Total
13005 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-4670 | 1 Innosa Probbys Project | 1 Innosa Probbys | 2024-09-25 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Innosa Probbys allows SQL Injection.This issue affects Probbys: before 2. | ||||
| CVE-2023-4231 | 1 Cevik | 1 Informatics Online Payment System | 2024-09-25 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cevik Informatics Online Payment System allows SQL Injection.This issue affects Online Payment System: before 4.09. | ||||
| CVE-2023-4835 | 1 Petroleum Management Software Application Project | 1 Petroleum Management Software Application | 2024-09-25 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CF Software Oil Management Software allows SQL Injection.This issue affects Oil Management Software: before 20230912 . | ||||
| CVE-2023-4833 | 1 Besttem Network Marketing Project | 1 Besttem Network Marketing | 2024-09-25 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Besttem Network Marketing Software allows SQL Injection.This issue affects Network Marketing Software: before 1.0.2309.6. | ||||
| CVE-2023-4661 | 1 Saphira | 1 Connect | 2024-09-25 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Saphira Saphira Connect allows SQL Injection.This issue affects Saphira Connect: before 9. | ||||
| CVE-2023-4987 | 1 Infinitietech | 1 Taskhub | 2024-09-25 | 5.5 Medium |
| A vulnerability, which was classified as critical, has been found in infinitietech taskhub 2.8.7. Affected by this issue is some unknown functionality of the file /home/get_tasks_list of the component GET Parameter Handler. The manipulation of the argument project/status/user_id/sort/search leads to sql injection. VDB-239798 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2014-10013 | 1 Strategy11 | 1 Awp Classifieds | 2024-09-25 | N/A |
| SQL injection vulnerability in the Another WordPress Classifieds Plugin plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the keywordphrase parameter in a dosearch action. | ||||
| CVE-2022-3254 | 1 Strategy11 | 1 Awp Classifieds | 2024-09-25 | 9.8 Critical |
| The WordPress Classifieds Plugin WordPress plugin before 4.3 does not properly sanitise and escape some parameters before using them in a SQL statement via an AJAX action available to unauthenticated users and when a specific premium module is active, leading to a SQL injection | ||||
| CVE-2023-40931 | 1 Nagios | 1 Nagios Xi | 2024-09-25 | 6.5 Medium |
| A SQL injection vulnerability in Nagios XI from version 5.11.0 up to and including 5.11.1 allows authenticated attackers to execute arbitrary SQL commands via the ID parameter in the POST request to /nagiosxi/admin/banner_message-ajaxhelper.php | ||||
| CVE-2023-41387 | 2 Apple, Patreon | 2 Iphone Os, Flutter Downloader | 2024-09-25 | 9.1 Critical |
| A SQL injection in the flutter_downloader component through 1.11.1 for iOS allows remote attackers to steal session tokens and overwrite arbitrary files inside the app's container. The internal database of the framework is exposed to the local user if an app uses UIFileSharingEnabled and LSSupportsOpeningDocumentsInPlace properties. As a result, local users can obtain the same attack primitives as remote attackers by tampering with the internal database of the framework on the device. | ||||
| CVE-2023-39675 | 1 Simpleimportproduct Project | 1 Simpleimportproduct | 2024-09-25 | 9.8 Critical |
| SimpleImportProduct Prestashop Module v6.2.9 was discovered to contain a SQL injection vulnerability via the key parameter at send.php. | ||||
| CVE-2023-4092 | 1 Fujitsu | 1 Arconte Aurea | 2024-09-25 | 8.8 High |
| SQL injection vulnerability in Arconte Áurea, in its 1.5.0.0 version. The exploitation of this vulnerability could allow an attacker to read sensitive data from the database, modify data (insert/update/delete), perform database administration operations and, in some cases, execute commands on the operating system. | ||||
| CVE-2023-5029 | 1 Chshcms | 1 Mccms | 2024-09-25 | 5.5 Medium |
| A vulnerability, which was classified as critical, was found in mccms 2.6. This affects an unknown part of the file /category/order/hits/copyright/46/finish/1/list/1. The manipulation with the input '"1 leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-239871. | ||||
| CVE-2024-8944 | 2 Code-projects, Fabianros | 2 Hospital Management System, Hospital Management System | 2024-09-25 | 7.3 High |
| A vulnerability, which was classified as critical, was found in code-projects Hospital Management System 1.0. This affects an unknown part of the file check_availability.php. The manipulation of the argument email leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2023-5014 | 1 Food Ordering Website Project | 1 Food Ordering Website | 2024-09-25 | 6.3 Medium |
| A vulnerability was found in Sakshi2610 Food Ordering Website 1.0 and classified as critical. This issue affects some unknown processing of the file categoryfood.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-239855. | ||||
| CVE-2024-6671 | 1 Progress | 2 Whatsup Gold, Whatsupgold | 2024-09-25 | 9.8 Critical |
| In WhatsUp Gold versions released before 2024.0.0, if the application is configured with only a single user, a SQL Injection vulnerability allows an unauthenticated attacker to retrieve the users encrypted password. | ||||
| CVE-2023-43377 | 1 Digitaldruid | 1 Hoteldruid | 2024-09-25 | 5.4 Medium |
| A cross-site scripting (XSS) vulnerability in /hoteldruid/visualizza_contratto.php of Hoteldruid v3.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the destinatario_email1 parameter. | ||||
| CVE-2023-43375 | 1 Digitaldruid | 1 Hoteldruid | 2024-09-25 | 9.8 Critical |
| Hoteldruid v3.0.5 was discovered to contain multiple SQL injection vulnerabilities at /hoteldruid/clienti.php via the annonascita, annoscaddoc, giornonascita, giornoscaddoc, lingua_cli, mesenascita, and mesescaddoc parameters. | ||||
| CVE-2023-43374 | 1 Digitaldruid | 1 Hoteldruid | 2024-09-25 | 9.8 Critical |
| Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the id_utente_log parameter at /hoteldruid/personalizza.php. | ||||
| CVE-2023-43373 | 1 Digitaldruid | 1 Hoteldruid | 2024-09-25 | 9.8 Critical |
| Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the n_utente_agg parameter at /hoteldruid/interconnessioni.php. | ||||