Total
13005 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-43371 | 1 Digitaldruid | 1 Hoteldruid | 2024-09-25 | 9.8 Critical |
| Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the numcaselle parameter at /hoteldruid/creaprezzi.php. | ||||
| CVE-2023-43274 | 1 Phpjabbers | 1 Php Shopping Cart | 2024-09-25 | 7.5 High |
| Phpjabbers PHP Shopping Cart 4.2 is vulnerable to SQL Injection via the id parameter. | ||||
| CVE-2023-39640 | 1 Uplight | 1 Cookie Law | 2024-09-25 | 9.8 Critical |
| UpLight cookiebanner before 1.5.1 was discovered to contain a SQL injection vulnerability via the component Hook::getHookModuleExecList(). | ||||
| CVE-2023-40934 | 1 Nagios | 1 Nagios Xi | 2024-09-24 | 7.2 High |
| A SQL injection vulnerability in Nagios XI 5.11.1 and below allows authenticated attackers with privileges to manage host escalations in the Core Configuration Manager to execute arbitrary SQL commands via the host escalation notification settings. | ||||
| CVE-2023-40933 | 1 Nagios | 1 Nagios Xi | 2024-09-24 | 8.8 High |
| A SQL injection vulnerability in Nagios XI v5.11.1 and below allows authenticated attackers with announcement banner configuration privileges to execute arbitrary SQL commands via the ID parameter sent to the update_banner_message() function. | ||||
| CVE-2023-34575 | 1 Op\'art Save Cart Project | 1 Op\'art Save Cart | 2024-09-24 | 9.8 Critical |
| SQL injection vulnerability in PrestaShop opartsavecart through 2.0.7 allows remote attackers to run arbitrary SQL commands via OpartSaveCartDefaultModuleFrontController::initContent() and OpartSaveCartDefaultModuleFrontController::displayAjaxSendCartByEmail() methods. | ||||
| CVE-2023-5152 | 1 Dlink | 3 Dar-7000 Firmware, Dar-8000, Dar-8000 Firmware | 2024-09-24 | 6.3 Medium |
| ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, has been found in D-Link DAR-7000 and DAR-8000 up to 20151231. Affected by this issue is some unknown functionality of the file /importexport.php. The manipulation of the argument sql leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-240248. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced. | ||||
| CVE-2024-44004 | 1 Wptaskforce | 2 Track \& Trace, Wpcargo Track \& Trace | 2024-09-24 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPTaskForce WPCargo Track & Trace allows SQL Injection.This issue affects WPCargo Track & Trace: from n/a through 7.0.6. | ||||
| CVE-2023-5151 | 1 Dlink | 2 Dar-8000, Dar-8000 Firmware | 2024-09-24 | 6.3 Medium |
| ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical was found in D-Link DAR-8000 up to 20151231. Affected by this vulnerability is an unknown functionality of the file /autheditpwd.php. The manipulation of the argument hid_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-240247. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced. | ||||
| CVE-2023-31717 | 1 Frangoteam | 1 Fuxa | 2024-09-24 | 7.5 High |
| A SQL Injection attack in FUXA <= 1.1.12 allows exfiltration of confidential information from the database. | ||||
| CVE-2023-31719 | 1 Frangoteam | 1 Fuxa | 2024-09-24 | 9.8 Critical |
| FUXA <= 1.1.12 is vulnerable to SQL Injection via /api/signin. | ||||
| CVE-2023-34576 | 1 Opartfaq Project | 1 Opartfaq | 2024-09-24 | 9.8 Critical |
| SQL injection vulnerability in updatepos.php in PrestaShop opartfaq through 1.0.3 allows remote attackers to run arbitrary SQL commands via unspedified vector. | ||||
| CVE-2023-34577 | 1 Planned Popup Project | 1 Planned Popup | 2024-09-24 | 9.8 Critical |
| SQL injection vulnerability in Prestashop opartplannedpopup 1.4.11 and earlier allows remote attackers to run arbitrary SQL commands via OpartPlannedPopupModuleFrontController::prepareHook() method. | ||||
| CVE-2023-4292 | 1 Frauscher | 1 Frauscher Diagnostic System 101 | 2024-09-24 | 5.3 Medium |
| Frauscher Sensortechnik GmbH FDS101 for FAdC/FAdCi v1.4.24 and all previous versions are vulnerable to a SQL injection vulnerability via manipulated parameters of the web interface without authentication. The database contains limited, non-critical log information. | ||||
| CVE-2023-39378 | 1 Siberiancms | 1 Siberiancms | 2024-09-24 | 8.8 High |
| SiberianCMS - CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') by an unauthenticated user | ||||
| CVE-2024-8146 | 1 Pharmacy Management System Project | 1 Pharmacy Management System | 2024-09-24 | 6.3 Medium |
| A vulnerability has been found in code-projects Pharmacy Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /index.php?action=editSalesman. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-43978 | 1 Superstorefinder | 1 Super Store Finder | 2024-09-24 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in highwarden Super Store Finder allows SQL Injection.This issue affects Super Store Finder: from n/a before 6.9.8. | ||||
| CVE-2024-43976 | 1 Superstorefinder | 1 Super Store Finder | 2024-09-24 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in highwarden Super Store Finder allows SQL Injection.This issue affects Super Store Finder: from n/a through 6.9.7. | ||||
| CVE-2023-40989 | 1 Jeecg | 1 Jeecg Boot | 2024-09-24 | 9.8 Critical |
| SQL injection vulnerbility in jeecgboot jeecg-boot v 3.0, 3.5.3 that allows a remote attacker to execute arbitrary code via a crafted request to the report/jeecgboot/jmreport/queryFieldBySql component. | ||||
| CVE-2023-43132 | 1 Szvone | 1 Vmqphp | 2024-09-24 | 6.5 Medium |
| szvone vmqphp <=1.13 is vulnerable to SQL Injection. Unauthorized remote users can use sql injection attacks to obtain the hash of the administrator password. | ||||