Total
13011 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-24241 | 1 Forget Heart Message Box Project | 1 Forget Heart Message Box | 2024-08-02 | 9.8 Critical |
| Forget Heart Message Box v1.1 was discovered to contain a SQL injection vulnerability via the name parameter at /admin/loginpost.php. | ||||
| CVE-2023-24219 | 1 Luckyframe | 1 Luckyframeweb | 2024-08-02 | 9.8 Critical |
| LuckyframeWEB v3.5 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /system/UserMapper.xml. | ||||
| CVE-2023-24220 | 1 Luckyframe | 1 Luckyframeweb | 2024-08-02 | 9.8 Critical |
| LuckyframeWEB v3.5 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /system/RoleMapper.xml. | ||||
| CVE-2023-24163 | 1 Hutool | 1 Hutool | 2024-08-02 | 9.8 Critical |
| SQL Inection vulnerability in Dromara hutool before 5.8.21 allows attacker to execute arbitrary code via the aviator template engine. | ||||
| CVE-2023-24199 | 1 Oretnom23 | 1 Raffle Draw System | 2024-08-02 | 9.8 Critical |
| Raffle Draw System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at delete_ticket.php. | ||||
| CVE-2023-24221 | 1 Luckyframe | 1 Luckyframeweb | 2024-08-02 | 9.8 Critical |
| LuckyframeWEB v3.5 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /system/DeptMapper.xml. | ||||
| CVE-2023-24200 | 1 Oretnom23 | 1 Raffle Draw System | 2024-08-02 | 9.8 Critical |
| Raffle Draw System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at save_ticket.php. | ||||
| CVE-2023-24201 | 1 Oretnom23 | 1 Raffle Draw System | 2024-08-02 | 9.8 Critical |
| Raffle Draw System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at get_ticket.php. | ||||
| CVE-2023-24198 | 1 Oretnom23 | 1 Raffle Draw System | 2024-08-02 | 9.8 Critical |
| Raffle Draw System v1.0 was discovered to contain multiple SQL injection vulnerabilities at save_winner.php via the ticket_id and draw parameters. | ||||
| CVE-2023-24206 | 1 Davinci Project | 1 Davinci | 2024-08-02 | 9.8 Critical |
| Davinci v0.3.0-rc was discovered to contain a SQL injection vulnerability via the copyDisplay function. | ||||
| CVE-2023-24084 | 1 Chikoi Project | 1 Chikoi | 2024-08-02 | 9.8 Critical |
| ChiKoi v1.0 was discovered to contain a SQL injection vulnerability via the load_file function. | ||||
| CVE-2023-23948 | 1 Owncloud | 1 Owncloud | 2024-08-02 | 6.2 Medium |
| The ownCloud Android app allows ownCloud users to access, share, and edit files and folders. Version 2.21.1 of the ownCloud Android app is vulnerable to SQL injection in `FileContentProvider.kt`. This issue can lead to information disclosure. Two databases, `filelist` and `owncloud_database`, are affected. In version 3.0, the `filelist` database was deprecated. However, injections affecting `owncloud_database` remain relevant as of version 3.0. | ||||
| CVE-2023-23775 | 2024-08-02 | 5.9 Medium | ||
| Multiple improper neutralization of special elements used in SQL commands ('SQL Injection') vulnerabilities [CWE-89] in FortiSOAR 7.2.0 and before 7.0.3 may allow an authenticated attacker to execute unauthorized code or commands via specifically crafted strings parameters. | ||||
| CVE-2023-23824 | 1 Wp Topbar Project | 1 Wp Topbar | 2024-08-02 | 6.7 Medium |
| Auth. SQL Injection (SQLi) vulnerability in WP-TopBar <= 5.36 versions. | ||||
| CVE-2023-23634 | 1 Documize | 1 Documize | 2024-08-02 | 9.8 Critical |
| SQL Injection vulnerability in Documize version 5.4.2, allows remote attackers to execute arbitrary code via the user parameter of the /api/dashboard/activity endpoint. | ||||
| CVE-2023-23488 | 1 Strangerstudios | 1 Paid Memberships Pro | 2024-08-02 | 9.8 Critical |
| The Paid Memberships Pro WordPress Plugin, version < 2.9.8, is affected by an unauthenticated SQL injection vulnerability in the 'code' parameter of the '/pmpro/v1/order' REST route. | ||||
| CVE-2023-23492 | 1 Idehweb | 1 Login With Phone Number | 2024-08-02 | 8.8 High |
| The Login with Phone Number WordPress Plugin, version < 1.4.2, is affected by an authenticated SQL injection vulnerability in the 'ID' parameter of its 'lwp_forgot_password' action. | ||||
| CVE-2023-23489 | 1 Sandhillsdev | 1 Easy Digital Downloads | 2024-08-02 | 9.8 Critical |
| The Easy Digital Downloads WordPress Plugin, versions 3.1.0.2 & 3.1.0.3, is affected by an unauthenticated SQL injection vulnerability in the 's' parameter of its 'edd_download_search' action. | ||||
| CVE-2023-23490 | 1 Ays-pro | 1 Survey Maker | 2024-08-02 | 8.8 High |
| The Survey Maker WordPress Plugin, version < 3.1.2, is affected by an authenticated SQL injection vulnerability in the 'surveys_ids' parameter of its 'ays_surveys_export_json' action. | ||||
| CVE-2023-23470 | 1 Ibm | 1 I | 2024-08-02 | 6.4 Medium |
| IBM i 7.2, 7.3, 7.4, and 7.5 could allow an authenticated privileged administrator to gain elevated privileges in non-default configurations, as a result of improper SQL processing. By using a specially crafted SQL operation, the administrator could exploit the vulnerability to perform additional administrator operations. IBM X-Force ID: 244510. | ||||