Total
13000 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-39344 | 1 Fobybus | 1 Social-media-skeleton | 2024-10-04 | 10 Critical |
| social-media-skeleton is an uncompleted social media project. A SQL injection vulnerability in the project allows UNION based injections, which indirectly leads to remote code execution. Commit 3cabdd35c3d874608883c9eaf9bf69b2014d25c1 contains a fix for this issue. | ||||
| CVE-2017-3549 | 1 Oracle | 1 Scripting | 2024-10-04 | N/A |
| Vulnerability in the Oracle Scripting component of Oracle E-Business Suite (subcomponent: Scripting Administration). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Scripting. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Scripting accessible data as well as unauthorized access to critical data or complete access to all Oracle Scripting accessible data. CVSS 3.0 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N). | ||||
| CVE-2024-9359 | 1 Code-projects | 1 Restaurant Reservation System | 2024-10-04 | 7.3 High |
| A vulnerability was found in code-projects Restaurant Reservation System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /addcompany.php. The manipulation of the argument company leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-9360 | 1 Code-projects | 1 Restaurant Reservation System | 2024-10-04 | 7.3 High |
| A vulnerability was found in code-projects Restaurant Reservation System 1.0. It has been classified as critical. This affects an unknown part of the file /updatebal.php. The manipulation of the argument company leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2023-39939 | 2 Luxcal, Luxsoft | 2 Web Calendar, Luxcal Web Calendar | 2024-10-04 | 9.1 Critical |
| SQL injection vulnerability in LuxCal Web Calendar prior to 5.2.3M (MySQL version) and LuxCal Web Calendar prior to 5.2.3L (SQLite version) allows a remote unauthenticated attacker to execute arbitrary queries against the database and obtain or alter the information in it. | ||||
| CVE-2024-9130 | 1 Givewp | 1 Givewp | 2024-10-04 | 7.2 High |
| The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order’ parameter in all versions up to, and including, 3.16.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with GiveWP Manager-level access and above, to append additional SQL queries into already existing queries within the Legacy View mode, that can be used to extract sensitive information from the database. | ||||
| CVE-2024-8607 | 1 Oceanicsoft | 1 Valeapp | 2024-10-04 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Oceanic Software ValeApp allows SQL Injection.This issue affects ValeApp: before v2.0.0. | ||||
| CVE-2024-23810 | 1 Siemens | 1 Sinec Nms | 2024-10-04 | 8.8 High |
| A vulnerability has been identified in SINEC NMS (All versions < V2.0 SP1). The affected application is vulnerable to SQL injection. This could allow an unauthenticated remote attacker to execute arbitrary SQL queries on the server database. | ||||
| CVE-2023-37432 | 2 Arubanetworks, Hpe | 2 Edgeconnect Sd-wan Orchestrator, Edgeconnect Sd-wan Orchestrator | 2024-10-04 | 6.5 Medium |
| Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database potentially leading to the exposure and corruption of sensitive data controlled by the EdgeConnect SD-WAN Orchestrator host. | ||||
| CVE-2023-37433 | 2 Arubanetworks, Hpe | 2 Edgeconnect Sd-wan Orchestrator, Edgeconnect Sd-wan Orchestrator | 2024-10-04 | 6.5 Medium |
| Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database potentially leading to the exposure and corruption of sensitive data controlled by the EdgeConnect SD-WAN Orchestrator host. | ||||
| CVE-2023-37434 | 2 Arubanetworks, Hpe | 2 Edgeconnect Sd-wan Orchestrator, Edgeconnect Sd-wan Orchestrator | 2024-10-04 | 6.5 Medium |
| Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database potentially leading to the exposure and corruption of sensitive data controlled by the EdgeConnect SD-WAN Orchestrator host. | ||||
| CVE-2023-37435 | 2 Arubanetworks, Hpe | 2 Edgeconnect Sd-wan Orchestrator, Edgeconnect Sd-wan Orchestrator | 2024-10-04 | 6.5 Medium |
| Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database potentially leading to the exposure and corruption of sensitive data controlled by the EdgeConnect SD-WAN Orchestrator host. | ||||
| CVE-2023-37436 | 2 Arubanetworks, Hpe | 2 Edgeconnect Sd-wan Orchestrator, Edgeconnect Sd-wan Orchestrator | 2024-10-04 | 6.5 Medium |
| Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database potentially leading to the exposure and corruption of sensitive data controlled by the EdgeConnect SD-WAN Orchestrator host. | ||||
| CVE-2024-46510 | 1 Esafenet | 1 Cdg | 2024-10-04 | 7.6 High |
| ESAFENET CDG v5 was discovered to contain a SQL injection vulnerability via the id parameter in the NavigationAjax interface | ||||
| CVE-2024-9194 | 2024-10-04 | 4.3 Medium | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Linux and Microsoft Windows Octopus Server on Windows, Linux allows SQL Injection.This issue affects Octopus Server: from 2024.1.0 before 2024.1.13038, from 2024.2.0 before 2024.2.9482, from 2024.3.0 before 2024.3.12766. | ||||
| CVE-2024-46626 | 1 Os4ed | 1 Opensis | 2024-10-04 | 8.8 High |
| OS4ED openSIS-Classic v9.1 was discovered to contain a SQL injection vulnerability via a crafted payload. | ||||
| CVE-2023-37258 | 1 Dataease | 1 Dataease | 2024-10-03 | 8.8 High |
| DataEase is an open source data visualization analysis tool. Prior to version 1.18.9, DataEase has a SQL injection vulnerability that can bypass blacklists. The vulnerability has been fixed in v1.18.9. There are no known workarounds. | ||||
| CVE-2024-0469 | 1 Code-projects | 1 Human Resource Integrated System | 2024-10-03 | 6.3 Medium |
| A vulnerability was found in code-projects Human Resource Integrated System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file update_personal_info.php. The manipulation of the argument sex leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-250574 is the identifier assigned to this vulnerability. | ||||
| CVE-2024-7732 | 1 Secom | 1 Dr.id Attendance System | 2024-10-03 | 9.8 Critical |
| Dr.ID Access Control System from SECOM does not properly validate a specific page parameter, allowing unauthenticated remote attackers to inject SQL commands to read, modify, and delete database contents. | ||||
| CVE-2024-29846 | 1 Ivanti | 1 Endpoint Manager | 2024-10-03 | 8.0 High |
| An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an authenticated attacker within the same network to execute arbitrary code. | ||||