Total
13005 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-43144 | 1 Projectworlds | 1 Asset Management System Project In Php | 2024-09-24 | 9.8 Critical |
| Projectworldsl Assets-management-system-in-php 1.0 is vulnerable to SQL Injection via the "id" parameter in delete.php. | ||||
| CVE-2023-43468 | 1 Online Job Portal Project | 1 Online Job Portal | 2024-09-24 | 9.8 Critical |
| SQL injection vulnerability in janobe Online Job Portal v.2020 allows a remote attacker to execute arbitrary code via the login.php component. | ||||
| CVE-2023-43469 | 1 Online Job Portal Project | 1 Online Job Portal | 2024-09-24 | 9.8 Critical |
| SQL injection vulnerability in janobe Online Job Portal v.2020 allows a remote attacker to execute arbitrary code via the ForPass.php component. | ||||
| CVE-2023-43470 | 1 Janobe | 1 Online Voting System | 2024-09-24 | 9.8 Critical |
| SQL injection vulnerability in janobe Online Voting System v.1.0 allows a remote attacker to execute arbitrary code via the checklogin.php component. | ||||
| CVE-2023-43381 | 1 Tianchoy | 1 Blog | 2024-09-24 | 7.5 High |
| SQL Injection vulnerability in Tianchoy Blog v.1.8.8 allows a remote attacker to obtain sensitive information via the id parameter in the login.php | ||||
| CVE-2023-44044 | 1 Superstorefinder | 1 Super Store Finder | 2024-09-24 | 7.2 High |
| Super Store Finder v3.6 and below was discovered to contain a SQL injection vulnerability via the Search parameter at /admin/stores.php. | ||||
| CVE-2023-42807 | 1 Frappe | 1 Frappe Lms | 2024-09-24 | 6.3 Medium |
| Frappe LMS is an open source learning management system. In versions 1.0.0 and prior, on the People Page of LMS, there was an SQL Injection vulnerability. The issue has been fixed in the `main` branch. Users won't face this issue if they are using the latest main branch of the app. | ||||
| CVE-2023-43493 | 1 Collne | 1 Welcart E-commerce | 2024-09-24 | 4.9 Medium |
| SQL injection vulnerability in Item List page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with author or higher privilege to obtain sensitive information. | ||||
| CVE-2023-43610 | 1 Collne | 1 Welcart E-commerce | 2024-09-24 | 8.8 High |
| SQL injection vulnerability in Order Data Edit page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with editor (without setting authority) or higher privilege to perform unintended database operations. | ||||
| CVE-2023-34168 | 1 Esiteq | 1 Wp Report Post | 2024-09-24 | 7.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Alex Raven WP Report Post allows SQL Injection.This issue affects WP Report Post: from n/a through 2.1.2. | ||||
| CVE-2023-43192 | 1 Jrecms | 1 Springbootcms | 2024-09-24 | 8.8 High |
| SQL injection can exist in a newly created part of the SpringbootCMS 1.0 background, and the parameters submitted by users are not filtered. As a result, special characters in parameters destroy the original logic of SQL statements. Attackers can use this vulnerability to execute any SQL statement. | ||||
| CVE-2023-43640 | 1 Speciesfilegroup | 1 Taxonworks | 2024-09-24 | 6.5 Medium |
| TaxonWorks is a web-based workbench designed for taxonomists and biodiversity scientists. Prior to version 0.34.0, a SQL injection vulnerability was found in TaxonWorks that allows authenticated attackers to extract arbitrary data from the TaxonWorks database (including the users table). This issue may lead to information disclosure. Version 0.34.0 contains a fix for the issue. | ||||
| CVE-2023-44047 | 1 Toll Tax Management System Project | 1 Toll Tax Management System | 2024-09-24 | 7.2 High |
| Sourcecodester Toll Tax Management System v1 is vulnerable to SQL Injection. | ||||
| CVE-2023-30415 | 1 Oretnom23 | 1 Packers And Movers Management System | 2024-09-24 | 9.8 Critical |
| Sourcecodester Packers and Movers Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /inquiries/view_inquiry.php. | ||||
| CVE-2023-38870 | 1 Economizzer | 1 Economizzer | 2024-09-24 | 9.8 Critical |
| A SQL injection vulnerability exists in gugoan Economizzer commit 3730880 (April 2023) and v.0.9-beta1. The cash book has a feature to list accomplishments by category, and the 'category_id' parameter is vulnerable to SQL Injection. | ||||
| CVE-2022-25775 | 2 Acquia, Mautic | 2 Mautic, Mautic | 2024-09-23 | 6.6 Medium |
| Prior to the patched version, logged in users of Mautic are vulnerable to an SQL injection vulnerability in the Reports bundle. The user could retrieve and alter data like sensitive data, login, and depending on database permission the attacker can manipulate file systems. | ||||
| CVE-2024-29174 | 1 Dell | 1 Data Domain Operating System | 2024-09-23 | 4.4 Medium |
| Dell Data Domain, versions prior to 7.13.0.0, LTS 7.7.5.30, LTS 7.10.1.20 contain an SQL Injection vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application's backend database causing unauthorized access to application data. | ||||
| CVE-2023-41320 | 1 Glpi-project | 1 Glpi | 2024-09-23 | 8.1 High |
| GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. UI layout preferences management can be hijacked to lead to SQL injection. This injection can be use to takeover an administrator account. Users are advised to upgrade to version 10.0.10. There are no known workarounds for this vulnerability. | ||||
| CVE-2023-4737 | 1 Hedeftakip | 1 Admin Portal | 2024-09-23 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Hedef Tracking Admin Panel allows SQL Injection.This issue affects Admin Panel: before 1.2. | ||||
| CVE-2023-35071 | 1 Mrv | 1 Logging Administration Panel | 2024-09-23 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in MRV Tech Logging Administration Panel allows SQL Injection.This issue affects Logging Administration Panel: before 20230915 . | ||||