Total
11593 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-31233 | 1 Fighting Cock Information System Project | 1 Fighting Cock Information System | 2023-06-06 | N/A | 7.5 HIGH |
| SQL Injection vulnerability found in Fighting Cock Information System v.1.0 allows a remote attacker to obtain sensitive information via the edit_breed.php parameter. | |||||
| CVE-2023-33180 | 1 Xibosignage | 1 Xibo | 2023-06-06 | N/A | 6.5 MEDIUM |
| Xibo is a content management system (CMS). An SQL injection vulnerability was discovered starting in version 3.2.0 and prior to version 3.3.2 in the `/display/map` API route inside the CMS. This allows an authenticated user to exfiltrate data from the Xibo database by injecting specially crafted values in to the `bounds` parameter. Users should upgrade to version 3.3.5, which fixes this issue. There are no known workarounds aside from upgrading. | |||||
| CVE-2023-33179 | 1 Xibosignage | 1 Xibo | 2023-06-06 | N/A | 6.5 MEDIUM |
| Xibo is a content management system (CMS). An SQL injection vulnerability was discovered starting in version 3.2.0 and prior to version 3.3.5 in the `nameFilter` function used throughout the CMS. This allows an authenticated user to exfiltrate data from the Xibo database by injecting specially crafted values for logical operators. Users should upgrade to version 3.3.5 which fixes this issue. There are no known workarounds aside from upgrading. | |||||
| CVE-2023-33178 | 1 Xibosignage | 1 Xibo | 2023-06-06 | N/A | 6.5 MEDIUM |
| Xibo is a content management system (CMS). An SQL injection vulnerability was discovered in the `/dataset/data/{id}` API route inside the CMS starting in version 1.4.0 and prior to versions 2.3.17 and 3.3.5. This allows an authenticated user to exfiltrate data from the Xibo database by injecting specially crafted values in to the `filter` parameter. Values allowed in the filter parameter are checked against a deny list of commands that should not be allowed, however this checking was done in a case sensitive manor and so it is possible to bypass these checks by using unusual case combinations. Users should upgrade to version 2.3.17 or 3.3.5, which fix this issue. There are no workarounds aside from upgrading. | |||||
| CVE-2023-33945 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2023-06-02 | N/A | 8.1 HIGH |
| SQL injection vulnerability in the upgrade process for SQL Server in Liferay Portal 7.3.1 through 7.4.3.17, and Liferay DXP 7.3 before update 6, and 7.4 before update 18 allows attackers to execute arbitrary SQL commands via the name of a database table's primary key index. This vulnerability is only exploitable when chained with other attacks. To exploit this vulnerability, the attacker must modify the database and wait for the application to be upgraded. | |||||
| CVE-2022-24628 | 1 Audiocodes | 1 Device Manager Express | 2023-06-02 | N/A | 7.2 HIGH |
| An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is authenticated SQL injection in the id parameter of IPPhoneFirmwareEdit.php. | |||||
| CVE-2022-24627 | 1 Audiocodes | 1 Device Manager Express | 2023-06-02 | N/A | 9.8 CRITICAL |
| An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is an unauthenticated SQL injection in the p parameter of the process_login.php login form. | |||||
| CVE-2023-33279 | 1 Scfixmyprestashop Project | 1 Scfixmyprestashop | 2023-06-01 | N/A | 9.8 CRITICAL |
| In the Store Commander scfixmyprestashop module through 2023-05-09 for PrestaShop, sensitive SQL calls can be executed with a trivial HTTP request and exploited to forge a blind SQL injection. | |||||
| CVE-2023-33278 | 1 Storecommander | 1 Customers Export | 2023-06-01 | N/A | 9.8 CRITICAL |
| In the Store Commander scexportcustomers module for PrestaShop through 3.6.1, sensitive SQL calls can be executed with a trivial HTTP request and exploited to forge a blind SQL injection. | |||||
| CVE-2023-33280 | 1 Storecommander | 1 Quickaccounting | 2023-06-01 | N/A | 9.8 CRITICAL |
| In the Store Commander scquickaccounting module for PrestaShop through 3.7.3, multiple sensitive SQL calls can be executed with a trivial HTTP request and exploited to forge a blind SQL injection. | |||||
| CVE-2022-30025 | 1 Credenceanalytics | 1 Ideal - Wealth And Funds | 2023-05-31 | N/A | 6.5 MEDIUM |
| SQL injection in "/Framewrk/Home.jsp" file (POST method) in tCredence Analytics iDEAL Wealth and Funds - 1.0 iallows authenticated remote attackers to inject payload via "v" parameter. | |||||
| CVE-2023-2750 | 1 Cityboss | 1 E-municipality | 2023-05-31 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cityboss E-municipality allows SQL Injection.This issue affects E-municipality: before 6.05. | |||||
| CVE-2023-2064 | 1 Minovateknoloji | 1 Etrace | 2023-05-31 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Minova Technology eTrace allows SQL Injection.This issue affects eTrace: before 23.05.20. | |||||
| CVE-2023-2045 | 1 Ipekyolunet | 1 Software Auto Damage Tracking Software | 2023-05-31 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ipekyolu Software Auto Damage Tracking Software allows SQL Injection.This issue affects Auto Damage Tracking Software: before 4. | |||||
| CVE-2023-1508 | 1 Adampos | 1 Mobilmen El Terminali Yazilimi | 2023-05-30 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Adam Retail Automation Systems Mobilmen Terminal Software allows SQL Injection.This issue affects Mobilmen Terminal Software: before 3. | |||||
| CVE-2023-31752 | 1 Employee And Visitor Gate Pass Logging System Project | 1 Employee And Visitor Gate Pass Logging System | 2023-05-30 | N/A | 9.8 CRITICAL |
| SourceCodester Employee and Visitor Gate Pass Logging System v1.0 is vulnerable to SQL Injection via /employee_gatepass/classes/Login.php. | |||||
| CVE-2023-33361 | 1 Piwigo | 1 Piwigo | 2023-05-30 | N/A | 9.8 CRITICAL |
| Piwigo 13.6.0 is vulnerable to SQL Injection via /admin/permalinks.php. | |||||
| CVE-2023-33362 | 1 Piwigo | 1 Piwigo | 2023-05-30 | N/A | 9.8 CRITICAL |
| Piwigo 13.6.0 is vulnerable to SQL Injection via in the "profile" function. | |||||
| CVE-2023-33439 | 1 Faculty Evaluation System Project | 1 Faculty Evaluation System | 2023-05-29 | N/A | 7.2 HIGH |
| Sourcecodester Faculty Evaluation System v1.0 is vulnerable to SQL Injection via /eval/admin/manage_task.php?id=. | |||||
| CVE-2023-0620 | 1 Hashicorp | 1 Vault | 2023-05-26 | N/A | 6.7 MEDIUM |
| HashiCorp Vault and Vault Enterprise versions 0.8.0 through 1.13.1 are vulnerable to an SQL injection attack when configuring the Microsoft SQL (MSSQL) Database Storage Backend. When configuring the MSSQL plugin through the local, certain parameters are not sanitized when passed to the user-provided MSSQL database. An attacker may modify these parameters to execute a malicious SQL command. This issue is fixed in versions 1.13.1, 1.12.5, and 1.11.9. | |||||