Total
11593 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-31944 | 1 Online Travel Agency System Project | 1 Online Travel Agency System | 2023-08-18 | N/A | 7.2 HIGH |
| SQL injection vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via the emp_id parameter at employee_edit.php. | |||||
| CVE-2023-31945 | 1 Online Travel Agency System Project | 1 Online Travel Agency System | 2023-08-18 | N/A | 7.2 HIGH |
| SQL injection vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via the id parameter at daily_expenditure_edit.php. | |||||
| CVE-2023-39850 | 1 Schoolmate Project | 1 Schoolmate | 2023-08-18 | N/A | 9.8 CRITICAL |
| Schoolmate v1.3 was discovered to contain multiple SQL injection vulnerabilities via the $courseid and $teacherid parameters at DeleteFunctions.php. | |||||
| CVE-2021-29378 | 1 Pearadmin | 1 Pear Admin Think | 2023-08-18 | N/A | 8.8 HIGH |
| SQL Injection in pear-admin-think version 2.1.2, allows attackers to execute arbitrary code and escalate privileges via crafted GET request to Crud.php. | |||||
| CVE-2023-3864 | 2 Microsoft, Snowsoftware | 2 Windows, Snow License Manager | 2023-08-18 | N/A | 7.2 HIGH |
| Blind SQL injection in a service running in Snow Software license manager from version 8.0.0 up to and including 9.30.1 on Windows allows a logged in user with high privileges to inject SQL commands via the web portal. | |||||
| CVE-2023-37847 | 1 Novel-plus | 1 Novel-plus | 2023-08-18 | N/A | 9.8 CRITICAL |
| novel-plus v3.6.2 was discovered to contain a SQL injection vulnerability. | |||||
| CVE-2020-36034 | 1 School Faculty Scheduling System Project | 1 School Faculty Scheduling System | 2023-08-17 | N/A | 9.8 CRITICAL |
| SQL Injection vulnerability in oretnom23 School Faculty Scheduling System version 1.0, allows remote attacker to execute arbitrary code, escalate privilieges, and gain sensitive information via crafted payload to id parameter in manage_user.php. | |||||
| CVE-2020-24950 | 1 Thedaylightstudio | 1 Fuel Cms | 2023-08-16 | N/A | 8.8 HIGH |
| SQL Injection vulnerability in file Base_module_model.php in Daylight Studio FUEL-CMS version 1.4.9, allows remote attackers to execute arbitrary code via the col parameter to function list_items. | |||||
| CVE-2020-36136 | 1 Cskaza | 1 Cszcms | 2023-08-15 | N/A | 7.5 HIGH |
| SQL Injection vulnerability in cskaza cszcms version 1.2.9, allows attackers to gain sensitive information via pm_sendmail parameter in csz_model.php. | |||||
| CVE-2023-39806 | 1 Idreamsoft | 1 Icms | 2023-08-15 | N/A | 9.8 CRITICAL |
| iCMS v7.0.16 was discovered to contain a SQL injection vulnerability via the bakupdata function. | |||||
| CVE-2023-39805 | 1 Idreamsoft | 1 Icms | 2023-08-15 | N/A | 9.8 CRITICAL |
| iCMS v7.0.16 was discovered to contain a SQL injection vulnerability via the where parameter at admincp.php. | |||||
| CVE-2023-37068 | 1 Sherlock | 1 Gym Management System | 2023-08-15 | N/A | 9.8 CRITICAL |
| Code-Projects Gym Management System V1.0 allows remote attackers to execute arbitrary SQL commands via the login form, leading to unauthorized access and potential data manipulation. This vulnerability arises due to insufficient validation of user-supplied input in the username and password fields, enabling SQL Injection attacks. | |||||
| CVE-2023-37069 | 1 Online Hospital Management System Project | 1 Online Hospital Management System | 2023-08-15 | N/A | 9.8 CRITICAL |
| Code-Projects Online Hospital Management System V1.0 is vulnerable to SQL Injection (SQLI) attacks, which allow an attacker to manipulate the SQL queries executed by the application. The application fails to properly validate user-supplied input in the login id and password fields during the login process, enabling an attacker to inject malicious SQL code. | |||||
| CVE-2023-33993 | 1 Sap | 1 Business One | 2023-08-15 | N/A | 7.5 HIGH |
| B1i module of SAP Business One - version 10.0, application allows an authenticated user with deep knowledge to send crafted queries over the network to read or modify the SQL data. On successful exploitation, the attacker can cause high impact on confidentiality, integrity and availability of the application. | |||||
| CVE-2023-3651 | 1 Digital-ant | 1 Digital Ant | 2023-08-15 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Digital Ant E-Commerce Software allows SQL Injection.This issue affects E-Commerce Software: before 11. | |||||
| CVE-2023-34545 | 1 Cskaza | 1 Cszcms | 2023-08-11 | N/A | 9.8 CRITICAL |
| A SQL injection vulnerability in CSZCMS 1.3.0 allows remote attackers to run arbitrary SQL commands via p parameter or the search URL. | |||||
| CVE-2023-3522 | 1 A2technology | 1 License Portal System | 2023-08-11 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in a2 License Portal System allows SQL Injection.This issue affects License Portal System: before 1.48. | |||||
| CVE-2023-3386 | 1 A2technology | 1 Camera Trap Tracking System | 2023-08-11 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in a2 Camera Trap Tracking System allows SQL Injection.This issue affects Camera Trap Tracking System: before 3.1905. | |||||
| CVE-2023-3717 | 1 Farmakom | 1 Remote Administration Console | 2023-08-10 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Farmakom Remote Administration Console allows SQL Injection.This issue affects Remote Administration Console: before 1.02. | |||||
| CVE-2023-27411 | 1 Siemens | 1 Ruggedcom Crossbow | 2023-08-10 | N/A | 8.8 HIGH |
| A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.4). The affected applications is vulnerable to SQL injection. This could allow an authenticated remote attackers to execute arbitrary SQL queries on the server database and escalate privileges. | |||||