Total
13005 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-18662 | 1 Sir | 1 Gnuboard | 2024-09-19 | 9.8 Critical |
| SQL Injection vulnerability in gnuboard5 <=v5.3.2.8 via the table_prefix parameter in install_db.php. | ||||
| CVE-2024-8784 | 1 Qdocs | 1 Smart School | 2024-09-19 | 6.3 Medium |
| A vulnerability classified as critical was found in QDocs Smart School Management System 7.0.0. Affected by this vulnerability is an unknown functionality of the file /user/chat/mynewuser of the component Chat. The manipulation of the argument users[] with the input 1'+AND+(SELECT+3220+FROM+(SELECT(SLEEP(5)))ZNun)+AND+'WwBM'%3d'WwBM as part of POST Request Parameter leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 7.0.1 is able to address this issue. It is recommended to upgrade the affected component. | ||||
| CVE-2024-44430 | 2 Best Free Law Office Management Software, Mayurik | 2 Best Free Law Office Management Software, Best Free Law Office Management | 2024-09-19 | 9.8 Critical |
| SQL Injection vulnerability in Best Free Law Office Management Software-v1.0 allows an attacker to execute arbitrary code and obtain sensitive information via a crafted payload to the kortex_lite/control/register_case.php interface | ||||
| CVE-2024-34334 | 1 Ordat | 2 Foss-online, Ordat.erp | 2024-09-18 | 9.3 Critical |
| ORDAT FOSS-Online before v2.24.01 was discovered to contain a SQL injection vulnerability via the forgot password function. | ||||
| CVE-2024-8749 | 2 I-doit, Synetics | 2 I-doit, Idoit Pro | 2024-09-18 | 8.8 High |
| SQL injection vulnerability in idoit pro version 28. This vulnerability could allow an attacker to send a specially crafted query to the ID parameter in /var/www/html/src/classes/modules/api/model/cmdb/isys_api_model_cmdb_objects_by_relation.class.php and retrieve all the information stored in the database. | ||||
| CVE-2023-4309 | 1 Electionservicesco | 1 Internet Election Service | 2024-09-18 | 10 Critical |
| Election Services Co. (ESC) Internet Election Service is vulnerable to SQL injection in multiple pages and parameters. These vulnerabilities allow an unauthenticated, remote attacker to read or modify data for any elections that share the same backend database. ESC deactivated older and unused elections and enabled web application firewall (WAF) protection for current and future elections on or around 2023-08-12. | ||||
| CVE-2023-5497 | 1 Tongda2000 | 1 Office Anywhere | 2024-09-18 | 6.3 Medium |
| A vulnerability classified as critical has been found in Tongda OA 2017 11.10. Affected is an unknown function of the file general/hr/salary/welfare_manage/delete.php. The manipulation of the argument WELFARE_ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-241650 is the identifier assigned to this vulnerability. | ||||
| CVE-2024-27112 | 1 Soplanning | 1 Soplanning | 2024-09-18 | 9.8 Critical |
| A unauthenticated SQL Injection has been found in the SO Planning tool that occurs when the public view setting is enabled. An attacker could use this vulnerability to gain access to the underlying database. The vulnerability has been remediated in version 1.52.02. | ||||
| CVE-2023-41262 | 1 Plixer | 1 Scrutinizer | 2024-09-18 | 9.8 Critical |
| An issue was discovered in /fcgi/scrut_fcgi.fcgi in Plixer Scrutinizer before 19.3.1. The csvExportReport endpoint action generateCSV is vulnerable to SQL injection through the sorting parameter, allowing an unauthenticated user to execute arbitrary SQL statements in the context of the application's backend database server. | ||||
| CVE-2023-44450 | 1 Netgear | 1 Prosafe Network Management System | 2024-09-18 | N/A |
| NETGEAR ProSAFE Network Management System getNodesByTopologyMapSearch SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Authentication is required to exploit this vulnerability. The specific flaw exists within the getNodesByTopologyMapSearch function. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-21858. | ||||
