Total
11593 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-38870 | 1 Economizzer | 1 Economizzer | 2023-10-03 | N/A | 9.8 CRITICAL |
| A SQL injection vulnerability exists in gugoan Economizzer commit 3730880 (April 2023) and v.0.9-beta1. The cash book has a feature to list accomplishments by category, and the 'category_id' parameter is vulnerable to SQL Injection. | |||||
| CVE-2023-43909 | 1 Hospital Management System Project | 1 Hospital Management System | 2023-10-02 | N/A | 9.1 CRITICAL |
| Hospital Management System thru commit 4770d was discovered to contain a SQL injection vulnerability via the app_contact parameter in appsearch.php. | |||||
| CVE-2023-4737 | 1 Hedeftakip | 1 Admin Portal | 2023-10-02 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Hedef Tracking Admin Panel allows SQL Injection.This issue affects Admin Panel: before 1.2. | |||||
| CVE-2023-5004 | 1 Projectworlds | 1 Hospital Management System In Php | 2023-10-02 | N/A | 9.8 CRITICAL |
| Hospital management system version 378c157 allows to bypass authentication. This is possible because the application is vulnerable to SQLI. | |||||
| CVE-2023-29095 | 1 Carrcommunications | 1 Rsvpmaker | 2023-09-30 | N/A | 7.2 HIGH |
| Auth. (admin+) SQL Injection (SQLi) vulnerability in David F. Carr RSVPMaker plugin < 10.5.5 versions. | |||||
| CVE-2018-21004 | 1 Carrcommunications | 1 Rsvpmaker | 2023-09-30 | 7.5 HIGH | 9.8 CRITICAL |
| The rsvpmaker plugin before 5.6.4 for WordPress has SQL injection. | |||||
| CVE-2019-15646 | 1 Carrcommunications | 1 Rsvpmaker | 2023-09-30 | 7.5 HIGH | 9.8 CRITICAL |
| The rsvpmaker plugin before 6.2 for WordPress has SQL injection. | |||||
| CVE-2023-44166 | 1 Projectworlds | 1 Online Movie Ticket Booking System | 2023-09-30 | N/A | 9.8 CRITICAL |
| The 'age' parameter of the process_registration.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2023-44164 | 1 Projectworlds | 1 Online Movie Ticket Booking System | 2023-09-30 | N/A | 9.8 CRITICAL |
| The 'Email' parameter of the process_login.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2023-44163 | 1 Projectworlds | 1 Online Movie Ticket Booking System | 2023-09-30 | N/A | 9.8 CRITICAL |
| The 'search' parameter of the process_search.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2023-43739 | 1 Online Book Store Project Project | 1 Online Book Store Project | 2023-09-30 | N/A | 9.8 CRITICAL |
| The 'bookisbn' parameter of the cart.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2023-43013 | 1 Projectworlds | 1 Asset Management System | 2023-09-29 | N/A | 9.8 CRITICAL |
| Asset Management System v1.0 is vulnerable to an unauthenticated SQL Injection vulnerability on the 'email' parameter of index.php page, allowing an external attacker to dump all the contents of the database contents and bypass the login control. | |||||
| CVE-2023-43014 | 1 Projectworlds | 1 Asset Management System | 2023-09-29 | N/A | 8.8 HIGH |
| Asset Management System v1.0 is vulnerable to an Authenticated SQL Injection vulnerability on the 'first_name' and 'last_name' parameters of user.php page, allowing an authenticated attacker to dump all the contents of the database contents. | |||||
| CVE-2023-41320 | 1 Glpi-project | 1 Glpi | 2023-09-29 | N/A | 9.8 CRITICAL |
| GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. UI layout preferences management can be hijacked to lead to SQL injection. This injection can be use to takeover an administrator account. Users are advised to upgrade to version 10.0.10. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-30415 | 1 Oretnom23 | 1 Packers And Movers Management System | 2023-09-29 | N/A | 9.8 CRITICAL |
| Sourcecodester Packers and Movers Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /inquiries/view_inquiry.php. | |||||
| CVE-2023-44047 | 1 Toll Tax Management System Project | 1 Toll Tax Management System | 2023-09-29 | N/A | 7.2 HIGH |
| Sourcecodester Toll Tax Management System v1 is vulnerable to SQL Injection. | |||||
| CVE-2023-43381 | 1 Tianchoy | 1 Blog | 2023-09-29 | N/A | 7.5 HIGH |
| SQL Injection vulnerability in Tianchoy Blog v.1.8.8 allows a remote attacker to obtain sensitive information via the id parameter in the login.php | |||||
| CVE-2023-42461 | 1 Glpi-project | 1 Glpi | 2023-09-29 | N/A | 9.8 CRITICAL |
| GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. The ITIL actors input field from the Ticket form can be used to perform a SQL injection. Users are advised to upgrade to version 10.0.10. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-35071 | 1 Mrv | 1 Logging Administration Panel | 2023-09-28 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in MRV Tech Logging Administration Panel allows SQL Injection.This issue affects Logging Administration Panel: before 20230915 . | |||||
| CVE-2021-42169 | 1 Simple Payroll System With Dynamic Tax Bracket Project | 1 Simple Payroll System With Dynamic Tax Bracket | 2023-09-28 | 7.5 HIGH | 9.8 CRITICAL |
| The Simple Payroll System with Dynamic Tax Bracket in PHP using SQLite Free Source Code (by: oretnom23 ) is vulnerable from remote SQL-Injection-Bypass-Authentication for the admin account. The parameter (username) from the login form is not protected correctly and there is no security and escaping from malicious payloads. | |||||