Total
11593 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-44044 | 1 Superstorefinder | 1 Super Store Finder | 2023-09-28 | N/A | 7.2 HIGH |
| Super Store Finder v3.6 and below was discovered to contain a SQL injection vulnerability via the Search parameter at /admin/stores.php. | |||||
| CVE-2021-42369 | 1 Zucchetti | 1 Imagicle Uc Suite | 2023-09-28 | 6.5 MEDIUM | 8.8 HIGH |
| Imagicle Application Suite (for Cisco UC) before 2021.Summer.2 allows SQL injection. A low-privileged user could inject a SQL statement through the "Export to CSV" feature of the Contact Manager web GUI. | |||||
| CVE-2023-43610 | 1 Collne | 1 Welcart E-commerce | 2023-09-27 | N/A | 8.8 HIGH |
| SQL injection vulnerability in Order Data Edit page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with editor (without setting authority) or higher privilege to perform unintended database operations. | |||||
| CVE-2023-43493 | 1 Collne | 1 Welcart E-commerce | 2023-09-27 | N/A | 4.9 MEDIUM |
| SQL injection vulnerability in Item List page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with author or higher privilege to obtain sensitive information. | |||||
| CVE-2023-40046 | 1 Progress | 1 Ws Ftp Server | 2023-09-27 | N/A | 7.2 HIGH |
| In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a SQL injection vulnerability exists in the WS_FTP Server manager interface. An attacker may be able to infer information about the structure and contents of the database and execute SQL statements that alter or delete database elements. | |||||
| CVE-2023-39378 | 1 Siberiancms | 1 Siberiancms | 2023-09-27 | N/A | 8.8 HIGH |
| SiberianCMS - CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') by an unauthenticated user | |||||
| CVE-2023-39640 | 1 Uplight | 1 Cookie Law | 2023-09-26 | N/A | 9.8 CRITICAL |
| UpLight cookiebanner before 1.5.1 was discovered to contain a SQL injection vulnerability via the component Hook::getHookModuleExecList(). | |||||
| CVE-2023-43132 | 1 Szvone | 1 Vmqphp | 2023-09-26 | N/A | 6.5 MEDIUM |
| szvone vmqphp <=1.13 is vulnerable to SQL Injection. Unauthorized remote users can use sql injection attacks to obtain the hash of the administrator password. | |||||
| CVE-2023-43640 | 1 Speciesfilegroup | 1 Taxonworks | 2023-09-25 | N/A | 6.5 MEDIUM |
| TaxonWorks is a web-based workbench designed for taxonomists and biodiversity scientists. Prior to version 0.34.0, a SQL injection vulnerability was found in TaxonWorks that allows authenticated attackers to extract arbitrary data from the TaxonWorks database (including the users table). This issue may lead to information disclosure. Version 0.34.0 contains a fix for the issue. | |||||
| CVE-2023-33592 | 1 Oretnom23 | 1 Lost And Found Information System | 2023-09-25 | N/A | 9.8 CRITICAL |
| Lost and Found Information System v1.0 was discovered to contain a SQL injection vulnerability via the component /php-lfis/admin/?page=system_info/contact_information. | |||||
| CVE-2021-37782 | 1 Phpgurukul | 1 Employee Record Management System | 2023-09-25 | N/A | 9.8 CRITICAL |
| Employee Record Management System v 1.2 is vulnerable to SQL Injection via editempprofile.php. | |||||
| CVE-2021-44966 | 1 Phpgurukul | 1 Employee Record Management System | 2023-09-25 | 10.0 HIGH | 9.8 CRITICAL |
| SQL injection bypass authentication vulnerability in PHPGURUKUL Employee Record Management System 1.2 via index.php. An attacker can log in as an admin account of this system and can destroy, change or manipulate all sensitive information on the system. | |||||
| CVE-2020-35427 | 1 Phpgurukul | 1 Employee Record Management System | 2023-09-25 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in PHPGurukul Employee Record Management System 1.1 allows remote attackers to execute arbitrary SQL commands and bypass authentication. | |||||
| CVE-2021-43451 | 1 Phpgurukul | 1 Employee Record Management System | 2023-09-25 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection vulnerability exists in PHPGURUKUL Employee Record Management System 1.2 via the Email POST parameter in /forgetpassword.php. | |||||
| CVE-2023-43144 | 1 Projectworlds | 1 Asset Management System Project In Php | 2023-09-25 | N/A | 9.8 CRITICAL |
| Projectworldsl Assets-management-system-in-php 1.0 is vulnerable to SQL Injection via the "id" parameter in delete.php. | |||||
| CVE-2023-31719 | 1 Frangoteam | 1 Fuxa | 2023-09-25 | N/A | 9.8 CRITICAL |
| FUXA <= 1.1.12 is vulnerable to SQL Injection via /api/signin. | |||||
| CVE-2023-31717 | 1 Frangoteam | 1 Fuxa | 2023-09-25 | N/A | 7.5 HIGH |
| A SQL Injection attack in FUXA <= 1.1.12 allows exfiltration of confidential information from the database. | |||||
| CVE-2023-42807 | 1 Frappe | 1 Frappe Lms | 2023-09-25 | N/A | 9.8 CRITICAL |
| Frappe LMS is an open source learning management system. In versions 1.0.0 and prior, on the People Page of LMS, there was an SQL Injection vulnerability. The issue has been fixed in the `main` branch. Users won't face this issue if they are using the latest main branch of the app. | |||||
| CVE-2023-43468 | 1 Online Job Portal Project | 1 Online Job Portal | 2023-09-25 | N/A | 9.8 CRITICAL |
| SQL injection vulnerability in janobe Online Job Portal v.2020 allows a remote attacker to execute arbitrary code via the login.php component. | |||||
| CVE-2023-43469 | 1 Online Job Portal Project | 1 Online Job Portal | 2023-09-25 | N/A | 9.8 CRITICAL |
| SQL injection vulnerability in janobe Online Job Portal v.2020 allows a remote attacker to execute arbitrary code via the ForPass.php component. | |||||