Total
11593 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-34602 | 1 Jeecg | 1 Jeecgboot | 2023-06-27 | N/A | 7.5 HIGH |
| JeecgBoot up to v 3.5.1 was discovered to contain a SQL injection vulnerability via the component queryTableDictItemsByCode at org.jeecg.modules.api.controller.SystemApiController. | |||||
| CVE-2021-26634 | 2 Linux, Maxb | 2 Linux Kernel, Maxboard | 2023-06-26 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection and file upload attacks are possible due to insufficient validation of input values in some parameters and variables of files compromising Maxboard, which may lead to arbitrary code execution or privilege escalation. Attackers can use these vulnerabilities to perform attacks such as stealing server management rights using a web shell. | |||||
| CVE-2023-35782 | 1 Ipandlanguageredirect Project | 1 Ipandlanguageredirect | 2023-06-26 | N/A | 9.8 CRITICAL |
| The ipandlanguageredirect extension before 5.1.2 for TYPO3 allows SQL Injection. | |||||
| CVE-2023-32115 | 1 Sap | 1 Master Data Synchronization | 2023-06-26 | N/A | 6.1 MEDIUM |
| An attacker can exploit MDS COMPARE TOOL and use specially crafted inputs to read and modify database commands, resulting in the retrieval of additional information persisted by the system. | |||||
| CVE-2023-31672 | 1 Prestashop | 1 Prestashop | 2023-06-24 | N/A | 9.8 CRITICAL |
| In the PrestaShop < 2.4.3 module "Length, weight or volume sell" (ailinear) there is a SQL injection vulnerability. | |||||
| CVE-2023-34659 | 1 Jeecg | 1 Jeecg Boot | 2023-06-23 | N/A | 9.8 CRITICAL |
| jeecg-boot 3.5.0 and 3.5.1 have a SQL injection vulnerability the id parameter of the /jeecg-boot/jmreport/show interface. | |||||
| CVE-2023-35064 | 1 Satos | 1 Satos Mobile | 2023-06-23 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Satos Satos Mobile allows SQL Injection through SOAP Parameter Tampering.This issue affects Satos Mobile: before 20230607. | |||||
| CVE-2023-34249 | 1 Pybb Project | 1 Pybb | 2023-06-23 | N/A | 9.8 CRITICAL |
| benjjvi/PyBB is an open source bulletin board. Prior to commit dcaeccd37198ecd3e41ea766d1099354b60d69c2, benjjvi/PyBB is vulnerable to SQL Injection. This vulnerability has been fixed as of commit dcaeccd37198ecd3e41ea766d1099354b60d69c2. As a workaround, a user may be able to update the software manually to avoid this problem by sanitizing user queries to `BulletinDatabaseModule.py`. | |||||
| CVE-2023-31671 | 1 Webbax | 1 Postfinance | 2023-06-23 | N/A | 9.8 CRITICAL |
| PrestaShop postfinance <= 17.1.13 is vulnerable to SQL Injection via PostfinanceValidationModuleFrontController::postProcess(). | |||||
| CVE-2023-30150 | 1 Leotheme | 1 Leocustomajax | 2023-06-23 | N/A | 9.8 CRITICAL |
| PrestaShop leocustomajax 1.0 and 1.0.0 are vulnerable to SQL Injection via modules/leocustomajax/leoajax.php. | |||||
| CVE-2023-34362 | 1 Progress | 2 Moveit Cloud, Moveit Transfer | 2023-06-23 | N/A | 9.8 CRITICAL |
| In Progress MOVEit Transfer before 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5 (14.1.5), and 2023.0.1 (15.0.1), a SQL injection vulnerability has been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain access to MOVEit Transfer's database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database, and execute SQL statements that alter or delete database elements. NOTE: this is exploited in the wild in May and June 2023; exploitation of unpatched systems can occur via HTTP or HTTPS. All versions (e.g., 2020.0 and 2019x) before the five explicitly mentioned versions are affected, including older unsupported versions. | |||||
| CVE-2023-34548 | 1 Simple Customer Relationship Management Project | 1 Simple Customer Relationship Management | 2023-06-22 | N/A | 9.8 CRITICAL |
| Simple Customer Relationship Management 1.0 is vulnerable to SQL Injection via the email parameter. | |||||
| CVE-2023-34626 | 1 Piwigo | 1 Piwigo | 2023-06-22 | N/A | 4.3 MEDIUM |
| Piwigo 13.7.0 is vulnerable to SQL Injection via the "Users" function. | |||||
| CVE-2023-27637 | 1 Tshirtecommerce | 1 Custom Product Designer | 2023-06-21 | N/A | 9.8 CRITICAL |
| An issue was discovered in the tshirtecommerce (aka Custom Product Designer) component 2.1.4 for PrestaShop. An HTTP request can be forged with a compromised product_id GET parameter in order to exploit an insecure parameter in the front controller file designer.php, which could lead to a SQL injection. This is exploited in the wild in March 2023. | |||||
| CVE-2023-27638 | 1 Tshirtecommerce | 1 Custom Product Designer | 2023-06-21 | N/A | 9.8 CRITICAL |
| An issue was discovered in the tshirtecommerce (aka Custom Product Designer) component 2.1.4 for PrestaShop. An HTTP request can be forged with a compromised tshirtecommerce_design_cart_id GET parameter in order to exploit an insecure parameter in the functions hookActionCartSave and updateCustomizationTable, which could lead to a SQL injection. This is exploited in the wild in March 2023. | |||||
| CVE-2023-3047 | 1 Tmtmakine | 2 Lockcell, Lockcell Firmware | 2023-06-20 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TMT Lockcell allows SQL Injection.This issue affects Lockcell: before 15. | |||||
| CVE-2023-35708 | 1 Progress | 1 Moveit Transfer | 2023-06-20 | N/A | 9.8 CRITICAL |
| In Progress MOVEit Transfer before 2021.0.8 (13.0.8), 2021.1.6 (13.1.6), 2022.0.6 (14.0.6), 2022.1.7 (14.1.7), and 2023.0.3 (15.0.3), a SQL injection vulnerability has been identified in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to MOVEit Transfer's database. An attacker could submit a crafted payload to a MOVEit Transfer application endpoint that could result in modification and disclosure of MOVEit database content. These are fixed versions of the DLL drop-in: 2020.1.10 (12.1.10), 2021.0.8 (13.0.8), 2021.1.6 (13.1.6), 2022.0.6 (14.0.6), 2022.1.7 (14.1.7), and 2023.0.3 (15.0.3). | |||||
| CVE-2023-33817 | 1 Digitaldruid | 1 Hoteldruid | 2023-06-17 | N/A | 8.8 HIGH |
| hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability. | |||||
| CVE-2023-34750 | 2 Apple, Bloofox | 2 Macos, Bloofoxcms | 2023-06-17 | N/A | 9.8 CRITICAL |
| bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the cid parameter at admin/index.php?mode=settings&page=projects&action=edit. | |||||
| CVE-2023-34751 | 2 Apple, Bloofox | 2 Macos, Bloofoxcms | 2023-06-17 | N/A | 9.8 CRITICAL |
| bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the gid parameter at admin/index.php?mode=user&page=groups&action=edit. | |||||