Total
13005 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-43917 | 1 Templateinvaders | 1 Ti Woocommerce Wishlist | 2024-09-19 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TemplateInvaders TI WooCommerce Wishlist allows SQL Injection.This issue affects TI WooCommerce Wishlist: from n/a through 2.8.2. | ||||
| CVE-2023-40920 | 1 Prixan | 1 Prixanconnect | 2024-09-19 | 9.8 Critical |
| Prixan prixanconnect up to v1.62 was discovered to contain a SQL injection vulnerability via the component CartsGuruCatalogModuleFrontController::importProducts(). | ||||
| CVE-2024-39304 | 1 Churchcrm | 1 Churchcrm | 2024-09-19 | 8.8 High |
| ChurchCRM is an open-source church management system. Versions of the application prior to 5.9.2 are vulnerable to an authenticated SQL injection due to an improper sanitization of user input. Authentication is required, but no elevated privileges are necessary. This allows attackers to inject SQL statements directly into the database query due to inadequate sanitization of the EID parameter in in a GET request to `/GetText.php`. Version 5.9.2 patches the issue. | ||||
| CVE-2023-4102 | 1 Qsige | 1 Qsige | 2024-09-19 | 8.8 High |
| QSige login SSO does not have an access control mechanism to verify whether the user requesting a resource has sufficient permissions to do so. As a prerequisite, it is necessary to log into the application. | ||||
| CVE-2023-4103 | 1 Qsige | 1 Qsige | 2024-09-19 | 8.8 High |
| QSige statistics are affected by a remote SQLi vulnerability. It has been identified that the web application does not correctly filter input parameters, allowing SQL injections, DoS or information disclosure. As a prerequisite, it is necessary to log into the application. | ||||
| CVE-2023-5350 | 1 Salesagility | 1 Suitecrm | 2024-09-19 | 9.1 Critical |
| SQL Injection in GitHub repository salesagility/suitecrm prior to 7.14.1. | ||||
| CVE-2023-2681 | 1 Jorani | 1 Jorani | 2024-09-19 | 8.8 High |
| An SQL Injection vulnerability has been found on Jorani version 1.0.0. This vulnerability allows an authenticated remote user, with low privileges, to send queries with malicious SQL code on the "/leaves/validate" path and the “id” parameter, managing to extract arbritary information from the database. | ||||
| CVE-2023-43983 | 1 Presto-changeo | 1 Attribute Grid | 2024-09-19 | 9.8 Critical |
| Presto Changeo attributegrid up to 2.0.3 was discovered to contain a SQL injection vulnerability via the component disable_json.php. | ||||
| CVE-2023-4037 | 1 Setelsa-security | 1 Conacwin | 2024-09-19 | 9.9 Critical |
| Blind SQL injection vulnerability in the Conacwin 3.7.1.2 web interface, the exploitation of which could allow a local attacker to obtain sensitive data stored in the database by sending a specially crafted SQL query to the xml parameter. | ||||
| CVE-2023-3038 | 1 Helpdezk | 1 Helpdezk | 2024-09-19 | 9.8 Critical |
| SQL injection vulnerability in HelpDezk Community affecting version 1.1.10. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the rows parameter of the jsonGrid route and extract all the information stored in the application. | ||||
| CVE-2023-44024 | 1 Knowband | 1 One Page Checkout\, Social Login \& Mailchimp | 2024-09-19 | 9.8 Critical |
| SQL injection vulnerability in KnowBand Module One Page Checkout, Social Login & Mailchimp (supercheckout) v.8.0.3 and before allows a remote attacker to execute arbitrary code via a crafted request to the updateCheckoutBehaviour function in the supercheckout.php component. | ||||
| CVE-2023-4530 | 1 Turnatasarim | 1 Advertising Administration Panel | 2024-09-19 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Turna Advertising Administration Panel allows SQL Injection.This issue affects Advertising Administration Panel: before 1.1. | ||||
| CVE-2024-8395 | 1 Flycass | 1 Flycass | 2024-09-19 | 9.8 Critical |
| FlyCASS CASS and KCM systems did not correctly filter SQL queries, which made them vulnerable to attack by outside attackers with no authentication. | ||||
| CVE-2024-6268 | 1 Lahirudanushka | 1 School Management System | 2024-09-19 | 7.3 High |
| A vulnerability, which was classified as critical, has been found in lahirudanushka School Management System 1.0.0/1.0.1. Affected by this issue is some unknown functionality of the file login.php of the component Login Page. The manipulation of the argument email leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-269480. | ||||
| CVE-2024-6266 | 1 Pearadmin | 1 Pear Admin Boot | 2024-09-19 | 6.3 Medium |
| A vulnerability classified as critical has been found in Pear Admin Boot up to 2.0.2. Affected is an unknown function of the file /system/dictData/loadDictItem. The manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-269478 is the identifier assigned to this vulnerability. | ||||
| CVE-2023-43899 | 1 Hansuncms Project | 1 Hansuncms | 2024-09-19 | 9.8 Critical |
| hansun CMS v1.0 was discovered to contain a SQL injection vulnerability via the component /ajax/ajax_login.ashx. | ||||
| CVE-2024-6204 | 1 Zohocorp | 1 Manageengine Exchange Reporter Plus | 2024-09-19 | 8.3 High |
| Zohocorp ManageEngine Exchange Reporter Plus versions before 5715 are vulnerable to SQL Injection in the reports module. | ||||
| CVE-2024-8335 | 2 Openrapid, Yuque | 2 Rapidcms, Rapidcms | 2024-09-19 | 6.3 Medium |
| A vulnerability classified as critical has been found in OpenRapid RapidCMS up to 1.3.1. Affected is an unknown function of the file /resource/runlogon.php. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-5546 | 2 Manageengine, Zohocorp | 4 Pam360, Password Manager Pro, Manageengine Pam360 and 1 more | 2024-09-19 | 8.3 High |
| Zohocorp ManageEngine Password Manager Pro versions before 12431 and ManageEngine PAM360 versions before 7001 are affected by authenticated SQL Injection vulnerability via a global search option. | ||||
| CVE-2023-5471 | 1 Farmacia Project | 1 Farmacia | 2024-09-19 | 6.3 Medium |
| A vulnerability, which was classified as critical, was found in codeprojects Farmacia 1.0. Affected is an unknown function of the file index.php. The manipulation of the argument usario/senha leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-241608. | ||||