Total
11593 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-39122 | 1 Bmc | 1 Control-m | 2023-08-04 | N/A | 9.8 CRITICAL |
| BMC Control-M through 9.0.20.200 allows SQL injection via the /RF-Server/report/deleteReport report-id parameter. This is fixed in 9.0.21 (and is also fixed by a patch for 9.0.20.200). | |||||
| CVE-2023-37647 | 1 Sem-cms | 1 Semcms | 2023-08-04 | N/A | 9.8 CRITICAL |
| SEMCMS v1.5 was discovered to contain a SQL injection vulnerability via the id parameter at /Ant_Suxin.php. | |||||
| CVE-2021-35234 | 1 Solarwinds | 1 Orion Platform | 2023-08-03 | 6.5 MEDIUM | 8.8 HIGH |
| Numerous exposed dangerous functions within Orion Core has allows for read-only SQL injection leading to privileged escalation. An attacker with low-user privileges may steal password hashes and password salt information. | |||||
| CVE-2020-21662 | 1 Yunyecms | 1 Yunyecms | 2023-08-03 | N/A | 9.8 CRITICAL |
| SQL injection vulnerability in yunyecms 2.0.2 allows remote attackers to run arbitrary SQL commands via XFF. | |||||
| CVE-2023-38992 | 1 Jeecg | 1 Jeecg Boot | 2023-08-03 | N/A | 9.8 CRITICAL |
| jeecg-boot v3.5.1 was discovered to contain a SQL injection vulnerability via the title parameter at /sys/dict/loadTreeData. | |||||
| CVE-2022-36961 | 1 Solarwinds | 1 Orion Platform | 2023-08-03 | N/A | 8.8 HIGH |
| A vulnerable component of Orion Platform was vulnerable to SQL Injection, an authenticated attacker could leverage this for privilege escalation or remote code execution. | |||||
| CVE-2023-26859 | 1 Brevo | 1 Brevo | 2023-08-02 | N/A | 9.8 CRITICAL |
| SQL injection vulnerability found in PrestaShop sendinblue v.4.0.15 and before allow a remote attacker to gain privileges via the ajaxOrderTracking.php component. | |||||
| CVE-2008-0491 | 1 Fgallery Project | 1 Fgallery | 2023-08-02 | 7.5 HIGH | N/A |
| SQL injection vulnerability in fim_rss.php in the fGallery 2.4.1 plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the album parameter. | |||||
| CVE-2008-0616 | 1 Dmsguestbook Project | 1 Dmsguestbook | 2023-08-02 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the administration panel in the DMSGuestbook 1.7.0 plugin for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via unspecified vectors. NOTE: it is not clear whether this issue crosses privilege boundaries. | |||||
| CVE-2014-4873 | 1 Bmc | 1 Track-it\! | 2023-08-02 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in TrackItWeb/Grid/GetData in BMC Track-It! 11.3.0.355 allows remote authenticated users to execute arbitrary SQL commands via crafted POST data. | |||||
| CVE-2023-35088 | 1 Apache | 1 Inlong | 2023-08-02 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements Used in an SQL Command ('SQL Injection') vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.7.0. In the toAuditCkSql method, the groupId, streamId, auditId, and dt are directly concatenated into the SQL query statement, which may lead to SQL injection attacks. Users are advised to upgrade to Apache InLong's 1.8.0 or cherry-pick [1] to solve it. [1] https://github.com/apache/inlong/pull/8198 | |||||
| CVE-2023-37258 | 1 Dataease | 1 Dataease | 2023-08-01 | N/A | 9.8 CRITICAL |
| DataEase is an open source data visualization analysis tool. Prior to version 1.18.9, DataEase has a SQL injection vulnerability that can bypass blacklists. The vulnerability has been fixed in v1.18.9. There are no known workarounds. | |||||
| CVE-2023-30151 | 1 Prestashop | 1 Prestashop | 2023-08-01 | N/A | 9.8 CRITICAL |
| A SQL injection vulnerability in the Boxtal (envoimoinscher) module for PrestaShop, after version 3.1.10, allows remote attackers to execute arbitrary SQL commands via the `key` GET parameter. | |||||
| CVE-2023-30625 | 1 Rudderstack | 1 Rudder-server | 2023-07-31 | N/A | 8.8 HIGH |
| rudder-server is part of RudderStack, an open source Customer Data Platform (CDP). Versions of rudder-server prior to 1.3.0-rc.1 are vulnerable to SQL injection. This issue may lead to Remote Code Execution (RCE) due to the `rudder` role in PostgresSQL having superuser permissions by default. Version 1.3.0-rc.1 contains patches for this issue. | |||||
| CVE-2023-37361 | 1 Vanderbilt | 1 Redcap | 2023-07-31 | N/A | 2.7 LOW |
| REDCap 12.0.26 LTS and 12.3.2 Standard allows SQL Injection via scheduling, repeatforms, purpose, app_title, or randomization. | |||||
| CVE-2023-37165 | 1 Millhouse-project Project | 1 Millhouse-project | 2023-07-31 | N/A | 9.8 CRITICAL |
| Millhouse-Project v1.414 was discovered to contain a remote code execution (RCE) vulnerability via the component /add_post_sql.php. | |||||
| CVE-2023-35066 | 1 Infodrom | 1 E-invoice Approval System | 2023-07-31 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Infodrom Software E-Invoice Approval System allows SQL Injection.This issue affects E-Invoice Approval System: before v.20230701. | |||||
| CVE-2023-3046 | 1 Biltay | 1 Scienta | 2023-07-31 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Biltay Technology Scienta allows SQL Injection.This issue affects Scienta: before 20230630.1953. | |||||
| CVE-2023-1547 | 1 Elra | 1 Parkmatik | 2023-07-31 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Elra Parkmatik allows SQL Injection through SOAP Parameter Tampering, Command Line Execution through SQL Injection.This issue affects Parkmatik: before 02.01-a51. | |||||
| CVE-2023-26217 | 1 Tibco | 1 Ebx Add-ons | 2023-07-28 | N/A | 8.8 HIGH |
| The Data Exchange Add-on component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains an easily exploitable vulnerability that allows a low privileged user with import permissions and network access to the EBX server to execute arbitrary SQL statements on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO EBX Add-ons: versions 4.5.17 and below, versions 5.6.2 and below, version 6.1.0. | |||||