Total
12999 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-6312 | 1 Razormist | 1 Loan Management System | 2024-10-10 | 4.7 Medium |
| A vulnerability was found in SourceCodester Loan Management System 1.0. It has been classified as critical. Affected is the function delete_user of the file deleteUser.php of the component Users Page. The manipulation of the argument user_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-246138 is the identifier assigned to this vulnerability. | ||||
| CVE-2023-6360 | 1 Joedolson | 1 My Calendar | 2024-10-10 | 8.6 High |
| The 'My Calendar' WordPress Plugin, version < 3.4.22 is affected by an unauthenticated SQL injection vulnerability in the 'from' and 'to' parameters in the '/my-calendar/v1/events' rest route. | ||||
| CVE-2024-4890 | 1 Litellm | 1 Litellm | 2024-10-10 | 4.9 Medium |
| A blind SQL injection vulnerability exists in the berriai/litellm application, specifically within the '/team/update' process. The vulnerability arises due to the improper handling of the 'user_id' parameter in the raw SQL query used for deleting users. An attacker can exploit this vulnerability by injecting malicious SQL commands through the 'user_id' parameter, leading to potential unauthorized access to sensitive information such as API keys, user information, and tokens stored in the database. The affected version is 1.27.14. | ||||
| CVE-2023-37687 | 1 Phpgurukul | 1 Online Nurse Hiring System | 2024-10-10 | 7.2 High |
| Online Nurse Hiring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the View Request of Nurse Page in the Admin portal. | ||||
| CVE-2023-38773 | 1 Churchcrm | 1 Churchcrm | 2024-10-10 | 7.5 High |
| SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the volopp1 and volopp2 parameters within the /QueryView.php. | ||||
| CVE-2023-4165 | 1 Tongda2000 | 1 Tongda Office Anywhere | 2024-10-10 | 5.5 Medium |
| A vulnerability, which was classified as critical, was found in Tongda OA. This affects an unknown part of the file general/system/seal_manage/iweboffice/delete_seal.php. The manipulation of the argument DELETE_STR leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-236181 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-33993 | 1 Sap | 1 Business One | 2024-10-10 | 7.1 High |
| B1i module of SAP Business One - version 10.0, application allows an authenticated user with deep knowledge to send crafted queries over the network to read or modify the SQL data. On successful exploitation, the attacker can cause high impact on confidentiality, integrity and availability of the application. | ||||
| CVE-2023-39526 | 1 Prestashop | 1 Prestashop | 2024-10-10 | 9.1 Critical |
| PrestaShop is an open source e-commerce web application. Versions prior to 1.7.8.10, 8.0.5, and 8.1.1 are vulnerable to remote code execution through SQL injection and arbitrary file write in the back office. Versions 1.7.8.10, 8.0.5, and 8.1.1 contain a patch. There are no known workarounds. | ||||
| CVE-2023-38771 | 1 Churchcrm | 1 Churchcrm | 2024-10-10 | 7.5 High |
| SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the volopp parameter within the /QueryView.php. | ||||
| CVE-2023-34545 | 1 Cskaza | 1 Cszcms | 2024-10-10 | 9.8 Critical |
| A SQL injection vulnerability in CSZCMS 1.3.0 allows remote attackers to run arbitrary SQL commands via p parameter or the search URL. | ||||
| CVE-2023-38767 | 1 Churchcrm | 1 Churchcrm | 2024-10-10 | 7.5 High |
| SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the 'value' and 'custom' parameters within the /QueryView.php. | ||||
| CVE-2023-38768 | 1 Churchcrm | 1 Churchcrm | 2024-10-10 | 7.5 High |
| SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the PropertyID parameter within the /QueryView.php. | ||||
| CVE-2023-38769 | 1 Churchcrm | 1 Churchcrm | 2024-10-10 | 7.5 High |
| SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the searchstring and searchwhat parameters within the /QueryView.php. | ||||
| CVE-2022-48598 | 1 Sciencelogic | 1 Sl1 | 2024-10-10 | 8.8 High |
| A SQL injection vulnerability exists in the “reporter events type date” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database. | ||||
| CVE-2023-3898 | 1 Mayanets | 1 E-commerce | 2024-10-10 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mAyaNet E-Commerce Software allows SQL Injection.This issue affects E-Commerce Software: before 1.1. | ||||
| CVE-2023-3717 | 1 Farmakom | 1 Remote Administration Console | 2024-10-10 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Farmakom Remote Administration Console allows SQL Injection.This issue affects Remote Administration Console: before 1.02. | ||||
| CVE-2023-3716 | 1 Oduyo | 1 Online Collection | 2024-10-10 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Oduyo Online Collection Software allows SQL Injection.This issue affects Online Collection Software: before 1.0.1. | ||||
| CVE-2023-37068 | 1 Sherlock | 1 Gym Management System | 2024-10-10 | 9.8 Critical |
| Code-Projects Gym Management System V1.0 allows remote attackers to execute arbitrary SQL commands via the login form, leading to unauthorized access and potential data manipulation. This vulnerability arises due to insufficient validation of user-supplied input in the username and password fields, enabling SQL Injection attacks. | ||||
| CVE-2024-9379 | 1 Ivanti | 1 Endpoint Manager Cloud Services Appliance | 2024-10-10 | 6.5 Medium |
| SQL injection in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to run arbitrary SQL statements. | ||||
| CVE-2023-40254 | 1 Genians | 2 Genian Nac, Genian Ztna | 2024-10-10 | 7.5 High |
| Download of Code Without Integrity Check vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Malicious Software Update.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15. | ||||