Total
13005 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-8945 | 2 Codecanyon, Fairsketch | 2 Rise Ultimate Project Manager, Rise Ultimate Project Manager | 2024-09-25 | 5.5 Medium |
| A vulnerability has been found in CodeCanyon RISE Ultimate Project Manager 3.7.0 and classified as critical. This vulnerability affects unknown code of the file /index.php/dashboard/save. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. | ||||
| CVE-2023-42178 | 1 Lenosp | 1 Lenosp | 2024-09-25 | 6.5 Medium |
| Lenosp 1.0.0-1.2.0 is vulnerable to SQL Injection via the log query module. | ||||
| CVE-2023-41887 | 1 Openrefine | 1 Openrefine | 2024-09-25 | 9.8 Critical |
| OpenRefine is a powerful free, open source tool for working with messy data. Prior to version 3.7.5, a remote code execution vulnerability allows any unauthenticated user to execute code on the server. Version 3.7.5 has a patch for this issue. | ||||
| CVE-2023-41886 | 1 Openrefine | 1 Openrefine | 2024-09-25 | 7.5 High |
| OpenRefine is a powerful free, open source tool for working with messy data. Prior to version 3.7.5, an arbitrary file read vulnerability allows any unauthenticated user to read a file on a server. Version 3.7.5 fixes this issue. | ||||
| CVE-2023-42405 | 1 Fit2cloud | 1 Rackshift | 2024-09-25 | 9.8 Critical |
| SQL injection vulnerability in FIT2CLOUD RackShift v1.7.1 allows attackers to execute arbitrary code via the `sort` parameter to taskService.list(), bareMetalService.list(), and switchService.list(). | ||||
| CVE-2021-26837 | 1 Fortra | 1 Delivernow | 2024-09-25 | 9.8 Critical |
| SQL Injection vulnerability in SearchTextBox parameter in Fortra (Formerly HelpSystems) DeliverNow before version 1.2.18, allows attackers to execute arbitrary code, escalate privileges, and gain sensitive information. | ||||
| CVE-2023-42359 | 1 Exam Form Submission In Php With Source Code Project | 1 Exam Form Submission In Php With Source Code | 2024-09-25 | 9.8 Critical |
| SQL injection vulnerability in Exam Form Submission in PHP with Source Code v.1.0 allows a remote attacker to escalate privileges via the val-username parameter in /index.php. | ||||
| CVE-2024-9011 | 1 Code-projects | 1 Crud Operation System | 2024-09-25 | 6.3 Medium |
| A vulnerability, which was classified as critical, was found in code-projects Crud Operation System 1.0. Affected is an unknown function of the file updata.php. The manipulation of the argument sid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-9009 | 2 Code-projects, Fabianros | 2 Online Quiz Site, Online Quiz Site | 2024-09-25 | 6.3 Medium |
| A vulnerability, which was classified as critical, has been found in code-projects Online Quiz Site 1.0. This issue affects some unknown processing of the file showtest.php. The manipulation of the argument subid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2023-41443 | 1 Xxyopen | 1 Novel-plus | 2024-09-25 | 7.2 High |
| SQL injection vulnerability in Novel-Plus v.4.1.0 allows a remote attacker to execute arbitrary code via a crafted script to the sort parameter in /sys/menu/list. | ||||
| CVE-2023-4928 | 1 Instantcms | 1 Icms2 | 2024-09-25 | 7.2 High |
| SQL Injection in GitHub repository instantsoft/icms2 prior to 2.16.1. | ||||
| CVE-2024-46382 | 2 Linlinjava, Litemall Project | 2 Litemall, Litemall | 2024-09-25 | 6.5 Medium |
| A SQL injection vulnerability in linlinjava litemall 1.8.0 allows a remote attacker to obtain sensitive information via the goodsId, goodsSn, and name parameters in AdminGoodscontroller.java. | ||||
| CVE-2007-2534 | 1 Phphoo3 | 1 Phphoo3 | 2024-09-25 | 9.8 Critical |
| Multiple SQL injection vulnerabilities in admin.php in phpHoo3 allow remote attackers to execute arbitrary SQL commands via the (1) ADMIN_USER (USER) and (2) ADMIN_PASS (PASS) parameters during a login. NOTE: CVE disputes this vulnerability, since ADMIN_USER/ADMIN_PASS are initialized before use | ||||
| CVE-2023-39645 | 1 Themevolty | 1 Cms Payment Icon | 2024-09-25 | 9.8 Critical |
| Improper neutralization of SQL parameter in Theme Volty CMS Payment Icon module for PrestaShop. In the module “Theme Volty CMS Payment Icon” (tvcmspaymenticon) up to version 4.0.1 from Theme Volty for PrestaShop, a guest can perform SQL injection in affected versions. | ||||
| CVE-2023-5031 | 1 Openrapid | 1 Rapidcms | 2024-09-25 | 6.3 Medium |
| A vulnerability was found in OpenRapid RapidCMS 1.3.1. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/article/article-add.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-239875. | ||||
| CVE-2023-35851 | 1 Sun.net | 1 Wmpro | 2024-09-25 | 7.5 High |
| SUNNET WMPro portal's FAQ function has insufficient validation for user input. An unauthenticated remote attacker can inject arbitrary SQL commands to obtain sensitive information via a database. | ||||
| CVE-2023-4673 | 1 Sanalogi | 1 Turasistan | 2024-09-25 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Sanalogy Turasistan allows SQL Injection.This issue affects Turasistan: before 20230911 . | ||||
| CVE-2023-4830 | 1 Turaconsulting | 1 Signalix | 2024-09-25 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tura Signalix allows SQL Injection.This issue affects Signalix: 7T_0228. | ||||
| CVE-2023-4831 | 1 Weather | 1 Ncode Ncep | 2024-09-25 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ncode Ncep allows SQL Injection.This issue affects Ncep: before 20230914 . | ||||
| CVE-2023-4670 | 1 Innosa Probbys Project | 1 Innosa Probbys | 2024-09-25 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Innosa Probbys allows SQL Injection.This issue affects Probbys: before 2. | ||||