Total
13005 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-5264 | 1 Huakecms | 1 Huakecms | 2024-09-20 | 6.3 Medium |
| A vulnerability classified as critical was found in huakecms 3.0. Affected by this vulnerability is an unknown functionality of the file /admin/cms_content.php. The manipulation of the argument cid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-240877 was assigned to this vulnerability. | ||||
| CVE-2023-5266 | 1 Dedebiz | 1 Dedebiz | 2024-09-20 | 6.3 Medium |
| A vulnerability, which was classified as critical, was found in DedeBIZ 6.2. This affects an unknown part of the file /src/admin/tags_main.php. The manipulation of the argument ids leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-240879. | ||||
| CVE-2023-5269 | 1 Mayuri K | 1 Best Courier Management System | 2024-09-20 | 5.5 Medium |
| A vulnerability was found in SourceCodester Best Courier Management System 1.0. It has been classified as critical. Affected is an unknown function of the file parcel_list.php of the component GET Parameter Handler. The manipulation of the argument s leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-240882 is the identifier assigned to this vulnerability. | ||||
| CVE-2023-5298 | 1 Tongda2000 | 1 Tongda Office Anywhere | 2024-09-20 | 5.5 Medium |
| A vulnerability was found in Tongda OA 2017. It has been rated as critical. Affected by this issue is some unknown functionality of the file general/hr/recruit/requirements/delete.php. The manipulation of the argument REQUIREMENTS_ID leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. VDB-240938 is the identifier assigned to this vulnerability. | ||||
| CVE-2023-39646 | 1 Themevolty | 1 Theme Volty Cms Category Chain Slider | 2024-09-20 | 9.8 Critical |
| Improper neutralization of SQL parameter in Theme Volty CMS Category Chain Slider module for PrestaShop. In the module “Theme Volty CMS Category Chain Slide"(tvcmscategorychainslider) up to version 4.0.1 from Theme Volty for PrestaShop, a guest can perform SQL injection in affected versions. | ||||
| CVE-2023-39647 | 1 Themevolty | 1 Theme Volty Cms Category Product | 2024-09-20 | 9.8 Critical |
| Improper neutralization of SQL parameter in Theme Volty CMS Category Product module for PrestaShop. In the module “Theme Volty CMS Category Product” (tvcmscategoryproduct) up to version 4.0.1 from Theme Volty for PrestaShop, a guest can perform SQL injection in affected versions. | ||||
| CVE-2023-39648 | 1 Themevolty | 1 Theme Volty Cms Testimonial | 2024-09-20 | 9.8 Critical |
| Improper neutralization of SQL parameter in Theme Volty CMS Testimonial module for PrestaShop. In the module “Theme Volty CMS Testimonial” (tvcmstestimonial) up to version 4.0.1 from Theme Volty for PrestaShop, a guest can perform SQL injection in affected versions. | ||||
| CVE-2023-39649 | 1 Themevolty | 1 Theme Volty Cms Category Slider | 2024-09-20 | 9.8 Critical |
| Improper neutralization of SQL parameter in Theme Volty CMS Category Slider module for PrestaShop. In the module “Theme Volty CMS Category Slider” (tvcmscategoryslider) up to version 4.0.1 from Theme Volty for PrestaShop, a guest can perform SQL injection in affected versions. | ||||
| CVE-2023-39651 | 1 Themevolty | 1 Theme Volty Cms Brandlist | 2024-09-20 | 9.8 Critical |
| Improper neutralization of SQL parameter in Theme Volty CMS BrandList module for PrestaShop In the module “Theme Volty CMS BrandList” (tvcmsbrandlist) up to version 4.0.1 from Theme Volty for PrestaShop, a guest can perform SQL injection in affected versions. | ||||
| CVE-2024-6795 | 2 Baxter, Hillrom | 2 Connex Health Portal, Connex Health Portal | 2024-09-20 | 10 Critical |
| In Connex health portal released before8/30/2024, SQL injection vulnerabilities were found that could have allowed an unauthenticated attacker to gain unauthorized access to Connex portal's database. An attacker could have submitted a crafted payload to Connex portal that could have resulted in modification and disclosure of database content and/or perform administrative operations including shutting down the database. | ||||
| CVE-2023-4098 | 1 Qsige | 1 Qsige | 2024-09-20 | 8.8 High |
| It has been identified that the web application does not correctly filter input parameters, allowing SQL injections, DoS or information disclosure. As a prerequisite, it is necessary to log into the application. | ||||
| CVE-2024-43969 | 2024-09-20 | 7.6 High | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Spiffy Plugins Spiffy Calendar allows SQL Injection.This issue affects Spiffy Calendar: from n/a through 4.9.12. | ||||
| CVE-2024-42404 | 1 Collne | 1 Welcart | 2024-09-20 | 8.8 High |
| SQL injection vulnerability in Welcart e-Commerce prior to 2.11.2 allows an attacker who can login to the product to obtain or alter the information stored in the database. | ||||
| CVE-2024-44542 | 1 Todesk | 1 Todesk | 2024-09-20 | 9.8 Critical |
| SQL Injection vulnerability in todesk v.1.1 allows a remote attacker to execute arbitrary code via the /todesk.com/news.html parameter. | ||||
| CVE-2024-46374 | 1 Best House Rental Management System | 1 Best House Rental Management System | 2024-09-20 | 9.8 Critical |
| Best House Rental Management System 1.0 contains a SQL injection vulnerability in the delete_category() function of the file rental/admin_class.php. | ||||
| CVE-2023-22378 | 1 Nozominetworks | 2 Cmc, Guardian | 2024-09-20 | 8.8 High |
| A blind SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in the sorting parameter, allows an authenticated attacker to execute arbitrary SQL statements on the DBMS used by the web application. Authenticated users may be able to extract arbitrary information from the DBMS in an uncontrolled way, alter its structure and data, and/or affect its availability. | ||||
| CVE-2023-29245 | 1 Nozominetworks | 2 Cmc, Guardian | 2024-09-20 | 8.1 High |
| A SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in certain fields used in the Asset Intelligence functionality of our IDS, may allow an unauthenticated attacker to execute arbitrary SQL statements on the DBMS used by the web application by sending specially crafted malicious network packets. Malicious users with extensive knowledge on the underlying system may be able to extract arbitrary information from the DBMS in an uncontrolled way, alter its structure and data, and/or affect its availability. | ||||
| CVE-2024-7717 | 1 Thimpress | 1 Wp Events Manager | 2024-09-20 | 8.8 High |
| The WP Events Manager plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order’ parameter in all versions up to, and including, 2.1.11 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | ||||
| CVE-2024-8302 | 2 Dingfanzu, Geeeeeeeek | 2 Cms, Dingfanzu | 2024-09-19 | 6.3 Medium |
| A vulnerability was found in dingfanzu CMS up to 29d67d9044f6f93378e6eb6ff92272217ff7225c. It has been rated as critical. Affected by this issue is some unknown functionality of the file /ajax/chpwd.php. The manipulation of the argument username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-43144 | 1 Stylemixthemes | 1 Cost Calculator Builder | 2024-09-19 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in StylemixThemes Cost Calculator Builder allows SQL Injection.This issue affects Cost Calculator Builder: from n/a through 3.2.15. | ||||