Total
12999 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-0487 | 1 Premio | 1 My Sticky Elements | 2024-08-02 | 7.2 High |
| The My Sticky Elements WordPress plugin before 2.0.9 does not properly sanitise and escape a parameter before using it in a SQL statement when deleting messages, leading to a SQL injection exploitable by high privilege users such as admin | ||||
| CVE-2023-0388 | 1 Random Text Project | 1 Random Text | 2024-08-02 | 8.8 High |
| The Random Text WordPress plugin through 0.3.0 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by any authenticated users, such as subscribers. | ||||
| CVE-2023-0304 | 1 Online Food Ordering System V2 Project | 1 Online Food Ordering System V2 | 2024-08-02 | 6.3 Medium |
| A vulnerability classified as critical has been found in SourceCodester Online Food Ordering System. This affects an unknown part of the file admin_class.php of the component Signup Module. The manipulation of the argument email leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-218385 was assigned to this vulnerability. | ||||
| CVE-2023-0305 | 1 Online Food Ordering System V2 Project | 1 Online Food Ordering System V2 | 2024-08-02 | 6.3 Medium |
| A vulnerability classified as critical was found in SourceCodester Online Food Ordering System. This vulnerability affects unknown code of the file admin_class.php of the component Login Module. The manipulation of the argument username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-218386 is the identifier assigned to this vulnerability. | ||||
| CVE-2023-0332 | 1 Online Food Ordering System Project | 1 Online Food Ordering System | 2024-08-02 | 7.3 High |
| A vulnerability was found in SourceCodester Online Food Ordering System 2.0. It has been classified as critical. Affected is an unknown function of the file admin/manage_user.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-218472. | ||||
| CVE-2023-0324 | 1 Online Tours \& Travels Management System Project | 1 Online Tours \& Travels Management System | 2024-08-02 | 7.3 High |
| A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file admin/page-login.php. The manipulation of the argument email leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-218426 is the identifier assigned to this vulnerability. | ||||
| CVE-2023-0303 | 1 Online Food Ordering System V2 Project | 1 Online Food Ordering System V2 | 2024-08-02 | 6.3 Medium |
| A vulnerability was found in SourceCodester Online Food Ordering System. It has been rated as critical. Affected by this issue is some unknown functionality of the file view_prod.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-218384. | ||||
| CVE-2023-0283 | 1 Online Flight Booking Management System Project | 1 Online Flight Booking Management System | 2024-08-02 | 6.3 Medium |
| A vulnerability classified as critical has been found in SourceCodester Online Flight Booking Management System. This affects an unknown part of the file review_search.php of the component POST Parameter Handler. The manipulation of the argument txtsearch leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-218277 was assigned to this vulnerability. | ||||
| CVE-2023-0281 | 1 Online Flight Booking Management System Project | 1 Online Flight Booking Management System | 2024-08-02 | 6.3 Medium |
| A vulnerability was found in SourceCodester Online Flight Booking Management System. It has been rated as critical. Affected by this issue is some unknown functionality of the file judge_panel.php. The manipulation of the argument subevent_id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-218276. | ||||
| CVE-2023-0256 | 1 Online Food Ordering System Project | 1 Online Food Ordering System | 2024-08-02 | 6.3 Medium |
| A vulnerability was found in SourceCodester Online Food Ordering System 2.0. It has been classified as critical. Affected is an unknown function of the file /fos/admin/ajax.php?action=login of the component Login Page. The manipulation of the argument Username leads to sql injection. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-218184. | ||||
| CVE-2023-0245 | 1 Online Flight Booking Management System Project | 1 Online Flight Booking Management System | 2024-08-02 | 6.3 Medium |
| A vulnerability, which was classified as critical, has been found in SourceCodester Online Flight Booking Management System. This issue affects some unknown processing of the file add_contestant.php. The manipulation of the argument add_contestant leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-218153 was assigned to this vulnerability. | ||||
| CVE-2023-0243 | 1 Tuzicms Project | 1 Tuzicms | 2024-08-02 | 6.3 Medium |
| A vulnerability classified as critical has been found in TuziCMS 2.0.6. This affects the function index of the file App\Manage\Controller\ArticleController.class.php of the component Article Module. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-218151. | ||||
| CVE-2023-0244 | 1 Tuzicms Project | 1 Tuzicms | 2024-08-02 | 6.3 Medium |
| A vulnerability classified as critical was found in TuziCMS 2.0.6. This vulnerability affects the function delall of the file \App\Manage\Controller\KefuController.class.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-218152. | ||||
| CVE-2023-0224 | 1 Givewp | 1 Givewp | 2024-08-02 | 9.8 Critical |
| The GiveWP WordPress plugin before 2.24.1 does not properly escape user input before it reaches SQL queries, which could let unauthenticated attackers perform SQL Injection attacks | ||||
| CVE-2023-0016 | 1 Sap | 1 Business Planning And Consolidation | 2024-08-02 | 9.9 Critical |
| SAP BPC MS 10.0 - version 810, allows an unauthorized attacker to execute crafted database queries. The exploitation of this issue could lead to SQL injection vulnerability and could allow an attacker to access, modify, and/or delete data from the backend database. | ||||
| CVE-2024-41944 | 2024-08-02 | 6.5 Medium | ||
| Xibo is a content management system (CMS). An SQL injection vulnerability was discovered in the `report/data/proofofplayReport` API route inside the CMS. This allows an authenticated user to to obtain and modify arbitrary data from the Xibo database by injecting specially crafted values in to the `sortBy` parameter. Users should upgrade to version 3.3.12 or 4.0.14 which fix this issue. | ||||
| CVE-2024-41915 | 2024-08-02 | 7.2 High | ||
| A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An attacker could exploit this vulnerability to obtain and modify sensitive information in the underlying database potentially leading to complete compromise of the ClearPass Policy Manager cluster. | ||||
| CVE-2024-41550 | 1 Campcodes | 1 Supplier Management System | 2024-08-02 | 7.2 High |
| CampCodes Supplier Management System v1.0 is vulnerable to SQL injection via Supply_Management_System/admin/view_invoice_items.php?id= . | ||||
| CVE-2024-41551 | 1 Campcodes | 1 Supplier Management System | 2024-08-02 | 7.3 High |
| CampCodes Supplier Management System v1.0 is vulnerable to SQL injection via Supply_Management_System/admin/view_order_items.php?id= . | ||||
| CVE-2024-40560 | 1 Mini Tmall Project | 1 Tmall Demo | 2024-08-02 | 7.3 High |
| Tmall_demo before v2024.07.03 was discovered to contain a SQL injection vulnerability. | ||||