Total
11593 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-35851 | 1 Sun.net | 1 Wmpro | 2023-09-20 | N/A | 7.5 HIGH |
| SUNNET WMPro portal's FAQ function has insufficient validation for user input. An unauthenticated remote attacker can inject arbitrary SQL commands to obtain sensitive information via a database. | |||||
| CVE-2023-41443 | 1 Xxyopen | 1 Novel-plus | 2023-09-20 | N/A | 7.2 HIGH |
| SQL injection vulnerability in Novel-Plus v.4.1.0 allows a remote attacker to execute arbitrary code via a crafted script to the sort parameter in /sys/menu/list. | |||||
| CVE-2021-26837 | 1 Fortra | 1 Delivernow | 2023-09-20 | N/A | 9.8 CRITICAL |
| SQL Injection vulnerability in SearchTextBox parameter in Fortra (Formerly HelpSystems) DeliverNow before version 1.2.18, allows attackers to execute arbitrary code, escalate privileges, and gain sensitive information. | |||||
| CVE-2023-41887 | 1 Openrefine | 1 Openrefine | 2023-09-20 | N/A | 9.8 CRITICAL |
| OpenRefine is a powerful free, open source tool for working with messy data. Prior to version 3.7.5, a remote code execution vulnerability allows any unauthenticated user to execute code on the server. Version 3.7.5 has a patch for this issue. | |||||
| CVE-2023-41886 | 1 Openrefine | 1 Openrefine | 2023-09-20 | N/A | 7.5 HIGH |
| OpenRefine is a powerful free, open source tool for working with messy data. Prior to version 3.7.5, an arbitrary file read vulnerability allows any unauthenticated user to read a file on a server. Version 3.7.5 fixes this issue. | |||||
| CVE-2023-4830 | 1 Turaconsulting | 1 Signalix | 2023-09-20 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tura Signalix allows SQL Injection.This issue affects Signalix: 7T_0228. | |||||
| CVE-2023-4673 | 1 Sanalogi | 1 Turasistan | 2023-09-20 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Sanalogy Turasistan allows SQL Injection.This issue affects Turasistan: before 20230911 . | |||||
| CVE-2023-4231 | 1 Cevik | 1 Informatics Online Payment System | 2023-09-20 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cevik Informatics Online Payment System allows SQL Injection.This issue affects Online Payment System: before 4.09. | |||||
| CVE-2023-4670 | 1 Innosa Probbys Project | 1 Innosa Probbys | 2023-09-20 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Innosa Probbys allows SQL Injection.This issue affects Probbys: before 2. | |||||
| CVE-2023-39641 | 1 Activedesign | 1 Full Affiliates | 2023-09-20 | N/A | 9.8 CRITICAL |
| Active Design psaffiliate before v1.9.8 was discovered to contain a SQL injection vulnerability via the component PsaffiliateGetaffiliatesdetailsModuleFrontController::initContent(). | |||||
| CVE-2023-4661 | 1 Saphira | 1 Connect | 2023-09-20 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Saphira Saphira Connect allows SQL Injection.This issue affects Saphira Connect: before 9. | |||||
| CVE-2023-4831 | 1 Weather | 1 Ncode Ncep | 2023-09-20 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ncode Ncep allows SQL Injection.This issue affects Ncep: before 20230914 . | |||||
| CVE-2023-4835 | 1 Petroleum Management Software Application Project | 1 Petroleum Management Software Application | 2023-09-20 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CF Software Oil Management Software allows SQL Injection.This issue affects Oil Management Software: before 20230912 . | |||||
| CVE-2023-4833 | 1 Besttem Network Marketing Project | 1 Besttem Network Marketing | 2023-09-20 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Besttem Network Marketing Software allows SQL Injection.This issue affects Network Marketing Software: before 1.0.2309.6. | |||||
| CVE-2023-38891 | 1 Vtiger | 1 Vtiger Crm | 2023-09-20 | N/A | 8.8 HIGH |
| SQL injection vulnerability in Vtiger CRM v.7.5.0 allows a remote authenticated attacker to escalate privileges via the getQueryColumnsList function in ReportRun.php. | |||||
| CVE-2023-39643 | 1 Blmodules | 1 Xmlfeeds Pro | 2023-09-20 | N/A | 9.8 CRITICAL |
| Bl Modules xmlfeeds before v3.9.8 was discovered to contain a SQL injection vulnerability via the component SearchApiXml::Xmlfeeds(). | |||||
| CVE-2023-42359 | 1 Exam Form Submission In Php With Source Code Project | 1 Exam Form Submission In Php With Source Code | 2023-09-19 | N/A | 9.8 CRITICAL |
| SQL injection vulnerability in Exam Form Submission in PHP with Source Code v.1.0 allows a remote attacker to escalate privileges via the val-username parameter in /index.php. | |||||
| CVE-2023-38912 | 1 Superstorefinder | 1 Php Script | 2023-09-19 | N/A | 9.8 CRITICAL |
| SQL injection vulnerability in Super Store Finder PHP Script v.3.6 allows a remote attacker to execute arbitrary code via a crafted payload to the username parameter. | |||||
| CVE-2023-40956 | 1 Cloudroits | 1 Wesite Job Search | 2023-09-19 | N/A | 8.8 HIGH |
| A SQL injection vulnerability in Cloudroits Website Job Search v.15.0 allows a remote authenticated attacker to execute arbitrary code via the name parameter in controllers/main.py component. | |||||
| CVE-2023-40955 | 1 Didotech | 1 Engineering \& Lifecycle Management | 2023-09-19 | N/A | 8.8 HIGH |
| A SQL injection vulnerability in Didotech srl Engineering & Lifecycle Management (aka pdm) v.14.0, v.15.0 and v.16.0 fixed in pdm-14.0.1.0.0, pdm-15.0.1.0.0, and pdm-16.0.1.0.0 allows a remote authenticated attacker to execute arbitrary code via the select parameter in models/base_client.py component. | |||||