Total
11593 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-49363 | 1 Rockoa | 1 Rockoa | 2023-12-18 | N/A | 9.8 CRITICAL |
| Rockoa <2.3.3 is vulnerable to SQL Injection. The problem exists in the indexAction method in reimpAction.php. | |||||
| CVE-2022-24206 | 1 Tongda2000 | 1 Tongda Office Anywhere | 2023-12-16 | 7.5 HIGH | 9.8 CRITICAL |
| Tongda2000 v11.10 was discovered to contain a SQL injection vulnerability in /mobile_seal/get_seal.php via the DEVICE_LIST parameter. | |||||
| CVE-2022-23902 | 1 Tongda2000 | 1 Tongda Office Anywhere | 2023-12-16 | 7.5 HIGH | 9.8 CRITICAL |
| Tongda2000 v11.10 was discovered to contain a SQL injection vulnerability in export_data.php via the d_name parameter. | |||||
| CVE-2023-45800 | 1 Hanbiro | 1 Groupware | 2023-12-15 | N/A | 7.5 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Hanbiro Hanbiro groupware allows Information Elicitation.This issue affects Hanbiro groupware: from V3.8.79 before V3.8.81.1. | |||||
| CVE-2023-41623 | 1 Emlog | 1 Emlog | 2023-12-14 | N/A | 7.2 HIGH |
| Emlog version pro2.1.14 was discovered to contain a SQL injection vulnerability via the uid parameter at /admin/media.php. | |||||
| CVE-2023-50429 | 1 Izybat | 1 Orange Casiers | 2023-12-14 | N/A | 9.1 CRITICAL |
| IzyBat Orange casiers before 20230803_1 allows getEnsemble.php ensemble SQL injection. | |||||
| CVE-2023-49030 | 1 32ns | 1 Klive | 2023-12-13 | N/A | 7.5 HIGH |
| SQL Injection vulnerability in32ns KLive v.2019-1-19 and before allows a remote attacker to obtain sensitive information via a crafted script to the web/user.php component. | |||||
| CVE-2023-36652 | 1 Prolion | 1 Cryptospike | 2023-12-13 | N/A | 4.3 MEDIUM |
| A SQL Injection in the users searching REST API endpoint in ProLion CryptoSpike 3.0.15P2 allows remote authenticated attackers to read database data via SQL commands injected in the search parameter. | |||||
| CVE-2023-6035 | 1 Spider-themes | 1 Eazydocs | 2023-12-13 | N/A | 8.8 HIGH |
| The EazyDocs WordPress plugin before 2.3.4 does not properly sanitize and escape "data" parameter before using it in an SQL statement via an AJAX action, which could allow any authenticated users, such as subscribers, to perform SQL Injection attacks. | |||||
| CVE-2023-43743 | 1 Zultys | 12 Mx-e, Mx-e Firmware, Mx-se and 9 more | 2023-12-13 | N/A | 8.8 HIGH |
| A SQL injection vulnerability in Zultys MX-SE, MX-SE II, MX-E, MX-Virtual, MX250, and MX30 with firmware versions prior to 17.0.10 patch 17161 and 16.04 patch 16109 allows an authenticated attacker to execute arbitrary SQL queries on the backend database via the filter parameter in requests to the /newapi/ endpoint in the Zultys MX web interface. | |||||
| CVE-2023-5761 | 1 Burst-statistics | 1 Burst Statistics | 2023-12-12 | N/A | 7.5 HIGH |
| The Burst Statistics – Privacy-Friendly Analytics for WordPress plugin for WordPress is vulnerable to SQL Injection via the 'url' parameter in versions 1.4.0 to 1.4.6.1 (free) and versions 1.4.0 to 1.5.0 (pro) due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | |||||
| CVE-2023-5008 | 1 Imsurajghosh | 1 Student Information System | 2023-12-11 | N/A | 9.8 CRITICAL |
| Student Information System v1.0 is vulnerable to an unauthenticated SQL Injection vulnerability on the 'regno' parameter of index.php page, allowing an external attacker to dump all the contents of the database contents and bypass the login control. | |||||
| CVE-2023-46353 | 1 Mypresta | 1 Product Tag Icons Pro | 2023-12-09 | N/A | 9.8 CRITICAL |
| In the module "Product Tag Icons Pro" (ticons) before 1.8.4 from MyPresta.eu for PrestaShop, a guest can perform SQL injection. The method TiconProduct::getTiconByProductAndTicon() has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection. | |||||
| CVE-2023-48823 | 1 Mayurik | 1 Courier Management System | 2023-12-09 | N/A | 9.8 CRITICAL |
| A Blind SQL injection issue in ajax.php in GaatiTrack Courier Management System 1.0 allows an unauthenticated attacker to inject a payload via the email parameter during login. | |||||
| CVE-2023-49429 | 1 Tenda | 2 Ax9, Ax9 Firmware | 2023-12-09 | N/A | 9.8 CRITICAL |
| Tenda AX9 V22.03.01.46 was discovered to contain a SQL command injection vulnerability in the 'setDeviceInfo' feature through the 'mac' parameter at /goform/setModules. | |||||
| CVE-2023-6063 | 1 Wpfastestcache | 1 Wp Fastest Cache | 2023-12-08 | N/A | 7.5 HIGH |
| The WP Fastest Cache WordPress plugin before 1.2.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users. | |||||
| CVE-2023-46575 | 1 Layer5 | 1 Meshery | 2023-12-08 | N/A | 9.8 CRITICAL |
| A SQL injection vulnerability exists in Meshery prior to version v0.6.179, enabling a remote attacker to retrieve sensitive information and execute arbitrary code through the “order” parameter | |||||
| CVE-2011-0448 | 1 Rubyonrails | 1 Rails | 2023-12-07 | 7.5 HIGH | N/A |
| Ruby on Rails 3.0.x before 3.0.4 does not ensure that arguments to the limit function specify integer values, which makes it easier for remote attackers to conduct SQL injection attacks via a non-numeric argument. | |||||
| CVE-2023-48863 | 1 Sem-cms | 1 Semcms | 2023-12-07 | N/A | 7.5 HIGH |
| SEMCMS 3.9 is vulnerable to SQL Injection. Due to the lack of security checks on the input of the application, the attacker uses the existing application to inject malicious SQL commands into the background database engine for execution, and sends some attack codes as commands or query statements to the interpreter. These malicious data can deceive the interpreter, so as to execute unplanned commands or unauthorized access to data. | |||||
| CVE-2023-5108 | 1 Alphabpo | 1 Easy Newsletter Signups | 2023-12-07 | N/A | 7.2 HIGH |
| The Easy Newsletter Signups WordPress plugin through 1.0.4 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin | |||||