Total
13005 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-5225 | 1 Litellm | 1 Litellm | 2024-09-23 | 7.2 High |
| An SQL Injection vulnerability exists in the berriai/litellm repository, specifically within the `/global/spend/logs` endpoint. The vulnerability arises due to improper neutralization of special elements used in an SQL command. The affected code constructs an SQL query by concatenating an unvalidated `api_key` parameter directly into the query, making it susceptible to SQL Injection if the `api_key` contains malicious data. This issue affects the latest version of the repository. Successful exploitation of this vulnerability could lead to unauthorized access, data manipulation, exposure of confidential information, and denial of service (DoS). | ||||
| CVE-2023-42461 | 1 Glpi-project | 1 Glpi | 2024-09-23 | 6.5 Medium |
| GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. The ITIL actors input field from the Ticket form can be used to perform a SQL injection. Users are advised to upgrade to version 10.0.10. There are no known workarounds for this vulnerability. | ||||
| CVE-2023-43013 | 1 Projectworlds | 1 Asset Management System | 2024-09-23 | 9.8 Critical |
| Asset Management System v1.0 is vulnerable to an unauthenticated SQL Injection vulnerability on the 'email' parameter of index.php page, allowing an external attacker to dump all the contents of the database contents and bypass the login control. | ||||
| CVE-2023-43014 | 1 Projectworlds | 1 Asset Management System | 2024-09-23 | 8.8 High |
| Asset Management System v1.0 is vulnerable to an Authenticated SQL Injection vulnerability on the 'first_name' and 'last_name' parameters of user.php page, allowing an authenticated attacker to dump all the contents of the database contents. | ||||
| CVE-2023-43739 | 1 Online Book Store Project Project | 1 Online Book Store Project | 2024-09-23 | 9.8 Critical |
| The 'bookisbn' parameter of the cart.php resource does not validate the characters received and they are sent unfiltered to the database. | ||||
| CVE-2023-44163 | 1 Projectworlds | 1 Online Movie Ticket Booking System | 2024-09-23 | 9.8 Critical |
| The 'search' parameter of the process_search.php resource does not validate the characters received and they are sent unfiltered to the database. | ||||
| CVE-2023-44164 | 1 Projectworlds | 1 Online Movie Ticket Booking System | 2024-09-23 | 9.8 Critical |
| The 'Email' parameter of the process_login.php resource does not validate the characters received and they are sent unfiltered to the database. | ||||
| CVE-2023-44166 | 1 Projectworlds | 1 Online Movie Ticket Booking System | 2024-09-23 | 9.8 Critical |
| The 'age' parameter of the process_registration.php resource does not validate the characters received and they are sent unfiltered to the database. | ||||
| CVE-2023-5004 | 1 Projectworlds | 1 Hospital Management System In Php | 2024-09-23 | 9.8 Critical |
| Hospital management system version 378c157 allows to bypass authentication. This is possible because the application is vulnerable to SQLI. | ||||
| CVE-2023-5053 | 1 Projectworlds | 1 Hospital Management System In Php | 2024-09-23 | 9.8 Critical |
| Hospital management system version 378c157 allows to bypass authentication. This is possible because the application is vulnerable to SQLI. | ||||
| CVE-2023-43909 | 2 Hospital Management System, Hospital Management System Project | 2 Hospital Management System, Hospital Management System | 2024-09-23 | 9.1 Critical |
| Hospital Management System thru commit 4770d was discovered to contain a SQL injection vulnerability via the app_contact parameter in appsearch.php. | ||||
| CVE-2023-5276 | 1 Engineers Online Portal Project | 1 Engineers Online Portal | 2024-09-23 | 6.3 Medium |
| A vulnerability classified as critical was found in SourceCodester Engineers Online Portal 1.0. This vulnerability affects unknown code of the file downloadable_student.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The identifier of this vulnerability is VDB-240904. | ||||
| CVE-2023-43836 | 1 Jizhicms | 1 Jizhicms | 2024-09-23 | 6.5 Medium |
| There is a SQL injection vulnerability in the Jizhicms 2.4.9 backend, which users can use to obtain database information | ||||
| CVE-2023-43980 | 1 Presto-changeo | 1 Testsitecreator | 2024-09-23 | 9.8 Critical |
| Presto Changeo testsitecreator up to v1.1.1 was discovered to contain a SQL injection vulnerability via the component disable_json.php. | ||||
| CVE-2023-40046 | 1 Progress | 1 Ws Ftp Server | 2024-09-23 | 8.2 High |
| In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a SQL injection vulnerability exists in the WS_FTP Server manager interface. An attacker may be able to infer information about the structure and contents of the database and execute SQL statements that alter or delete database elements. | ||||
| CVE-2024-5057 | 2 Easydigitaldownloads, Sandhillsdev | 2 Easy Digital Downloads, Easy Digital Downloads | 2024-09-20 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Easy Digital Downloads allows SQL Injection.This issue affects Easy Digital Downloads: from n/a through 3.2.12. | ||||
| CVE-2023-5279 | 1 Engineers Online Portal Project | 1 Engineers Online Portal | 2024-09-20 | 6.3 Medium |
| A vulnerability has been found in SourceCodester Engineers Online Portal 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file my_classmates.php. The manipulation of the argument teacher_class_student_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-240907. | ||||
| CVE-2023-5281 | 1 Engineers Online Portal Project | 1 Engineers Online Portal | 2024-09-20 | 6.3 Medium |
| A vulnerability was found in SourceCodester Engineers Online Portal 1.0. It has been classified as critical. This affects an unknown part of the file remove_inbox_message.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-240909 was assigned to this vulnerability. | ||||
| CVE-2024-6401 | 2 Sfs, Sfs Consulting | 2 Insuree Gl, Insuree Gl | 2024-09-20 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SFS Consulting InsureE GL allows SQL Injection.This issue affects InsureE GL: before 4.6.2. | ||||
| CVE-2024-9008 | 2 Best Online News Portal Project, Sourcecodester | 2 Best Online News Portal, Best Online News Portal | 2024-09-20 | 6.3 Medium |
| A vulnerability classified as critical was found in SourceCodester Best Online News Portal 1.0. This vulnerability affects unknown code of the file /news-details.php of the component Comment Section. The manipulation of the argument name leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||