023-38989 1 Jeesite 1 Jeesite 2024-11-21 4.3 Medium
An issue in the delete function in the UserController class of jeesite v1.2.6 allows authenticated attackers to arbitrarily delete the Administrator's role information.
CVE-2023-38958 1 Zkteco 1 Bioaccess Ivs 2024-11-21 5.3 Medium
An access control issue in ZKTeco BioAccess IVS v3.3.1 allows unauthenticated attackers to arbitrarily close and open the doors managed by the platform remotely via sending a crafted web request.
CVE-2023-38954 1 Zkteco 1 Bioaccess Ivs 2024-11-21 9.8 Critical
ZKTeco BioAccess IVS v3.3.1 was discovered to contain a SQL injection vulnerability.
CVE-2023-38916 1 Mohammad-ajazuddin 1 Evotingsystem-php 2024-11-21 8.8 High
SQL Injection vulnerability in eVotingSystem-PHP v.1.0 allows a remote attacker to execute arbitrary code and obtain sensitive information via the user input fields.
CVE-2023-38912 1 Superstorefinder 1 Php Script 2024-11-21 9.8 Critical
SQL injection vulnerability in Super Store Finder PHP Script v.3.6 allows a remote attacker to execute arbitrary code via a crafted payload to the username parameter.
CVE-2023-38905 1 Jeecg 1 Jeecg Boot 2024-11-21 5.5 Medium
SQL injection vulnerability in Jeecg-boot v.3.5.0 and before allows a local attacker to cause a denial of service via the Benchmark, PG_Sleep, DBMS_Lock.Sleep, Waitfor, DECODE, and DBMS_PIPE.RECEIVE_MESSAGE functions.
CVE-2023-38899 1 Berkaygediz 1 O Blog 2024-11-21 7.8 High
SQL injection vulnerability in berkaygediz O_Blog v.1.0 allows a local attacker to escalate privileges via the secure_file_priv component.
CVE-2023-38891 1 Vtiger 1 Vtiger Crm 2024-11-21 8.8 High
SQL injection vulnerability in Vtiger CRM v.7.5.0 allows a remote authenticated attacker to escalate privileges via the getQueryColumnsList function in ReportRun.php.
CVE-2023-38870 1 Economizzer 1 Economizzer 2024-11-21 9.8 Critical
A SQL injection vulnerability exists in gugoan Economizzer commit 3730880 (April 2023) and v.0.9-beta1. The cash book has a feature to list accomplishments by category, and the 'category_id' parameter is vulnerable to SQL Injection.
CVE-2023-38839 1 Kidus 1 Minimati 2024-11-21 7.5 High
SQL injection vulnerability in Kidus Minimati v.1.0.0 allows a remote attacker to obtain sensitive information via theID parameter in the fulldelete.php component.
CVE-2023-38838 1 Kiduswb 1 Minimati 2024-11-21 7.5 High
SQL injection vulnerability in Kidus Minimati v.1.0.0 allows a remote attacker to obtain sensitive information via the edit.php component.
CVE-2023-38825 2024-11-21 9.8 Critical
SQL injection vulnerability in Vanderbilt REDCap before v.13.8.0 allows a remote attacker to obtain sensitive information via the password reset mechanism in MyCapMobileApp/update.php.
CVE-2023-38773 1 Churchcrm 1 Churchcrm 2024-11-21 7.5 High
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the volopp1 and volopp2 parameters within the /QueryView.php.
CVE-2023-38771 1 Churchcrm 1 Churchcrm 2024-11-21 7.5 High
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the volopp parameter within the /QueryView.php.
CVE-2023-38770 1 Churchcrm 1 Churchcrm 2024-11-21 7.5 High
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the group parameter within the /QueryView.php.
CVE-2023-38769 1 Churchcrm 1 Churchcrm 2024-11-21 7.5 High
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the searchstring and searchwhat parameters within the /QueryView.php.