Search Results (37036 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-31945 1 Online Travel Agency System Project 1 Online Travel Agency System 2024-11-21 7.2 High
SQL injection vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via the id parameter at daily_expenditure_edit.php.
CVE-2023-31944 1 Online Travel Agency System Project 1 Online Travel Agency System 2024-11-21 7.2 High
SQL injection vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via the emp_id parameter at employee_edit.php.
CVE-2023-31943 1 Online Travel Agency System Project 1 Online Travel Agency System 2024-11-21 7.2 High
SQL injection vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via the ticket_id parameter at ticket_detail.php.
CVE-2023-31940 1 Online Travel Agency System Project 1 Online Travel Agency System 2024-11-21 7.2 High
SQL injection vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via the page_id parameter at article_edit.php.
CVE-2023-31939 1 Online Travel Agency System Project 1 Online Travel Agency System 2024-11-21 7.2 High
SQL injection vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via the costomer_id parameter at customer_edit.php.
CVE-2023-31938 1 Online Travel Agency System Project 1 Online Travel Agency System 2024-11-21 7.2 High
SQL injection vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via the emp_id parameter at employee_detail.php.
CVE-2023-31937 1 Phpgurukul 1 Rail Pass Management System 2024-11-21 7.2 High
Sql injection vulnerability found in Rail Pass Management System v.1.0 allows a remote attacker to execute arbitrary code via the editid parameter of the edit-cateogry-detail.php file.
CVE-2023-31933 1 Phpgurukul 1 Rail Pass Management System 2024-11-21 7.2 High
Sql injection vulnerability found in Rail Pass Management System v.1.0 allows a remote attacker to execute arbitrary code via the editid parameter of the edit-pass-detail.php file.
CVE-2023-31932 1 Phpgurukul 1 Rail Pass Management System 2024-11-21 7.2 High
Sql injection vulnerability found in Rail Pass Management System v.1.0 allows a remote attacker to execute arbitrary code via the viewid parameter of the view-enquiry.php file.
CVE-2023-31753 1 Endonesia 1 Endonesia 2024-11-21 9.8 Critical
SQL injection vulnerability in diskusi.php in eNdonesia 8.7, allows an attacker to execute arbitrary SQL commands via the "rid=" parameter.
CVE-2023-31719 1 Frangoteam 1 Fuxa 2024-11-21 9.8 Critical
FUXA <= 1.1.12 is vulnerable to SQL Injection via /api/signin.
CVE-2023-31717 1 Frangoteam 1 Fuxa 2024-11-21 7.5 High
A SQL Injection attack in FUXA <= 1.1.12 allows exfiltration of confidential information from the database.
CVE-2023-31714 1 Waqaskanju 1 Chitor-cms 2024-11-21 9.8 Critical
Chitor-CMS before v1.1.2 was discovered to contain multiple SQL injection vulnerabilities.
CVE-2023-31704 1 Oretnom23 1 Online Computer And Laptop Store 2024-11-21 9.8 Critical
Sourcecodester Online Computer and Laptop Store 1.0 is vulnerable to Incorrect Access Control, which allows remote attackers to elevate privileges to the administrator's role.
CVE-2023-31171 1 Selinc 1 Sel-5030 Acselerator Quickset 2024-11-21 5.9 Medium
An Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in the Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software could allow an attacker to embed instructions that could be executed by an authorized device operator. See Instruction Manual Appendix A and Appendix E dated 20230615 for more details. This issue affects SEL-5030 acSELerator QuickSet Software: through 7.1.3.0.
CVE-2023-31170 1 Selinc 1 Sel-5030 Acselerator Quickset 2024-11-21 5.9 Medium
An Inclusion of Functionality from Untrusted Control Sphere vulnerability in the Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software could allow an attacker to embed instructions that could be executed by an authorized device operator. See Instruction Manual Appendix A and Appendix E dated 20230615 for more details. This issue affects SEL-5030 acSELerator QuickSet Software: through 7.1.3.0.
CVE-2023-31168 1 Selinc 1 Sel-5030 Acselerator Quickset 2024-11-21 5.5 Medium
An Inclusion of Functionality from Untrusted Control Sphere vulnerability in the Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software could allow an attacker to embed instructions that could be executed by an authorized device operator. See Instruction Manual Appendix A and Appendix E dated 20230615 for more details. This issue affects SEL-5030 acSELerator QuickSet Software: through 7.1.3.0.
CVE-2023-31080 1 Unlimited-elements 1 Unlimited Elements For Elementor 2024-11-21 8.3 High
Missing Authorization vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates).This issue affects Unlimited Elements For Elementor (Free Widgets, Addons, Templates): from n/a through 1.5.65.
CVE-2023-31038 1 Apache 1 Log4cxx 2024-11-21 8.8 High
SQL injection in Log4cxx when using the ODBC appender to send log messages to a database.  No fields sent to the database were properly escaped for SQL injection.  This has been the case since at least version 0.9.0(released 2003-08-06) Note that Log4cxx is a C++ framework, so only C++ applications are affected. Before version 1.1.0, the ODBC appender was automatically part of Log4cxx if the library was found when compiling the library.  As of version 1.1.0, this must be both explicitly enabled in order to be compiled in. Three preconditions must be met for this vulnerability to be possible: 1. Log4cxx compiled with ODBC support(before version 1.1.0, this was auto-detected at compile time) 2. ODBCAppender enabled for logging messages to, generally done via a config file 3. User input is logged at some point. If your application does not have user input, it is unlikely to be affected. Users are recommended to upgrade to version 1.1.0 which properly binds the parameters to the SQL statement, or migrate to the new DBAppender class which supports an ODBC connection in addition to other databases. Note that this fix does require a configuration file update, as the old configuration files will not configure properly.  An example is shown below, and more information may be found in the Log4cxx documentation on the ODBCAppender. Example of old configuration snippet: <appender name="SqlODBCAppender" class="ODBCAppender">     <param name="sql" value="INSERT INTO logs (message) VALUES ('%m')" />     ... other params here ... </appender> The migrated configuration snippet with new ColumnMapping parameters: <appender name="SqlODBCAppender" class="ODBCAppender">     <param name="sql" value="INSERT INTO logs (message) VALUES (?)" />     <param name="ColumnMapping" value="message"/>     ... other params here ... </appender>
CVE-2023-31023 2 Microsoft, Nvidia 2 Windows, Virtual Gpu 2024-11-21 5.5 Medium
NVIDIA Display Driver for Windows contains a vulnerability where an attacker may cause a pointer dereference of an untrusted value, which may lead to denial of service.