Total
11593 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-44267 | 1 Projectworlds | 1 Online Art Gallery | 2023-11-03 | N/A | 9.8 CRITICAL |
| Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'lnm' parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2023-46584 | 1 Phpgurukul | 1 Nipah Virus Testing Management System | 2023-11-03 | N/A | 9.8 CRITICAL |
| SQL Injection vulnerability in PHPGurukul Nipah virus (NiV) " Testing Management System v.1.0 allows a remote attacker to escalate privileges via a crafted request to the new-user-testing.php endpoint. | |||||
| CVE-2020-29297 | 1 Online Food Ordering System Project | 1 Online Food Ordering System | 2023-11-02 | N/A | 9.8 CRITICAL |
| Multiple SQL Injection vulnerabilities in tourist5 Online-food-ordering-system 1.0. | |||||
| CVE-2022-30011 | 1 Hospital Management System Project | 1 Hospital Management System | 2023-11-02 | 7.5 HIGH | 9.8 CRITICAL |
| In HMS 1.0 when requesting appointment.php through POST, multiple parameters can lead to a SQL injection vulnerability. | |||||
| CVE-2023-46347 | 1 Ndkdesign | 1 Ndk Steppingpack | 2023-11-01 | N/A | 9.8 CRITICAL |
| In the module "Step by Step products Pack" (ndk_steppingpack) version 1.5.6 and before from NDK Design for PrestaShop, a guest can perform SQL injection. The method `NdkSpack::getPacks()` has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection. | |||||
| CVE-2023-46358 | 1 Snegurka | 1 Referralbyphone | 2023-11-01 | N/A | 9.8 CRITICAL |
| In the module "Referral and Affiliation Program" (referralbyphone) version 3.5.1 and before from Snegurka for PrestaShop, a guest can perform SQL injection. Method `ReferralByPhoneDefaultModuleFrontController::ajaxProcessCartRuleValidate` has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection. | |||||
| CVE-2023-43507 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2023-11-01 | N/A | 8.8 HIGH |
| A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An attacker could exploit this vulnerability to obtain and modify sensitive information in the underlying database potentially leading to complete compromise of the ClearPass Policy Manager cluster. | |||||
| CVE-2023-45376 | 1 Hipresta | 1 Carousels Pack | 2023-10-31 | N/A | 9.8 CRITICAL |
| In the module "Carousels Pack - Instagram, Products, Brands, Supplier" (hicarouselspack) for PrestaShop up to version 1.5.0 from HiPresta for PrestaShop, a guest can perform SQL injection via HiCpProductGetter::getViewedProduct().` | |||||
| CVE-2022-41775 | 1 Deltaww | 1 Diaenergie | 2023-10-30 | N/A | 8.8 HIGH |
| SQL Injection in Handler_CFG.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network | |||||
| CVE-2022-43447 | 1 Deltaww | 1 Diaenergie | 2023-10-30 | N/A | 8.8 HIGH |
| SQL Injection in AM_EBillAnalysis.aspx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network | |||||
| CVE-2022-43506 | 1 Deltaww | 1 Diaenergie | 2023-10-30 | N/A | 8.8 HIGH |
| SQL Injection in HandlerTag_KID.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network | |||||
| CVE-2023-46435 | 1 Oretnom23 | 1 Packers And Movers Management System | 2023-10-30 | N/A | 9.8 CRITICAL |
| Sourcecodester Packers and Movers Management System v1.0 is vulnerable to SQL Injection via mpms/?p=services/view_service&id. | |||||
| CVE-2023-37824 | 1 Sitolog | 1 Sitolog Application Connect | 2023-10-28 | N/A | 9.8 CRITICAL |
| Sitolog sitologapplicationconnect v7.8.a and before was discovered to contain a SQL injection vulnerability via the component /activate_hook.php. | |||||
| CVE-2023-38190 | 1 Superwebmailer | 1 Superwebmailer | 2023-10-28 | N/A | 8.8 HIGH |
| An issue was discovered in SuperWebMailer 9.00.0.01710. It allows Export SQL Injection via the size parameter. | |||||
| CVE-2023-27262 | 1 Idattend | 1 Idweb | 2023-10-28 | N/A | 9.1 CRITICAL |
| Unauthenticated SQL injection in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. | |||||
| CVE-2023-27255 | 1 Idattend | 1 Idweb | 2023-10-28 | N/A | 9.1 CRITICAL |
| Unauthenticated SQL injection in the DeleteRoomChanges method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. | |||||
| CVE-2023-26572 | 1 Idattend | 1 Idweb | 2023-10-28 | N/A | 9.1 CRITICAL |
| Unauthenticated SQL injection in the GetExcursionList method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. | |||||
| CVE-2023-27254 | 1 Idattend | 1 Idweb | 2023-10-28 | N/A | 9.1 CRITICAL |
| Unauthenticated SQL injection in the GetRoomChanges method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. | |||||
| CVE-2023-26584 | 1 Idattend | 1 Idweb | 2023-10-28 | N/A | 9.1 CRITICAL |
| Unauthenticated SQL injection in the GetStudentInconsistencies method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. | |||||
| CVE-2023-26583 | 1 Idattend | 1 Idweb | 2023-10-28 | N/A | 9.1 CRITICAL |
| Unauthenticated SQL injection in the GetCurrentPeriod method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. | |||||