Total
11593 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-34752 | 2 Apple, Bloofox | 2 Macos, Bloofoxcms | 2023-06-17 | N/A | 9.8 CRITICAL |
| bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the lid parameter at admin/index.php?mode=settings&page=lang&action=edit. | |||||
| CVE-2023-34753 | 2 Apple, Bloofox | 2 Macos, Bloofoxcms | 2023-06-17 | N/A | 9.8 CRITICAL |
| bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the tid parameter at admin/index.php?mode=settings&page=tmpl&action=edit. | |||||
| CVE-2023-34754 | 2 Apple, Bloofox | 2 Macos, Bloofoxcms | 2023-06-17 | N/A | 9.8 CRITICAL |
| bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the pid parameter at admin/index.php?mode=settings&page=plugins&action=edit. | |||||
| CVE-2023-34755 | 2 Apple, Bloofox | 2 Macos, Bloofoxcms | 2023-06-17 | N/A | 9.8 CRITICAL |
| bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the userid parameter at admin/index.php?mode=user&action=edit. | |||||
| CVE-2023-34756 | 2 Apple, Bloofox | 2 Macos, Bloofoxcms | 2023-06-17 | N/A | 9.8 CRITICAL |
| bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the cid parameter at admin/index.php?mode=settings&page=charset&action=edit. | |||||
| CVE-2023-35036 | 1 Progress | 1 Moveit Transfer | 2023-06-16 | N/A | 9.1 CRITICAL |
| In Progress MOVEit Transfer before 2021.0.7 (13.0.7), 2021.1.5 (13.1.5), 2022.0.5 (14.0.5), 2022.1.6 (14.1.6), and 2023.0.2 (15.0.2), SQL injection vulnerabilities have been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to MOVEit Transfer's database. An attacker could submit a crafted payload to a MOVEit Transfer application endpoint that could result in modification and disclosure of MOVEit database content. | |||||
| CVE-2023-33557 | 1 Thedaylightstudio | 1 Fuel Cms | 2023-06-16 | N/A | 8.8 HIGH |
| Fuel CMS v1.5.2 was discovered to contain a SQL injection vulnerability via the id parameter at /controllers/Blocks.php. | |||||
| CVE-2023-22583 | 1 Danfoss | 2 Ak-em100, Ak-em100 Firmware | 2023-06-16 | N/A | 9.8 CRITICAL |
| The Danfoss AK-EM100 web forms allow for SQL injection in the login forms. | |||||
| CVE-2023-29630 | 1 Joommasters | 1 Jms Drop Mega Menu | 2023-06-13 | N/A | 9.8 CRITICAL |
| PrestaShop jmsmegamenu 1.1.x and 2.0.x is vulnerable to SQL Injection via ajax_jmsmegamenu.php. | |||||
| CVE-2023-29632 | 1 Joommasters | 1 Jmspagebuilder | 2023-06-13 | N/A | 9.8 CRITICAL |
| PrestaShop jmspagebuilder 3.x is vulnerable to SQL Injection via ajax_jmspagebuilder.php. | |||||
| CVE-2023-29629 | 1 Jmsthemelayout Project | 1 Jmsthemelayout | 2023-06-13 | N/A | 9.8 CRITICAL |
| PrestaShop jmsthemelayout 2.5.5 is vulnerable to SQL Injection via ajax_jmsvermegamenu.php. | |||||
| CVE-2023-30149 | 2 Ebewe, Prestashop | 2 City Autocomplete, Prestashop | 2023-06-12 | N/A | 9.8 CRITICAL |
| SQL injection vulnerability in the City Autocomplete (cityautocomplete) module from ebewe.net for PrestaShop, prior to version 1.8.12 (for PrestaShop version 1.5/1.6) or prior to 2.0.3 (for PrestaShop version 1.7), allows remote attackers to execute arbitrary SQL commands via the type, input_name. or q parameter in the autocompletion.php front controller. | |||||
| CVE-2023-28701 | 1 Elite | 1 Webfax | 2023-06-09 | N/A | 9.8 CRITICAL |
| ELITE TECHNOLOGY CORP. Web Fax has a vulnerability of SQL Injection. An unauthenticated remote attacker can inject SQL commands into the input field of the login page to perform arbitrary system commands, disrupt service or terminate service. | |||||
| CVE-2023-3000 | 1 Erikogluteknoloji | 1 Energy Monitoring | 2023-06-09 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Erikoglu Technology ErMon allows Command Line Execution through SQL Injection, Authentication Bypass.This issue affects ErMon: before 230602. | |||||
| CVE-2023-33762 | 1 Simpleredak | 1 Simpleredak | 2023-06-08 | N/A | 9.8 CRITICAL |
| eMedia Consulting simpleRedak up to v2.47.23.05 was discovered to contain a SQL injection vulnerability via the Activity parameter. | |||||
| CVE-2023-29154 | 1 Contec | 1 Conprosys Hmi System | 2023-06-08 | N/A | 7.2 HIGH |
| SQL injection vulnerability exists in the CONPROSYS HMI System (CHS) versions prior to 3.5.3. A user who can access the affected product with an administrative privilege may execute an arbitrary SQL command via specially crafted input to the query setting page. | |||||
| CVE-2023-33967 | 1 Megaease | 1 Easeprobe | 2023-06-07 | N/A | 9.8 CRITICAL |
| EaseProbe is a tool that can do health/status checking. An SQL injection issue was discovered in EaseProbe before 2.1.0 when using MySQL/PostgreSQL data checking. This problem has been fixed in v2.1.0. | |||||
| CVE-2022-3243 | 1 Smackcoders | 1 Import All Pages\, Post Types\, Products\, Orders\, And Users As Xml \& Csv | 2023-06-07 | N/A | 7.2 HIGH |
| The Import all XML, CSV & TXT WordPress plugin before 6.5.8 does not properly sanitise and escape imported data before using them back SQL statements, leading to SQL injection exploitable by high privilege users such as admin | |||||
| CVE-2023-33509 | 1 Kramerav | 2 Via Go2, Via Go2 Firmware | 2023-06-06 | N/A | 9.8 CRITICAL |
| KramerAV VIA GO² < 4.0.1.1326 is vulnerable to SQL Injection. | |||||
| CVE-2023-33734 | 1 Bluecms Project | 1 Bluecms | 2023-06-06 | N/A | 9.8 CRITICAL |
| BlueCMS v1.6 was discovered to contain a SQL injection vulnerability via the keywords parameter at search.php. | |||||