Total
11593 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-31171 | 1 Selinc | 1 Sel-5030 Acselerator Quickset | 2023-09-05 | N/A | 6.5 MEDIUM |
| An Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in the Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software could allow an attacker to embed instructions that could be executed by an authorized device operator. See Instruction Manual Appendix A and Appendix E dated 20230615 for more details. This issue affects SEL-5030 acSELerator QuickSet Software: through 7.1.3.0. | |||||
| CVE-2023-41539 | 1 Phpjabbers | 1 Business Directory Script | 2023-09-05 | N/A | 7.5 HIGH |
| phpjabbers Business Directory Script 3.2 is vulnerable to SQL Injection via the column parameter. | |||||
| CVE-2023-31714 | 1 Waqaskanju | 1 Chitor-cms | 2023-09-05 | N/A | 9.8 CRITICAL |
| Chitor-CMS before v1.1.2 was discovered to contain multiple SQL injection vulnerabilities. | |||||
| CVE-2022-2315 | 1 Databank | 1 Accreditation Tracking\/presentation Module | 2023-09-03 | N/A | 9.4 CRITICAL |
| Database Software Accreditation Tracking/Presentation Module product before version 2 has an unauthenticated SQL Injection vulnerability. This is fixed in version 2. | |||||
| CVE-2022-2177 | 1 Kayrasoft | 1 Kayrasoft | 2023-09-03 | N/A | 9.4 CRITICAL |
| Kayrasoft product before version 2 has an unauthenticated SQL Injection vulnerability. This is fixed in version 2. | |||||
| CVE-2022-1277 | 1 Inavitas | 1 Solar Log | 2023-09-03 | N/A | 9.4 CRITICAL |
| Inavitas Solar Log product has an unauthenticated SQL Injection vulnerability. | |||||
| CVE-2022-0495 | 1 Parantezteknoloji | 1 Koha Library Automation | 2023-09-03 | N/A | 9.4 CRITICAL |
| The library automation system product KOHA developed by Parantez Teknoloji before version 19.05.03 has an unauthenticated SQL Injection vulnerability. This has been fixed in the version 19.05.03.01. | |||||
| CVE-2023-39652 | 1 Themevolty | 1 Theme Volty Video Tab | 2023-09-01 | N/A | 9.8 CRITICAL |
| theme volty tvcmsvideotab up to v4.0.0 was discovered to contain a SQL injection vulnerability via the component TvcmsVideoTabConfirmDeleteModuleFrontController::run(). | |||||
| CVE-2023-40787 | 1 Bladex | 1 Springblade | 2023-08-31 | N/A | 9.8 CRITICAL |
| In SpringBlade V3.6.0 when executing SQL query, the parameters submitted by the user are not wrapped in quotation marks, which leads to SQL injection. | |||||
| CVE-2009-2113 | 1 Fretsweb Project | 1 Fretsweb | 2023-08-31 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in FretsWeb 1.2 allow remote attackers to execute arbitrary SQL commands via the (1) name parameter to player.php and the (2) hash parameter to song.php. | |||||
| CVE-2022-4427 | 1 Otrs | 1 Otrs | 2023-08-31 | N/A | 9.8 CRITICAL |
| Improper Input Validation vulnerability in OTRS AG OTRS, OTRS AG ((OTRS)) Community Edition allows SQL Injection via TicketSearch Webservice This issue affects OTRS: from 7.0.1 before 7.0.40 Patch 1, from 8.0.1 before 8.0.28 Patch 1; ((OTRS)) Community Edition: from 6.0.1 through 6.0.34. | |||||
| CVE-2023-39650 | 1 Themevolty | 1 Theme Volty Cms Blog | 2023-08-31 | N/A | 9.8 CRITICAL |
| Theme Volty CMS Blog up to version v4.0.1 was discovered to contain a SQL injection vulnerability via the id parameter at /tvcmsblog/single. | |||||
| CVE-2022-47605 | 1 Kunalnagar | 1 Custom 404 Pro | 2023-08-30 | N/A | 7.2 HIGH |
| Auth. SQL Injection') vulnerability in Kunal Nagar Custom 404 Pro plugin <= 3.7.0 versions. | |||||
| CVE-2023-39560 | 1 Ectouch | 1 Ectouch | 2023-08-29 | N/A | 9.8 CRITICAL |
| ECTouch v2 was discovered to contain a SQL injection vulnerability via the $arr['id'] parameter at \default\helpers\insert.php. | |||||
| CVE-2023-37434 | 1 Arubanetworks | 1 Edgeconnect Sd-wan Orchestrator | 2023-08-29 | N/A | 8.1 HIGH |
| Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database potentially leading to the exposure and corruption of sensitive data controlled by the EdgeConnect SD-WAN Orchestrator host. | |||||
| CVE-2023-37433 | 1 Arubanetworks | 1 Edgeconnect Sd-wan Orchestrator | 2023-08-29 | N/A | 8.1 HIGH |
| Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database potentially leading to the exposure and corruption of sensitive data controlled by the EdgeConnect SD-WAN Orchestrator host. | |||||
| CVE-2023-37432 | 1 Arubanetworks | 1 Edgeconnect Sd-wan Orchestrator | 2023-08-29 | N/A | 8.1 HIGH |
| Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database potentially leading to the exposure and corruption of sensitive data controlled by the EdgeConnect SD-WAN Orchestrator host. | |||||
| CVE-2023-37431 | 1 Arubanetworks | 1 Edgeconnect Sd-wan Orchestrator | 2023-08-29 | N/A | 8.1 HIGH |
| Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database potentially leading to the exposure and corruption of sensitive data controlled by the EdgeConnect SD-WAN Orchestrator host. | |||||
| CVE-2023-37430 | 1 Arubanetworks | 1 Edgeconnect Sd-wan Orchestrator | 2023-08-29 | N/A | 8.1 HIGH |
| Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database potentially leading to the exposure and corruption of sensitive data controlled by the EdgeConnect SD-WAN Orchestrator host. | |||||
| CVE-2023-37429 | 1 Arubanetworks | 1 Edgeconnect Sd-wan Orchestrator | 2023-08-29 | N/A | 8.1 HIGH |
| Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database potentially leading to the exposure and corruption of sensitive data controlled by the EdgeConnect SD-WAN Orchestrator host. | |||||