Total
11593 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-35068 | 1 Bma | 1 Personnel Tracking System | 2023-09-11 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BMA Personnel Tracking System allows SQL Injection.This issue affects Personnel Tracking System: before 20230904. | |||||
| CVE-2023-35065 | 1 Osoft | 1 Dyeing - Printing - Finishing Production Management | 2023-09-11 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Osoft Paint Production Management allows SQL Injection.This issue affects Paint Production Management: before 2.1. | |||||
| CVE-2023-41328 | 1 Frappe | 1 Frappe | 2023-09-11 | N/A | 7.5 HIGH |
| Frappe is a low code web framework written in Python and Javascript. A SQL Injection vulnerability has been identified in the Frappe Framework which could allow a malicious actor to access sensitive information. This issue has been addressed in versions 13.46.1 and 14.20.0. Users are advised to upgrade. There's no workaround to fix this without upgrading. | |||||
| CVE-2023-34133 | 1 Sonicwall | 2 Analytics, Global Management System | 2023-09-08 | N/A | 7.5 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SonicWall GMS and Analytics allows an unauthenticated attacker to extract sensitive information from the application database. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions. | |||||
| CVE-2023-39654 | 1 Abuquant | 1 Abupy | 2023-09-08 | N/A | 9.8 CRITICAL |
| abupy up to v0.4.0 was discovered to contain a SQL injection vulnerability via the component abupy.MarketBu.ABuSymbol.search_to_symbol_dict. | |||||
| CVE-2023-41507 | 1 Superstorefinder | 1 Super Store Finder | 2023-09-08 | N/A | 9.8 CRITICAL |
| Super Store Finder v3.6 was discovered to contain multiple SQL injection vulnerabilities in the store locator component via the products, distance, lat, and lng parameters. | |||||
| CVE-2023-4531 | 1 Mestav | 1 E-commerce Software | 2023-09-08 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mestav Software E-commerce Software allows SQL Injection.This issue affects E-commerce Software: before 20230901 . | |||||
| CVE-2023-4034 | 1 Digitatek | 1 Smartrise Document Management System | 2023-09-08 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Digita Information Technology Smartrise Document Management System allows SQL Injection.This issue affects Smartrise Document Management System: before Hvl-2.0. | |||||
| CVE-2023-36361 | 1 Web-audimex | 1 Audimexee | 2023-09-08 | N/A | 9.8 CRITICAL |
| Audimexee v14.1.7 was discovered to contain a SQL injection vulnerability via the p_table_name parameter. | |||||
| CVE-2023-3616 | 1 Mava | 1 Hotel Management System | 2023-09-08 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mava Software Hotel Management System allows SQL Injection.This issue affects Hotel Management System: before 2.0. | |||||
| CVE-2023-39980 | 1 Moxa | 1 Mxsecurity | 2023-09-07 | N/A | 8.1 HIGH |
| A vulnerability that allows the unauthorized disclosure of authenticated information has been identified in MXsecurity versions prior to v1.0.1. This vulnerability arises when special elements are not neutralized correctly, allowing remote attackers to alter SQL commands. | |||||
| CVE-2023-36076 | 1 Pocketmanga | 1 Smanga | 2023-09-07 | N/A | 9.8 CRITICAL |
| SQL Injection vulnerability in smanga version 3.1.9 and earlier, allows remote attackers to execute arbitrary code and gain sensitive information via mediaId, mangaId, and userId parameters in php/history/add.php. | |||||
| CVE-2023-40970 | 1 Slims | 1 Senayan Library Management System | 2023-09-07 | N/A | 8.8 HIGH |
| Senayan Library Management Systems SLIMS 9 Bulian v 9.6.1 is vulnerable to SQL Injection via admin/modules/circulation/loan_rules.php. | |||||
| CVE-2023-41364 | 1 Metaways | 1 Tine | 2023-09-07 | N/A | 9.8 CRITICAL |
| In tine through 2023.01.14.325, the sort parameter of the /index.php endpoint allows SQL Injection. | |||||
| CVE-2021-43362 | 1 Meddata | 1 Hbys | 2023-09-07 | 7.5 HIGH | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in MedData HBYS allows SQL Injection.This issue affects HBYS: from unspecified before 1.1. | |||||
| CVE-2021-43361 | 1 Meddata | 1 Hbys | 2023-09-07 | 7.5 HIGH | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in MedData HBYS allows SQL Injection.This issue affects HBYS: from unspecified before 1.1. | |||||
| CVE-2023-1863 | 1 Eskom | 1 El Terminali \(su Okuma\) Uygulamalarimiz | 2023-09-06 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eskom Water Metering Software allows Command Line Execution through SQL Injection.This issue affects Water Metering Software: before 23.04.06. | |||||
| CVE-2023-40771 | 1 Dataease | 1 Dataease | 2023-09-06 | N/A | 7.5 HIGH |
| SQL injection vulnerability in DataEase v.1.18.9 allows a remote attacker to obtain sensitive information via a crafted string outside of the blacklist function. | |||||
| CVE-2023-39582 | 1 Chamilo | 1 Chamilo Lms | 2023-09-06 | N/A | 4.9 MEDIUM |
| SQL Injection vulnerability in Chamilo LMS v.1.11 thru v.1.11.20 allows a remote privileged attacker to obtain sensitive information via the import sessions functions. | |||||
| CVE-2021-3262 | 1 Trispark | 2 Novusedu, Veo Transportation | 2023-09-05 | N/A | 9.8 CRITICAL |
| TripSpark VEO Transportation-2.2.x-XP_BB-20201123-184084 NovusEDU-2.2.x-XP_BB-20201123-184084 allows unsafe data inputs in POST body parameters from end users without sanitizing using server-side logic. It was possible to inject custom SQL commands into the "Student Busing Information" search queries. | |||||