Total
11593 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-31753 | 1 Endonesia | 1 Endonesia | 2023-07-27 | N/A | 9.8 CRITICAL |
| SQL injection vulnerability in diskusi.php in eNdonesia 8.7, allows an attacker to execute arbitrary SQL commands via the "rid=" parameter. | |||||
| CVE-2023-25839 | 3 Apple, Esri, Microsoft | 3 Macos, Arcgis Insights, Windows | 2023-07-27 | N/A | 7.0 HIGH |
| There is SQL injection vulnerability in Esri ArcGIS Insights Desktop for Mac and Windows version 2022.1 that may allow a local, authorized attacker to execute arbitrary SQL commands against the back-end database. The effort required to generate the crafted input required to exploit this issue is complex and requires significant effort before a successful attack can be expected. | |||||
| CVE-2023-37278 | 1 Glpi-project | 1 Glpi | 2023-07-27 | N/A | 9.1 CRITICAL |
| GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An administrator can trigger SQL injection via dashboards administration. This vulnerability has been patched in version 10.0.9. | |||||
| CVE-2021-37522 | 1 Locke-bot Project | 1 Locke-bot | 2023-07-27 | N/A | 9.8 CRITICAL |
| SQL injection vulnerability in HKing2802 Locke-Bot 2.0.2 allows remote attackers to run arbitrary SQL commands via crafted string to /src/db.js, /commands/mute.js, /modules/event/messageDelete.js. | |||||
| CVE-2023-30153 | 1 Prestashop | 1 Payplug | 2023-07-27 | N/A | 9.8 CRITICAL |
| An SQL injection vulnerability in the Payplug (payplug) module for PrestaShop, in versions 3.6.0, 3.6.1, 3.6.2, 3.6.3, 3.7.0 and 3.7.1, allows remote attackers to execute arbitrary SQL commands via the ajax.php front controller. | |||||
| CVE-2023-28019 | 1 Hcltech | 1 Bigfix Webui | 2023-07-27 | N/A | 8.8 HIGH |
| Insufficient validation in Bigfix WebUI API App site version < 14 allows an authenticated WebUI user to issue SQL queries via an unparameterized SQL query. | |||||
| CVE-2023-37472 | 1 Eng | 1 Knowage | 2023-07-27 | N/A | 6.5 MEDIUM |
| Knowage is an open source suite for business analytics. The application often use user supplied data to create HQL queries without prior sanitization. An attacker can create specially crafted HQL queries that will break subsequent SQL queries generated by the Hibernate engine. The endpoint `_/knowage/restful-services/2.0/documents/listDocument_` calls the `_countBIObjects_` method of the `_BIObjectDAOHibImpl_` object with the user supplied `_label_` parameter without prior sanitization. This can lead to SQL injection in the backing database. Other injections have been identified in the application as well. An authenticated attacker with low privileges could leverage this vulnerability in order to retrieve sensitive information from the database, such as account credentials or business information. This issue has been addressed in version 8.1.8. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-3743 | 1 Leothemes | 1 Ap Page Builder | 2023-07-27 | N/A | 7.5 HIGH |
| Ap Page Builder, in versions lower than 1.7.8.2, could allow a remote attacker to send a specially crafted SQL query to the product_one_img parameter to retrieve the information stored in the database. | |||||
| CVE-2023-3820 | 1 Pimcore | 1 Pimcore | 2023-07-26 | N/A | 7.2 HIGH |
| SQL Injection in GitHub repository pimcore/pimcore prior to 10.6.4. | |||||
| CVE-2023-2963 | 1 Olivaekspertiz | 1 Oliva Ekspertiz | 2023-07-26 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Oliva Expertise Oliva Expertise EKS allows SQL Injection.This issue affects Oliva Expertise EKS: before 1.2. | |||||
| CVE-2023-3673 | 1 Pimcore | 1 Pimcore | 2023-07-26 | N/A | 7.2 HIGH |
| SQL Injection in GitHub repository pimcore/pimcore prior to 10.5.24. | |||||
| CVE-2023-3376 | 1 Dijital | 1 Zekiweb | 2023-07-26 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Digital Strategy Zekiweb allows SQL Injection.This issue affects Zekiweb: before 2. | |||||
| CVE-2023-23660 | 1 Mainwp | 1 Mainwp Maintenance Extension | 2023-07-26 | N/A | 8.8 HIGH |
| Auth. (subscriber+) SQL Injection (SQLi) vulnerability in MainWP MainWP Maintenance Extension plugin <= 4.1.1 versions. | |||||
| CVE-2023-35070 | 1 Vegagroup | 1 Web Collection | 2023-07-25 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VegaGroup Web Collection allows SQL Injection.This issue affects Web Collection: before 31197. | |||||
| CVE-2023-2957 | 1 Lisayazilim | 1 Florist Site | 2023-07-20 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Lisa Software Florist Site allows SQL Injection.This issue affects Florist Site: before 3.0. | |||||
| CVE-2023-37627 | 1 Code-projects | 1 Online Restaurant Management System | 2023-07-20 | N/A | 9.8 CRITICAL |
| Code-projects Online Restaurant Management System 1.0 is vulnerable to SQL Injection. Through SQL injection, an attacker can bypass the admin panel and view order records, add items, delete items etc. | |||||
| CVE-2023-37628 | 1 Simple Online Piggery Management System Project | 1 Simple Online Piggery Management System | 2023-07-20 | N/A | 9.8 CRITICAL |
| Online Piggery Management System 1.0 is vulnerable to SQL Injection. | |||||
| CVE-2023-37196 | 1 Schneider-electric | 1 Struxureware Data Center Expert | 2023-07-19 | N/A | 8.8 HIGH |
| A CWE-89: Improper Neutralization of Special Elements vulnerability used in an SQL Command ('SQL Injection') vulnerability exists that could allow a user already authenticated on DCE to access unauthorized content, change, or delete content, or perform unauthorized actions when tampering with the alert settings of endpoints on DCE. | |||||
| CVE-2023-37197 | 1 Schneider-electric | 1 Struxureware Data Center Expert | 2023-07-19 | N/A | 8.8 HIGH |
| A CWE-89: Improper Neutralization of Special Elements vulnerability used in an SQL Command ('SQL Injection') vulnerability exists that could allow a user already authenticated on DCE to access unauthorized content, change, or delete content, or perform unauthorized actions when tampering with the mass configuration settings of endpoints on DCE. | |||||
| CVE-2023-26861 | 1 Vivawallet | 1 Viva Wallet | 2023-07-18 | N/A | 9.8 CRITICAL |
| SQL injection vulnerability found in PrestaShop vivawallet v.1.7.10 and before allows a remote attacker to gain privileges via the vivawallet() module. | |||||