Total
11593 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-24200 | 1 Oretnom23 | 1 Raffle Draw System | 2023-10-18 | N/A | 9.8 CRITICAL |
| Raffle Draw System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at save_ticket.php. | |||||
| CVE-2023-24199 | 1 Oretnom23 | 1 Raffle Draw System | 2023-10-18 | N/A | 9.8 CRITICAL |
| Raffle Draw System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at delete_ticket.php. | |||||
| CVE-2023-24198 | 1 Oretnom23 | 1 Raffle Draw System | 2023-10-18 | N/A | 9.8 CRITICAL |
| Raffle Draw System v1.0 was discovered to contain multiple SQL injection vulnerabilities at save_winner.php via the ticket_id and draw parameters. | |||||
| CVE-2023-23737 | 1 Managewp | 1 Broken Link Checker | 2023-10-17 | N/A | 9.8 CRITICAL |
| Unauth. SQL Injection (SQLi) vulnerability in MainWP MainWP Broken Links Checker Extension plugin <= 4.0 versions. | |||||
| CVE-2023-44961 | 1 Koha-community | 1 Koha Library Software | 2023-10-16 | N/A | 7.5 HIGH |
| SQL Injection vulnerability in Koha Library Software 23.0.5.04 and before allows a remote attacker to obtain sensitive information via the intranet/cgi bin/cataloging/ysearch.pl. component. | |||||
| CVE-2023-41262 | 1 Plixer | 1 Scrutinizer | 2023-10-16 | N/A | 9.8 CRITICAL |
| An issue was discovered in /fcgi/scrut_fcgi.fcgi in Plixer Scrutinizer before 19.3.1. The csvExportReport endpoint action generateCSV is vulnerable to SQL injection through the sorting parameter, allowing an unauthenticated user to execute arbitrary SQL statements in the context of the application's backend database server. | |||||
| CVE-2023-30058 | 1 Xxyopen | 1 Novel-plus | 2023-10-15 | N/A | 9.8 CRITICAL |
| novel-plus 3.6.2 is vulnerable to SQL Injection. | |||||
| CVE-2023-23651 | 1 Mainwp | 1 Mainwp Google Analytics Extension | 2023-10-14 | N/A | 8.8 HIGH |
| Auth. (subscriber+) SQL Injection (SQLi) vulnerability in MainWP Google Analytics Extension plugin <= 4.0.4 versions. | |||||
| CVE-2023-38250 | 1 Adobe | 2 Commerce, Magento | 2023-10-14 | N/A | 6.6 MEDIUM |
| Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could lead in arbitrary code execution by an admin-privilege authenticated attacker. Exploitation of this issue does not require user interaction and attack complexity is high as it requires knowledge of tooling beyond just using the UI. | |||||
| CVE-2023-38249 | 1 Adobe | 2 Commerce, Magento | 2023-10-14 | N/A | 6.6 MEDIUM |
| Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could lead in arbitrary code execution by an admin-privilege authenticated attacker. Exploitation of this issue does not require user interaction and attack complexity is high as it requires knowledge of tooling beyond just using the UI. | |||||
| CVE-2023-38221 | 1 Adobe | 2 Commerce, Magento | 2023-10-14 | N/A | 6.6 MEDIUM |
| Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could lead in arbitrary code execution by an admin-privilege authenticated attacker. Exploitation of this issue does not require user interaction and attack complexity is high as it requires knowledge of tooling beyond just using the UI. | |||||
| CVE-2023-43899 | 1 Hansuncms Project | 1 Hansuncms | 2023-10-11 | N/A | 9.8 CRITICAL |
| hansun CMS v1.0 was discovered to contain a SQL injection vulnerability via the component /ajax/ajax_login.ashx. | |||||
| CVE-2023-40920 | 1 Prixan | 1 Prixanconnect | 2023-10-11 | N/A | 9.8 CRITICAL |
| Prixan prixanconnect up to v1.62 was discovered to contain a SQL injection vulnerability via the component CartsGuruCatalogModuleFrontController::importProducts(). | |||||
| CVE-2023-4530 | 1 Turnatasarim | 1 Advertising Administration Panel | 2023-10-11 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Turna Advertising Administration Panel allows SQL Injection.This issue affects Advertising Administration Panel: before 1.1. | |||||
| CVE-2023-4103 | 1 Qsige | 1 Qsige | 2023-10-10 | N/A | 8.8 HIGH |
| QSige statistics are affected by a remote SQLi vulnerability. It has been identified that the web application does not correctly filter input parameters, allowing SQL injections, DoS or information disclosure. As a prerequisite, it is necessary to log into the application. | |||||
| CVE-2023-4102 | 1 Qsige | 1 Qsige | 2023-10-10 | N/A | 8.8 HIGH |
| QSige login SSO does not have an access control mechanism to verify whether the user requesting a resource has sufficient permissions to do so. As a prerequisite, it is necessary to log into the application. | |||||
| CVE-2023-39651 | 1 Themevolty | 1 Theme Volty Cms Brandlist | 2023-10-07 | N/A | 9.8 CRITICAL |
| Improper neutralization of SQL parameter in Theme Volty CMS BrandList module for PrestaShop In the module “Theme Volty CMS BrandList” (tvcmsbrandlist) up to version 4.0.1 from Theme Volty for PrestaShop, a guest can perform SQL injection in affected versions. | |||||
| CVE-2023-43983 | 1 Presto-changeo | 1 Attribute Grid | 2023-10-07 | N/A | 9.8 CRITICAL |
| Presto Changeo attributegrid up to 2.0.3 was discovered to contain a SQL injection vulnerability via the component disable_json.php. | |||||
| CVE-2023-44024 | 1 Knowband | 1 One Page Checkout\, Social Login \& Mailchimp | 2023-10-07 | N/A | 9.8 CRITICAL |
| SQL injection vulnerability in KnowBand Module One Page Checkout, Social Login & Mailchimp (supercheckout) v.8.0.3 and before allows a remote attacker to execute arbitrary code via a crafted request to the updateCheckoutBehaviour function in the supercheckout.php component. | |||||
| CVE-2023-43980 | 1 Presto-changeo | 1 Testsitecreator | 2023-10-06 | N/A | 9.8 CRITICAL |
| Presto Changeo testsitecreator up to v1.1.1 was discovered to contain a SQL injection vulnerability via the component disable_json.php. | |||||