Total
11593 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-43470 | 1 Janobe | 1 Online Voting System | 2023-09-25 | N/A | 9.8 CRITICAL |
| SQL injection vulnerability in janobe Online Voting System v.1.0 allows a remote attacker to execute arbitrary code via the checklogin.php component. | |||||
| CVE-2023-40989 | 1 Jeecg | 1 Jeecg Boot | 2023-09-25 | N/A | 9.8 CRITICAL |
| SQL injection vulnerbility in jeecgboot jeecg-boot v 3.0, 3.5.3 that allows a remote attacker to execute arbitrary code via a crafted request to the report/jeecgboot/jmreport/queryFieldBySql component. | |||||
| CVE-2023-34577 | 1 Planned Popup Project | 1 Planned Popup | 2023-09-23 | N/A | 9.8 CRITICAL |
| SQL injection vulnerability in Prestashop opartplannedpopup 1.4.11 and earlier allows remote attackers to run arbitrary SQL commands via OpartPlannedPopupModuleFrontController::prepareHook() method. | |||||
| CVE-2023-34576 | 1 Opartfaq Project | 1 Opartfaq | 2023-09-23 | N/A | 9.8 CRITICAL |
| SQL injection vulnerability in updatepos.php in PrestaShop opartfaq through 1.0.3 allows remote attackers to run arbitrary SQL commands via unspedified vector. | |||||
| CVE-2023-34575 | 1 Op\'art Save Cart Project | 1 Op\'art Save Cart | 2023-09-22 | N/A | 9.8 CRITICAL |
| SQL injection vulnerability in PrestaShop opartsavecart through 2.0.7 allows remote attackers to run arbitrary SQL commands via OpartSaveCartDefaultModuleFrontController::initContent() and OpartSaveCartDefaultModuleFrontController::displayAjaxSendCartByEmail() methods. | |||||
| CVE-2023-39675 | 1 Simpleimportproduct Project | 1 Simpleimportproduct | 2023-09-22 | N/A | 9.8 CRITICAL |
| SimpleImportProduct Prestashop Module v6.2.9 was discovered to contain a SQL injection vulnerability via the key parameter at send.php. | |||||
| CVE-2023-40043 | 1 Progress | 1 Moveit Transfer | 2023-09-22 | N/A | 7.2 HIGH |
| In Progress MOVEit Transfer versions released before 2021.1.8 (13.1.8), 2022.0.8 (14.0.8), 2022.1.9 (14.1.9), 2023.0.6 (15.0.6), a SQL injection vulnerability has been identified in the MOVEit Transfer web interface that could allow a MOVEit system administrator account to gain unauthorized access to the MOVEit Transfer database. A MOVEit system administrator could submit a crafted payload to the MOVEit Transfer web interface which could result in modification and disclosure of MOVEit database content. | |||||
| CVE-2023-42660 | 1 Progress | 1 Moveit Transfer | 2023-09-22 | N/A | 8.8 HIGH |
| In Progress MOVEit Transfer versions released before 2021.1.8 (13.1.8), 2022.0.8 (14.0.8), 2022.1.9 (14.1.9), 2023.0.6 (15.0.6), a SQL injection vulnerability has been identified in the MOVEit Transfer machine interface that could allow an authenticated attacker to gain unauthorized access to the MOVEit Transfer database. An attacker could submit a crafted payload to the MOVEit Transfer machine interface which could result in modification and disclosure of MOVEit database content. | |||||
| CVE-2023-41387 | 2 Apple, Patreon | 2 Iphone Os, Flutter Downloader | 2023-09-22 | N/A | 9.1 CRITICAL |
| A SQL injection in the flutter_downloader component through 1.11.1 for iOS allows remote attackers to steal session tokens and overwrite arbitrary files inside the app's container. The internal database of the framework is exposed to the local user if an app uses UIFileSharingEnabled and LSSupportsOpeningDocumentsInPlace properties. As a result, local users can obtain the same attack primitives as remote attackers by tampering with the internal database of the framework on the device. | |||||
| CVE-2023-4292 | 1 Frauscher | 1 Frauscher Diagnostic System 101 | 2023-09-22 | N/A | 5.3 MEDIUM |
| Frauscher Sensortechnik GmbH FDS101 for FAdC/FAdCi v1.4.24 and all previous versions are vulnerable to a SQL injection vulnerability via manipulated parameters of the web interface without authentication. The database contains limited, non-critical log information. | |||||
| CVE-2023-43274 | 1 Phpjabbers | 1 Php Shopping Cart | 2023-09-22 | N/A | 7.5 HIGH |
| Phpjabbers PHP Shopping Cart 4.2 is vulnerable to SQL Injection via the id parameter. | |||||
| CVE-2023-40934 | 1 Nagios | 1 Nagios Xi | 2023-09-22 | N/A | 7.2 HIGH |
| A SQL injection vulnerability in Nagios XI 5.11.1 and below allows authenticated attackers with privileges to manage host escalations in the Core Configuration Manager to execute arbitrary SQL commands via the host escalation notification settings. | |||||
| CVE-2023-40931 | 1 Nagios | 1 Nagios Xi | 2023-09-22 | N/A | 6.5 MEDIUM |
| A SQL injection vulnerability in Nagios XI from version 5.11.0 up to and including 5.11.1 allows authenticated attackers to execute arbitrary SQL commands via the ID parameter in the POST request to /nagiosxi/admin/banner_message-ajaxhelper.php | |||||
| CVE-2023-40933 | 1 Nagios | 1 Nagios Xi | 2023-09-22 | N/A | 8.8 HIGH |
| A SQL injection vulnerability in Nagios XI v5.11.1 and below allows authenticated attackers with announcement banner configuration privileges to execute arbitrary SQL commands via the ID parameter sent to the update_banner_message() function. | |||||
| CVE-2023-43374 | 1 Digitaldruid | 1 Hoteldruid | 2023-09-21 | N/A | 9.8 CRITICAL |
| Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the id_utente_log parameter at /hoteldruid/personalizza.php. | |||||
| CVE-2023-43373 | 1 Digitaldruid | 1 Hoteldruid | 2023-09-21 | N/A | 9.8 CRITICAL |
| Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the n_utente_agg parameter at /hoteldruid/interconnessioni.php. | |||||
| CVE-2023-43375 | 1 Digitaldruid | 1 Hoteldruid | 2023-09-21 | N/A | 9.8 CRITICAL |
| Hoteldruid v3.0.5 was discovered to contain multiple SQL injection vulnerabilities at /hoteldruid/clienti.php via the annonascita, annoscaddoc, giornonascita, giornoscaddoc, lingua_cli, mesenascita, and mesescaddoc parameters. | |||||
| CVE-2023-43377 | 1 Digitaldruid | 1 Hoteldruid | 2023-09-21 | N/A | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in /hoteldruid/visualizza_contratto.php of Hoteldruid v3.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the destinatario_email1 parameter. | |||||
| CVE-2023-43371 | 1 Digitaldruid | 1 Hoteldruid | 2023-09-21 | N/A | 9.8 CRITICAL |
| Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the numcaselle parameter at /hoteldruid/creaprezzi.php. | |||||
| CVE-2023-4092 | 1 Fujitsu | 1 Arconte Aurea | 2023-09-21 | N/A | 9.8 CRITICAL |
| SQL injection vulnerability in Arconte Áurea, in its 1.5.0.0 version. The exploitation of this vulnerability could allow an attacker to read sensitive data from the database, modify data (insert/update/delete), perform database administration operations and, in some cases, execute commands on the operating system. | |||||