| CVE-2023-44449 | 1 Netgear | 1 Prosafe Network Management System | 2024-09-18 | N/A |
| NETGEAR ProSAFE Network Management System clearAlertByIds SQL Injection Privilege Escalation Vulnerability. This vulnerability allows remote attackers to escalate privileges on affected installations of NETGEAR ProSAFE Network Management System. Authentication is required to exploit this vulnerability. The specific flaw exists within the clearAlertByIds function. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the user. Was ZDI-CAN-21875. | ||||
| CVE-2023-38100 | 1 Netgear | 1 Prosafe Network Management System | 2024-09-18 | N/A |
| NETGEAR ProSAFE Network Management System clearAlertByIds SQL Injection Privilege Escalation Vulnerability. This vulnerability allows remote attackers to escalate privileges on affected installations of NETGEAR ProSAFE Network Management System. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the clearAlertByIds function. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the user. Was ZDI-CAN-19724. | ||||
| CVE-2023-38099 | 1 Netgear | 1 Prosafe Network Management System | 2024-09-18 | N/A |
| NETGEAR ProSAFE Network Management System getNodesByTopologyMapSearch SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the getNodesByTopologyMapSearch function. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-19723. | ||||
| CVE-2024-8611 | 2 Angeljudesuarez, Itsourcecode | 2 Tailoring Management System, Tailoring Management System | 2024-09-18 | 6.3 Medium |
| A vulnerability classified as critical was found in itsourcecode Tailoring Management System 1.0. Affected by this vulnerability is an unknown functionality of the file ssms.php. The manipulation of the argument customer leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2023-23737 | 1 Managewp | 1 Broken Link Checker | 2024-09-18 | 9.3 Critical |
| Unauth. SQL Injection (SQLi) vulnerability in MainWP MainWP Broken Links Checker Extension plugin <= 4.0 versions. | ||||
| CVE-2023-23651 | 1 Mainwp | 1 Mainwp Google Analytics Extension | 2024-09-18 | 8.5 High |
| Auth. (subscriber+) SQL Injection (SQLi) vulnerability in MainWP Google Analytics Extension plugin <= 4.0.4 versions. | ||||
| CVE-2023-44961 | 1 Koha-community | 1 Koha Library Software | 2024-09-18 | 7.5 High |
| SQL Injection vulnerability in Koha Library Software 23.0.5.04 and before allows a remote attacker to obtain sensitive information via the intranet/cgi bin/cataloging/ysearch.pl. component. | ||||
| CVE-2023-45162 | 1 1e | 1 Platform | 2024-09-17 | 9.9 Critical |
| Affected 1E Platform versions have a Blind SQL Injection vulnerability that can lead to arbitrary code execution. Application of the relevant hotfix remediates this issue. for v8.1.2 apply hotfix Q23166 for v8.4.1 apply hotfix Q23164 for v9.0.1 apply hotfix Q23169 SaaS implementations on v23.7.1 will automatically have hotfix Q23173 applied. Customers with SaaS versions below this are urged to upgrade urgently - please contact 1E to arrange this | ||||
| CVE-2023-30154 | 1 Shoprunners | 1 Aftermail | 2024-09-17 | 9.8 Critical |
| Multiple improper neutralization of SQL parameters in module AfterMail (aftermailpresta) for PrestaShop, before version 2.2.1, allows remote attackers to perform SQL injection attacks via `id_customer`, `id_conf`, `id_product` and `token` parameters in `aftermailajax.php via the 'id_product' parameter in hooks DisplayRightColumnProduct and DisplayProductButtons. | ||||
| CVE-2024-6919 | 2 Nac, Nac Telecommunication Systems | 2 Nacpremium, Nacpremium | 2024-09-17 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NAC Telecommunication Systems Inc. NACPremium allows Blind SQL Injection.This issue affects NACPremium: through 01082024. | ||||