Total
11593 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-46006 | 1 Mayurik | 1 Best Courier Management System | 2023-10-25 | N/A | 9.8 CRITICAL |
| Sourcecodester Best Courier Management System 1.0 is vulnerable to SQL Injection via the parameter id in /edit_user.php. | |||||
| CVE-2023-46007 | 1 Mayurik | 1 Best Courier Management System | 2023-10-25 | N/A | 9.8 CRITICAL |
| Sourcecodester Best Courier Management System 1.0 is vulnerable to SQL Injection via the parameter id in /edit_staff.php. | |||||
| CVE-2023-43794 | 1 Xgenecloud | 1 Nocodb | 2023-10-24 | N/A | 4.9 MEDIUM |
| Nocodb is an open source Airtable alternative. Affected versions of nocodb contain a SQL injection vulnerability, that allows an authenticated attacker with creator access to query the underlying database. By supplying a specially crafted payload to the given an attacker can inject arbitrary SQL queries to be executed. Since this is a blind SQL injection, an attacker may need to use time-based payloads which would include a function to delay execution for a given number of seconds. The response time indicates, whether the result of the query execution was true or false. Depending on the result, the HTTP response will be returned after a given number of seconds, indicating TRUE, or immediately, indicating FALSE. In that way, an attacker can reveal the data present in the database. This vulnerability has been addressed in version 0.111.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. This issue is also tracked as `GHSL-2023-141`. | |||||
| CVE-2023-45951 | 1 Lylme | 1 Lylme Spage | 2023-10-24 | N/A | 9.8 CRITICAL |
| lylme_spage v1.7.0 was discovered to contain a SQL injection vulnerability via the $userip parameter at function.php. | |||||
| CVE-2023-45386 | 1 Mypresta | 1 Product Extra Tabs Pro | 2023-10-23 | N/A | 9.8 CRITICAL |
| In the module extratabspro before version 2.2.8 from MyPresta.eu for PrestaShop, a guest can perform SQL injection via `extratabspro::searchcategory()`, `extratabspro::searchproduct()` and `extratabspro::searchmanufacturer().' | |||||
| CVE-2023-45375 | 1 01generator | 1 Pireospay | 2023-10-23 | N/A | 8.8 HIGH |
| In the module "PireosPay" (pireospay) before version 1.7.10 from 01generator.com for PrestaShop, a guest can perform SQL injection via `PireosPayValidationModuleFrontController::postProcess().` | |||||
| CVE-2023-5053 | 1 Projectworlds | 1 Hospital Management System In Php | 2023-10-20 | N/A | 9.8 CRITICAL |
| Hospital management system version 378c157 allows to bypass authentication. This is possible because the application is vulnerable to SQLI. | |||||
| CVE-2023-45162 | 1 1e | 1 Platform | 2023-10-20 | N/A | 9.8 CRITICAL |
| Affected 1E Platform versions have a Blind SQL Injection vulnerability that can lead to arbitrary code execution. Application of the relevant hotfix remediates this issue. for v8.1.2 apply hotfix Q23166 for v8.4.1 apply hotfix Q23164 for v9.0.1 apply hotfix Q23169 SaaS implementations on v23.7.1 will automatically have hotfix Q23173 applied. Customers with SaaS versions below this are urged to upgrade urgently - please contact 1E to arrange this | |||||
| CVE-2023-44694 | 1 Dlink | 2 Dar-7000, Dar-7000 Firmware | 2023-10-20 | N/A | 9.8 CRITICAL |
| D-Link Online behavior audit gateway DAR-7000 V31R02B1413C is vulnerable to SQL Injection via /log/mailrecvview.php. | |||||
| CVE-2023-44693 | 1 Dlink | 2 Dar-7000, Dar-7000 Firmware | 2023-10-20 | N/A | 9.8 CRITICAL |
| D-Link Online behavior audit gateway DAR-7000 V31R02B1413C is vulnerable to SQL Injection via /importexport.php. | |||||
| CVE-2023-34210 | 1 Easyuse | 1 Mailhunter Ultimate | 2023-10-20 | N/A | 8.8 HIGH |
| SQL Injection in create customer group function in EasyUse MailHunter Ultimate 2023 and earlier allow remote authenticated users to execute arbitrary SQL commands via the ctl00$ContentPlaceHolder1$txtCustSQL parameter. | |||||
| CVE-2023-40852 | 1 User Registration \& Login And User Management System With Admin Panel Project | 1 User Registration \& Login And User Management System With Admin Panel | 2023-10-20 | N/A | 9.8 CRITICAL |
| SQL Injection vulnerability in Phpgurukul User Registration & Login and User Management System With admin panel 3.0 allows attackers to obtain sensitive information via crafted string in the admin user name field on the admin log in page. | |||||
| CVE-2023-43667 | 1 Apache | 1 Inlong | 2023-10-19 | N/A | 7.5 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.8.0, the attacker can create misleading or false records, making it harder to audit and trace malicious activities. Users are advised to upgrade to Apache InLong's 1.8.0 or cherry-pick [1] to solve it. [1] https://github.com/apache/inlong/pull/8628 | |||||
| CVE-2023-5591 | 1 Librenms | 1 Librenms | 2023-10-19 | N/A | 6.5 MEDIUM |
| SQL Injection in GitHub repository librenms/librenms prior to 23.10.0. | |||||
| CVE-2023-45674 | 1 Farmbot | 1 Farmbot Web App | 2023-10-18 | N/A | 6.5 MEDIUM |
| Farmbot-Web-App is a web control interface for the Farmbot farm automation platform. An SQL injection vulnerability was found in FarmBot's web app that allows authenticated attackers to extract arbitrary data from its database (including the user table). This issue may lead to Information Disclosure. This issue has been patched in version 15.8.4. Users are advised to upgrade. There are no known workarounds for this issue. | |||||
| CVE-2023-34976 | 1 Qnap | 1 Video Station | 2023-10-18 | N/A | 8.8 HIGH |
| A SQL injection vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: Video Station 5.7.0 ( 2023/07/27 ) and later | |||||
| CVE-2023-30154 | 1 Shoprunners | 1 Aftermail | 2023-10-18 | N/A | 9.8 CRITICAL |
| Multiple improper neutralization of SQL parameters in module AfterMail (aftermailpresta) for PrestaShop, before version 2.2.1, allows remote attackers to perform SQL injection attacks via `id_customer`, `id_conf`, `id_product` and `token` parameters in `aftermailajax.php via the 'id_product' parameter in hooks DisplayRightColumnProduct and DisplayProductButtons. | |||||
| CVE-2021-45252 | 1 Oretnom23 | 1 Simple Forum\/discussion System | 2023-10-18 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple SQL injection vulnerabilities are found on Simple Forum-Discussion System 1.0 For example on three applications which are manage_topic.php, manage_user.php, and ajax.php. The attacker can be retrieving all information from the database of this system by using this vulnerability. | |||||
| CVE-2021-44653 | 1 Oretnom23 | 1 Online Magazine Management System | 2023-10-18 | 7.5 HIGH | 9.8 CRITICAL |
| Online Magazine Management System 1.0 contains a SQL injection authentication bypass vulnerability. The Admin panel authentication can be bypassed due to SQL injection vulnerability in the login form allowing attacker to gain access as admin to the application. | |||||
| CVE-2023-24201 | 1 Oretnom23 | 1 Raffle Draw System | 2023-10-18 | N/A | 9.8 CRITICAL |
| Raffle Draw System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at get_ticket.php. | |||||