Total
11593 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-26582 | 1 Idattend | 1 Idweb | 2023-10-28 | N/A | 9.1 CRITICAL |
| Unauthenticated SQL injection in the GetExcursionDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. | |||||
| CVE-2023-26581 | 1 Idattend | 1 Idweb | 2023-10-28 | N/A | 9.1 CRITICAL |
| Unauthenticated SQL injection in the GetVisitors method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. | |||||
| CVE-2023-26569 | 1 Idattend | 1 Idweb | 2023-10-28 | N/A | 9.1 CRITICAL |
| Unauthenticated SQL injection in the StudentPopupDetails_Timetable method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. | |||||
| CVE-2023-26568 | 1 Idattend | 1 Idweb | 2023-10-28 | N/A | 9.1 CRITICAL |
| Unauthenticated SQL injection in the GetStudentGroupStudents method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. | |||||
| CVE-2023-27260 | 1 Idattend | 1 Idweb | 2023-10-28 | N/A | 9.1 CRITICAL |
| Unauthenticated SQL injection in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. | |||||
| CVE-2022-43452 | 1 Deltaww | 1 Diaenergie | 2023-10-27 | N/A | 8.8 HIGH |
| SQL Injection in FtyInfoSetting.aspx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network | |||||
| CVE-2023-45826 | 1 Leantime | 1 Leantime | 2023-10-27 | N/A | 6.5 MEDIUM |
| Leantime is an open source project management system. A 'userId' variable in `app/domain/files/repositories/class.files.php` is not parameterized. An authenticated attacker can send a carefully crafted POST request to `/api/jsonrpc` to exploit an SQL injection vulnerability. Confidentiality is impacted as it allows for dumping information from the database. This issue has been addressed in version 2.4-beta-4. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-43192 | 1 Jrecms | 1 Springbootcms | 2023-10-26 | N/A | 8.8 HIGH |
| SQL injection can exist in a newly created part of the SpringbootCMS 1.0 background, and the parameters submitted by users are not filtered. As a result, special characters in parameters destroy the original logic of SQL statements. Attackers can use this vulnerability to execute any SQL statement. | |||||
| CVE-2023-29842 | 1 Churchcrm | 1 Churchcrm | 2023-10-26 | N/A | 8.8 HIGH |
| ChurchCRM 4.5.4 endpoint /EditEventTypes.php is vulnerable to Blind SQL Injection (Time-based) via the EN_tyid POST parameter. | |||||
| CVE-2023-40254 | 1 Genians | 2 Genian Nac, Genian Ztna | 2023-10-26 | N/A | 9.8 CRITICAL |
| Download of Code Without Integrity Check vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Malicious Software Update.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15. | |||||
| CVE-2023-45381 | 1 Webshopworks | 1 Creativepopup | 2023-10-25 | N/A | 9.8 CRITICAL |
| In the module "Creative Popup" (creativepopup) up to version 1.6.9 from WebshopWorks for PrestaShop, a guest can perform SQL injection via `cp_download_popup().` | |||||
| CVE-2023-43986 | 1 Dmconcept | 1 Configurator | 2023-10-25 | N/A | 9.8 CRITICAL |
| DM Concept configurator before v4.9.4 was discovered to contain a SQL injection vulnerability via the component ConfiguratorAttachment::getAttachmentByToken. | |||||
| CVE-2022-3059 | 1 Schoolbox | 1 Schoolbox | 2023-10-25 | N/A | 7.5 HIGH |
| The application was vulnerable to multiple instances of SQL injection (authenticated and unauthenticated) through a vulnerable parameter. Due to the stacked query support, complex SQL commands could be crafted and injected into the vulnerable parameter and using a sleep based inferential SQL injection it was possible to extract data from the database. | |||||
| CVE-2022-39180 | 1 College Management System Project | 1 College Management System | 2023-10-25 | N/A | 9.8 CRITICAL |
| College Management System v1.0 - SQL Injection (SQLi). By inserting SQL commands to the username and password fields in the login.php page | |||||
| CVE-2022-39179 | 1 College Management System Project | 1 College Management System | 2023-10-25 | N/A | 7.2 HIGH |
| College Management System v1.0 - Authenticated remote code execution. An admin user (the authentication can be bypassed using SQL Injection that mentioned in my other report) can upload .php file that contains malicious code via student.php file. | |||||
| CVE-2022-36787 | 1 Webvendome Project | 1 Webvendome | 2023-10-25 | N/A | 9.8 CRITICAL |
| webvendome - webvendome SQL Injection. SQL Injection in the Parameter " DocNumber" Request : Get Request : /webvendome/showfiles.aspx?jobnumber=nullDoc Number=HERE. | |||||
| CVE-2023-45379 | 1 Posthemes | 1 Posrotatorimg | 2023-10-25 | N/A | 9.8 CRITICAL |
| In the module "Rotator Img" (posrotatorimg) in versions at least up to 1.1 from PosThemes for PrestaShop, a guest can perform SQL injection. | |||||
| CVE-2023-2681 | 1 Jorani | 1 Jorani | 2023-10-25 | N/A | 8.8 HIGH |
| An SQL Injection vulnerability has been found on Jorani version 1.0.0. This vulnerability allows an authenticated remote user, with low privileges, to send queries with malicious SQL code on the "/leaves/validate" path and the “id” parameter, managing to extract arbritary information from the database. | |||||
| CVE-2022-34132 | 1 Jorani | 1 Jorani | 2023-10-25 | 7.5 HIGH | 9.8 CRITICAL |
| Benjamin BALET Jorani v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at application/controllers/Leaves.php. | |||||
| CVE-2023-46005 | 1 Mayurik | 1 Best Courier Management System | 2023-10-25 | N/A | 9.8 CRITICAL |
| Sourcecodester Best Courier Management System 1.0 is vulnerable to SQL Injection via the parameter id in /edit_branch.php. | |||||