Total
11593 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-5047 | 1 Drd | 1 Drdrive | 2023-11-30 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in DRD Fleet Leasing DRDrive allows SQL Injection.This issue affects DRDrive: before 20231006. | |||||
| CVE-2023-3631 | 1 Medart Notification Panel Project | 1 Medart Notification Panel | 2023-11-30 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Medart Health Services Medart Notification Panel allows SQL Injection.This issue affects Medart Notification Panel: through 20231123. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-45336 | 1 Projectworlds | 1 Online Food Ordering System | 2023-11-30 | N/A | 9.8 CRITICAL |
| Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'password' parameter of the routers/router.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2023-45340 | 1 Projectworlds | 1 Online Food Ordering System | 2023-11-30 | N/A | 9.8 CRITICAL |
| Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'phone' parameter of the routers/details-router.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2023-45341 | 1 Projectworlds | 1 Online Food Ordering System | 2023-11-30 | N/A | 9.8 CRITICAL |
| Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The '*_price' parameter of the routers/menu-router.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2023-45342 | 1 Projectworlds | 1 Online Food Ordering System | 2023-11-30 | N/A | 9.8 CRITICAL |
| Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'phone' parameter of the routers/register-router.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2023-45343 | 1 Projectworlds | 1 Online Food Ordering System | 2023-11-30 | N/A | 9.8 CRITICAL |
| Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'ticket_id' parameter of the routers/ticket-message.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2023-3377 | 1 Veribase | 1 Veribase | 2023-11-30 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Veribilim Software Computer Veribase allows SQL Injection.This issue affects Veribase: through 20231123. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-37924 | 1 Apache | 1 Submarine | 2023-11-30 | N/A | 9.8 CRITICAL |
| Apache Software Foundation Apache Submarine has an SQL injection vulnerability when a user logs in. This issue can result in unauthorized login. Now we have fixed this issue and now user must have the correct login to access workbench. This issue affects Apache Submarine: from 0.7.0 before 0.8.0. We recommend that all submarine users with 0.7.0 upgrade to 0.8.0, which not only fixes the issue, supports the oidc authentication mode, but also removes the case of unauthenticated logins. If using the version lower than 0.8.0 and not want to upgrade, you can try cherry-pick PR https://github.com/apache/submarine/pull/1037 https://github.com/apache/submarine/pull/1054 and rebuild the submarine-server image to fix this. | |||||
| CVE-2023-5046 | 1 Biltay | 1 Procost | 2023-11-30 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Biltay Technology Procost allows SQL Injection, Command Line Execution through SQL Injection.This issue affects Procost: before 1390. | |||||
| CVE-2023-5045 | 1 Biltay | 1 Kayisi | 2023-11-30 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Biltay Technology Kayisi allows SQL Injection, Command Line Execution through SQL Injection.This issue affects Kayisi: before 1286. | |||||
| CVE-2023-45377 | 1 Chronopost | 1 Chronopost | 2023-11-30 | N/A | 9.8 CRITICAL |
| In the module "Chronopost Official" (chronopost) for PrestaShop, a guest can perform SQL injection. The script PHP `cancelSkybill.php` own a sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection. | |||||
| CVE-2023-46357 | 1 Myprestamodules | 1 Cross Selling In Modal Cart | 2023-11-30 | N/A | 9.8 CRITICAL |
| In the module "Cross Selling in Modal Cart" (motivationsale) < 3.5.0 from MyPrestaModules for PrestaShop, a guest can perform SQL injection. The method `motivationsaleDataModel::getProductsByIds()` has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection. | |||||
| CVE-2023-2841 | 1 Zorem | 1 Advanced Local Pickup For Woocommerce | 2023-11-30 | N/A | 7.2 HIGH |
| The Advanced Local Pickup for WooCommerce plugin for WordPress is vulnerable to time-based SQL Injection via the id parameter in versions up to, and including, 1.5.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with admin-level privileges to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | |||||
| CVE-2023-5465 | 1 Gopiplus | 1 Popup With Fancybox | 2023-11-28 | N/A | 8.8 HIGH |
| The Popup with fancybox plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 3.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | |||||
| CVE-2023-5466 | 1 Gopiplus | 1 Wp Anything Slider | 2023-11-28 | N/A | 8.8 HIGH |
| The Wp anything slider plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 9.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | |||||
| CVE-2023-5640 | 1 Dguzun | 1 Article Analytics | 2023-11-27 | N/A | 9.8 CRITICAL |
| The Article Analytics WordPress plugin does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection vulnerability. | |||||
| CVE-2023-5652 | 1 Thimpress | 1 Wp Hotel Booking | 2023-11-27 | N/A | 9.8 CRITICAL |
| The WP Hotel Booking WordPress plugin before 2.0.8 does not have authorisation and CSRF checks, as well as does not escape user input before using it in a SQL statement of a function hooked to admin_init, allowing unauthenticated users to perform SQL injections | |||||
| CVE-2023-46700 | 1 Luxsoft | 1 Luxcal Web Calendar | 2023-11-25 | N/A | 9.8 CRITICAL |
| SQL injection vulnerability in LuxCal Web Calendar prior to 5.2.4M (MySQL version) and LuxCal Web Calendar prior to 5.2.4L (SQLite version) allows a remote unauthenticated attacker to execute an arbitrary SQL command by sending a crafted request, and obtain or alter information stored in the database. | |||||
| CVE-2023-48078 | 1 Code-projects | 1 Simple Crud Functionality | 2023-11-25 | N/A | 9.8 CRITICAL |
| SQL Injection vulnerability in add.php in Simple CRUD Functionality v1.0 allows attackers to run arbitrary SQL commands via the 'title' parameter. | |||||