Total
11593 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-34735 | 1 Property Cloud Platform Management Center Project | 1 Property Cloud Platform Management Center | 2023-07-06 | N/A | 9.8 CRITICAL |
| Property Cloud Platform Management Center 1.0 is vulnerable to error-based SQL injection. | |||||
| CVE-2023-34418 | 1 Lenovo | 1 Xclarity Administrator | 2023-07-06 | N/A | 8.1 HIGH |
| A valid, authenticated LXCA user may be able to gain unauthorized access to events and other data stored in LXCA due to a SQL injection vulnerability in a specific web API. | |||||
| CVE-2023-36663 | 1 It-novum | 1 Openitcockpit | 2023-07-05 | N/A | 8.8 HIGH |
| it-novum openITCOCKPIT (aka open IT COCKPIT) 4.6.4 before 4.6.5 allows SQL Injection (by authenticated users) via the sort parameter of the API interface. | |||||
| CVE-2022-47614 | 1 Inspireui | 1 Mstore Api | 2023-07-03 | N/A | 7.5 HIGH |
| Unauth. SQL Injection (SQLi) vulnerability in InspireUI MStore API plugin <= 3.9.7 versions. | |||||
| CVE-2023-32529 | 1 Trendmicro | 1 Apex Central | 2023-06-30 | N/A | 8.8 HIGH |
| Vulnerable modules of Trend Micro Apex Central (on-premise) contain vulnerabilities which would allow authenticated users to perform a SQL injection that could lead to remote code execution. Please note: an attacker must first obtain authentication on the target system in order to exploit these vulnerabilities. This is similar to, but not identical to CVE-2023-32530. | |||||
| CVE-2023-2080 | 1 Forcepoint | 2 Email Security, Web Security | 2023-06-30 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Forcepoint Cloud Security Gateway (CSG) Portal on Web Cloud Security Gateway, Email Security Cloud allows Blind SQL Injection. | |||||
| CVE-2023-32530 | 1 Trendmicro | 1 Apex Central | 2023-06-30 | N/A | 8.8 HIGH |
| Vulnerable modules of Trend Micro Apex Central (on-premise) contain vulnerabilities which would allow authenticated users to perform a SQL injection that could lead to remote code execution. Please note: an attacker must first obtain authentication on the target system in order to exploit these vulnerabilities. This is similar to, but not identical to CVE-2023-32529. | |||||
| CVE-2023-34601 | 1 Jeesite | 1 Jeesite | 2023-06-30 | N/A | 9.8 CRITICAL |
| Jeesite before commit 10742d3 was discovered to contain a SQL injection vulnerability via the component ${businessTable} at /act/ActDao.xml. | |||||
| CVE-2023-36284 | 1 Webkul | 1 Qloapps | 2023-06-30 | N/A | 7.5 HIGH |
| An unauthenticated Time-Based SQL injection found in Webkul QloApps 1.6.0 via GET parameter date_from, date_to, and id_product allows a remote attacker to bypass a web application's authentication and authorization mechanisms and retrieve the contents of an entire database. | |||||
| CVE-2023-32754 | 1 Thinkingsoftware | 1 Efence | 2023-06-30 | N/A | 9.8 CRITICAL |
| Thinking Software Efence login function has insufficient validation for user input. An unauthenticated remote attacker can exploit this vulnerability to inject arbitrary SQL commands to access, modify or delete database. | |||||
| CVE-2023-2907 | 1 Marksoft | 1 Marksoft | 2023-06-29 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Marksoft allows SQL Injection.This issue affects Marksoft: through Mobile:v.7.1.7 ; Login:1.4 ; API:20230605. | |||||
| CVE-2022-47593 | 1 Rapidload | 1 Rapidload Power-up For Autoptimize | 2023-06-28 | N/A | 6.5 MEDIUM |
| Auth. (subscriber+) SQL Injection (SQLi) vulnerability in RapidLoad RapidLoad Power-Up for Autoptimize plugin <= 1.6.35 versions. | |||||
| CVE-2020-20636 | 1 Joyplus-cms Project | 1 Joyplus-cms | 2023-06-27 | N/A | 7.5 HIGH |
| SQL injection vulnerability found in Joyplus-cms v.1.6.0 allows a remote attacker to access sensitive information via the id parameter of the goodbad() function. | |||||
| CVE-2020-20491 | 1 Opencart | 1 Opencart | 2023-06-27 | N/A | 7.2 HIGH |
| SQL injection vulnerability in OpenCart v.2.2.00 thru 3.0.3.2 allows a remote attacker to execute arbitrary code via the Fba plugin function in upload/admin/index.php. | |||||
| CVE-2020-20413 | 1 Wuzhicms | 1 Wuzhicms | 2023-06-27 | N/A | 9.8 CRITICAL |
| SQL injection vulnerability found in WUZHICMS v.4.1.0 allows a remote attacker to execute arbitrary code via the checktitle() function in admin/content.php. | |||||
| CVE-2023-34600 | 1 Adiscon | 1 Loganalyzer | 2023-06-27 | N/A | 9.8 CRITICAL |
| Adiscon LogAnalyzer v4.1.13 and before is vulnerable to SQL Injection. | |||||
| CVE-2020-21400 | 1 Phpmywind | 1 Phpmywind | 2023-06-27 | N/A | 7.2 HIGH |
| SQL injection vulnerability in gaozhifeng PHPMyWind v.5.6 allows a remote attacker to execute arbitrary code via the id variable in the modify function. | |||||
| CVE-2020-21486 | 1 Phpok | 1 Phpok | 2023-06-27 | N/A | 7.5 HIGH |
| SQL injection vulnerability in PHPOK v.5.4. allows a remote attacker to obtain sensitive information via the _userlist function in framerwork/phpok_call.php file. | |||||
| CVE-2022-47586 | 1 Themefic | 1 Ultimate Addons For Contact Form 7 | 2023-06-27 | N/A | 9.8 CRITICAL |
| Unauth. SQL Injection (SQLi) vulnerability in Themefic Ultimate Addons for Contact Form 7 plugin <= 3.1.23 versions. | |||||
| CVE-2023-34603 | 1 Jeecg | 1 Jeecgboot | 2023-06-27 | N/A | 7.5 HIGH |
| JeecgBoot up to v 3.5.1 was discovered to contain a SQL injection vulnerability via the component queryFilterTableDictInfo at org.jeecg.modules.api.controller.SystemApiController. | |||||