Total
11593 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-36276 | 1 Tcman | 1 Gim | 2023-10-06 | N/A | 9.8 CRITICAL |
| TCMAN GIM v8.0.1 is vulnerable to a SQL injection via the 'SqlWhere' parameter inside the function 'BuscarESM'. The exploitation of this vulnerability might allow a remote attacker to directly interact with the database. | |||||
| CVE-2023-23492 | 1 Idehweb | 1 Login With Phone Number | 2023-10-06 | N/A | 8.8 HIGH |
| The Login with Phone Number WordPress Plugin, version < 1.4.2, is affected by an authenticated SQL injection vulnerability in the 'ID' parameter of its 'lwp_forgot_password' action. | |||||
| CVE-2023-4037 | 1 Setelsa-security | 1 Conacwin | 2023-10-05 | N/A | 5.5 MEDIUM |
| Blind SQL injection vulnerability in the Conacwin 3.7.1.2 web interface, the exploitation of which could allow a local attacker to obtain sensitive data stored in the database by sending a specially crafted SQL query to the xml parameter. | |||||
| CVE-2023-3038 | 1 Helpdezk | 1 Helpdezk | 2023-10-05 | N/A | 7.5 HIGH |
| SQL injection vulnerability in HelpDezk Community affecting version 1.1.10. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the rows parameter of the jsonGrid route and extract all the information stored in the application. | |||||
| CVE-2023-39647 | 1 Themevolty | 1 Theme Volty Cms Category Product | 2023-10-05 | N/A | 9.8 CRITICAL |
| Improper neutralization of SQL parameter in Theme Volty CMS Category Product module for PrestaShop. In the module “Theme Volty CMS Category Product” (tvcmscategoryproduct) up to version 4.0.1 from Theme Volty for PrestaShop, a guest can perform SQL injection in affected versions. | |||||
| CVE-2023-39649 | 1 Themevolty | 1 Theme Volty Cms Category Slider | 2023-10-05 | N/A | 9.8 CRITICAL |
| Improper neutralization of SQL parameter in Theme Volty CMS Category Slider module for PrestaShop. In the module “Theme Volty CMS Category Slider” (tvcmscategoryslider) up to version 4.0.1 from Theme Volty for PrestaShop, a guest can perform SQL injection in affected versions. | |||||
| CVE-2023-39646 | 1 Themevolty | 1 Theme Volty Cms Category Chain Slider | 2023-10-05 | N/A | 9.8 CRITICAL |
| Improper neutralization of SQL parameter in Theme Volty CMS Category Chain Slider module for PrestaShop. In the module “Theme Volty CMS Category Chain Slide"(tvcmscategorychainslider) up to version 4.0.1 from Theme Volty for PrestaShop, a guest can perform SQL injection in affected versions. | |||||
| CVE-2023-39648 | 1 Themevolty | 1 Theme Volty Cms Testimonial | 2023-10-05 | N/A | 9.8 CRITICAL |
| Improper neutralization of SQL parameter in Theme Volty CMS Testimonial module for PrestaShop. In the module “Theme Volty CMS Testimonial” (tvcmstestimonial) up to version 4.0.1 from Theme Volty for PrestaShop, a guest can perform SQL injection in affected versions. | |||||
| CVE-2023-39645 | 1 Themevolty | 1 Cms Payment Icon | 2023-10-05 | N/A | 9.8 CRITICAL |
| Improper neutralization of SQL parameter in Theme Volty CMS Payment Icon module for PrestaShop. In the module “Theme Volty CMS Payment Icon” (tvcmspaymenticon) up to version 4.0.1 from Theme Volty for PrestaShop, a guest can perform SQL injection in affected versions. | |||||
| CVE-2023-4098 | 1 Qsige | 1 Qsige | 2023-10-04 | N/A | 8.8 HIGH |
| It has been identified that the web application does not correctly filter input parameters, allowing SQL injections, DoS or information disclosure. As a prerequisite, it is necessary to log into the application. | |||||
| CVE-2023-5350 | 1 Salesagility | 1 Suitecrm | 2023-10-04 | N/A | 9.1 CRITICAL |
| SQL Injection in GitHub repository salesagility/suitecrm prior to 7.14.1. | |||||
| CVE-2022-29006 | 1 Phpgurukul | 1 Directory Management System | 2023-10-04 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Directory Management System v1.0 allows attackers to bypass authentication. | |||||
| CVE-2022-31383 | 1 Phpgurukul | 1 Directory Management System | 2023-10-04 | 7.5 HIGH | 9.8 CRITICAL |
| Directory Management System v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in view-directory.php. | |||||
| CVE-2022-29007 | 1 Phpgurukul | 1 Dairy Farm Shop Management System | 2023-10-04 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Dairy Farm Shop Management System v1.0 allows attackers to bypass authentication. | |||||
| CVE-2023-41594 | 1 Phpgurukul | 1 Dairy Farm Shop Management System | 2023-10-04 | N/A | 7.5 HIGH |
| Dairy Farm Shop Management System Using PHP and MySQL v1.1 was discovered to contain multiple SQL injection vulnerabilities in the Login function via the Username and Password parameters. | |||||
| CVE-2022-31384 | 1 Phpgurukul | 1 Directory Management System | 2023-10-04 | 7.5 HIGH | 9.8 CRITICAL |
| Directory Management System v1.0 was discovered to contain a SQL injection vulnerability via the fullname parameter in add-directory.php. | |||||
| CVE-2022-29009 | 1 Phpgurukul | 1 Cyber Cafe Management System | 2023-10-04 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Cyber Cafe Management System Project v1.0 allows attackers to bypass authentication. | |||||
| CVE-2022-31382 | 1 Phpgurukul | 1 Directory Management System | 2023-10-04 | 7.5 HIGH | 9.8 CRITICAL |
| Directory Management System v1.0 was discovered to contain a SQL injection vulnerability via the searchdata parameter in search-dirctory.php. | |||||
| CVE-2023-43836 | 1 Jizhicms | 1 Jizhicms | 2023-10-04 | N/A | 6.5 MEDIUM |
| There is a SQL injection vulnerability in the Jizhicms 2.4.9 backend, which users can use to obtain database information | |||||
| CVE-2023-34581 | 1 Oretnom23 | 1 Service Provider Management System | 2023-10-03 | N/A | 9.8 CRITICAL |
| Sourcecodester Service Provider Management System v1.0 is vulnerable to SQL Injection via the ID parameter in /php-spms/?page=services/view&id=2 | |||||