Total
11593 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-40958 | 1 Didotech | 1 Engineering \& Lifecycle Management | 2023-09-19 | N/A | 8.8 HIGH |
| A SQL injection vulnerability in Didotech srl Engineering & Lifecycle Management (aka pdm) v.14.0, v.15.0 and v.16.0 fixed in pdm-14.0.1.0.0, pdm-15.0.1.0.0, and pdm-16.0.1.0.0 allows a remote authenticated attacker to execute arbitrary code via the query parameter in models/base_client.py component. | |||||
| CVE-2023-40957 | 1 Didotech | 1 Engineering \& Lifecycle Management | 2023-09-19 | N/A | 8.8 HIGH |
| A SQL injection vulnerability in Didotech srl Engineering & Lifecycle Management (aka pdm) v.14.0, v.15.0 and v.16.0 fixed in pdm-14.0.1.0.0, pdm-15.0.1.0.0, and pdm-16.0.1.0.0 allows a remote authenticated attacker to execute arbitrary code via the request parameter in models/base_client.py component. | |||||
| CVE-2023-39639 | 1 Leotheme | 1 Leoblog | 2023-09-19 | N/A | 9.8 CRITICAL |
| LeoTheme leoblog up to v3.1.2 was discovered to contain a SQL injection vulnerability via the component LeoBlogBlog::getListBlogs. | |||||
| CVE-2023-42405 | 1 Fit2cloud | 1 Rackshift | 2023-09-19 | N/A | 9.8 CRITICAL |
| SQL injection vulnerability in FIT2CLOUD RackShift v1.7.1 allows attackers to execute arbitrary code via the `sort` parameter to taskService.list(), bareMetalService.list(), and switchService.list(). | |||||
| CVE-2023-39642 | 1 Carts.guru | 1 Cartsguru | 2023-09-19 | N/A | 9.8 CRITICAL |
| Carts Guru cartsguru up to v2.4.2 was discovered to contain a SQL injection vulnerability via the component CartsGuruCatalogModuleFrontController::display(). | |||||
| CVE-2023-4766 | 1 Movus | 1 Movus | 2023-09-19 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Movus allows SQL Injection.This issue affects Movus: before 20230913. | |||||
| CVE-2023-4832 | 1 Acekaholding | 1 Company Management | 2023-09-19 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Aceka Company Management allows SQL Injection.This issue affects Company Management: before 3072 . | |||||
| CVE-2023-42178 | 1 Lenosp | 1 Lenosp | 2023-09-19 | N/A | 6.5 MEDIUM |
| Lenosp 1.0.0-1.2.0 is vulnerable to SQL Injection via the log query module. | |||||
| CVE-2021-45811 | 1 Enhancesoft | 1 Osticket | 2023-09-18 | N/A | 6.5 MEDIUM |
| A SQL injection vulnerability in the "Search" functionality of "tickets.php" page in osTicket 1.15.x allows authenticated attackers to execute arbitrary SQL commands via the "keywords" and "topic_id" URL parameters combination. | |||||
| CVE-2023-4928 | 1 Instantcms | 1 Icms2 | 2023-09-15 | N/A | 7.2 HIGH |
| SQL Injection in GitHub repository instantsoft/icms2 prior to 2.16.1. | |||||
| CVE-2023-35683 | 1 Google | 1 Android | 2023-09-14 | N/A | 5.5 MEDIUM |
| In bindSelection of DatabaseUtils.java, there is a possible way to access files from other applications due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2022-35121 | 1 Xxyopen | 1 Novel-plus | 2023-09-13 | N/A | 9.8 CRITICAL |
| Novel-Plus v3.6.1 was discovered to contain a SQL injection vulnerability via the keyword parameter at /service/impl/BookServiceImpl.java. | |||||
| CVE-2023-4899 | 1 Mintplexlabs | 1 Anything-llm | 2023-09-13 | N/A | 8.8 HIGH |
| SQL Injection in GitHub repository mintplex-labs/anything-llm prior to 0.0.1. | |||||
| CVE-2023-40944 | 1 Schoolmate Project | 1 Schoolmate | 2023-09-13 | N/A | 9.8 CRITICAL |
| Schoolmate 1.3 is vulnerable to SQL Injection in the variable $schoolname from Database at ~\header.php. | |||||
| CVE-2023-40945 | 1 Doctor Appointment System Project | 1 Doctor Appointment System | 2023-09-13 | N/A | 9.8 CRITICAL |
| Sourcecodester Doctor Appointment System 1.0 is vulnerable to SQL Injection in the variable $userid at doctors\myDetails.php. | |||||
| CVE-2023-40946 | 1 Schoolmate Project | 1 Schoolmate | 2023-09-13 | N/A | 9.8 CRITICAL |
| Schoolmate 1.3 is vulnerable to SQL Injection in the variable $username from SESSION in ValidateLogin.php. | |||||
| CVE-2023-42268 | 1 Jeecg | 1 Jeecg Boot | 2023-09-12 | N/A | 9.8 CRITICAL |
| Jeecg boot up to v3.5.3 was discovered to contain a SQL injection vulnerability via the component /jeecg-boot/jmreport/show. | |||||
| CVE-2023-39423 | 1 Resortdata | 1 Internet Reservation Module Next Generation | 2023-09-12 | N/A | 9.1 CRITICAL |
| The RDPData.dll file exposes the /irmdata/api/common endpoint that handles session IDs, among other features. By using a UNION SQL operator, an attacker can leak the sessions table, obtain the currently valid sessions and impersonate a currently logged-in user. | |||||
| CVE-2023-41640 | 1 Grupposcai | 1 Realgimm | 2023-09-11 | N/A | 8.8 HIGH |
| An improper error handling vulnerability in the component ErroreNonGestito.aspx of GruppoSCAI RealGimm 1.1.37p38 allows attackers to obtain sensitive technical information via a crafted SQL query. | |||||
| CVE-2023-35072 | 1 Coyavtravel | 1 Proagent | 2023-09-11 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Coyav Travel Proagent allows SQL Injection.This issue affects Proagent: before 20230904 . | |||||