Total
11593 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-47984 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2023-05-26 | N/A | 9.8 CRITICAL |
| IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 243163. | |||||
| CVE-2023-2832 | 1 Bumsys Project | 1 Bumsys | 2023-05-26 | N/A | 7.2 HIGH |
| SQL Injection in GitHub repository unilogies/bumsys prior to 2.2.0. | |||||
| CVE-2023-31707 | 1 Sem-cms | 1 Semcms | 2023-05-26 | N/A | 9.8 CRITICAL |
| SEMCMS 1.5 is vulnerable to SQL Injection via Ant_Rponse.php. | |||||
| CVE-2023-2756 | 1 Pimcore | 1 Customer Management Framework | 2023-05-25 | N/A | 7.2 HIGH |
| SQL Injection in GitHub repository pimcore/customer-data-framework prior to 3.3.10. | |||||
| CVE-2023-27233 | 1 Piwigo | 1 Piwigo | 2023-05-25 | N/A | 8.8 HIGH |
| Piwigo before 13.6.0 was discovered to contain a SQL injection vulnerability via the order[0][dir] parameter at user_list_backend.php. | |||||
| CVE-2023-29985 | 1 Student Study Center Desk Management System Project | 1 Student Study Center Desk Management System | 2023-05-25 | N/A | 9.8 CRITICAL |
| Sourcecodester Student Study Center Desk Management System v1.0 admin\reports\index.php#date_from has a SQL Injection vulnerability. | |||||
| CVE-2023-32308 | 1 Anuko | 1 Time Tracker | 2023-05-25 | N/A | 9.8 CRITICAL |
| anuko timetracker is an open source time tracking system. Boolean-based blind SQL injection vulnerability existed in Time Tracker invoices.php in versions prior to 1.22.11.5781. This was happening because of a coding error after validating parameters in POST requests. There was no check for errors before adjusting invoice sorting order. Because of this, it was possible to craft a POST request with malicious SQL for Time Tracker database. This issue has been fixed in version 1.22.11.5781. Users are advised to upgrade. Users unable to upgrade may insert an additional check for errors in a condition before calling `ttGroupHelper::getActiveInvoices()` in invoices.php. | |||||
| CVE-2023-30191 | 1 Cdesigner Project | 1 Cdesigner | 2023-05-25 | N/A | 9.8 CRITICAL |
| PrestaShop cdesigner < 3.1.9 is vulnerable to SQL Injection via CdesignerTraitementModuleFrontController::initContent(). | |||||
| CVE-2023-27742 | 1 Idurar Project | 1 Idurar | 2023-05-25 | N/A | 9.8 CRITICAL |
| IDURAR ERP/CRM v1 was discovered to contain a SQL injection vulnerability via the component /api/login. | |||||
| CVE-2023-31702 | 1 Escanav | 1 Escan Management Console | 2023-05-25 | N/A | 7.2 HIGH |
| SQL injection in the View User Profile in MicroWorld eScan Management Console 14.0.1400.2281 allows remote attacker to dump entire database and gain windows XP command shell to perform code execution on database server via GetUserCurrentPwd?UsrId=1. | |||||
| CVE-2023-29809 | 1 Companymaps Project | 1 Companymaps | 2023-05-25 | N/A | 9.8 CRITICAL |
| SQL injection vulnerability found in Maximilian Vogt companymaps (cmaps) v.8.0 allows a remote attacker to execute arbitrary code via a crafted script in the request. | |||||
| CVE-2023-30189 | 1 Posthemes | 1 Posstaticblocks | 2023-05-24 | N/A | 9.8 CRITICAL |
| Prestashop posstaticblocks <= 1.0.0 is vulnerable to SQL Injection via posstaticblocks::getPosCurrentHook(). | |||||
| CVE-2023-31611 | 1 Openlinksw | 1 Virtuoso | 2023-05-24 | N/A | 7.5 HIGH |
| An issue in the __libc_longjmp component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | |||||
| CVE-2023-1934 | 1 Sdg | 1 Pnpscada | 2023-05-24 | N/A | 7.5 HIGH |
| The PnPSCADA system, a product of SDG Technologies CC, is afflicted by a critical unauthenticated error-based PostgreSQL Injection vulnerability. Present within the hitlogcsv.jsp endpoint, this security flaw permits unauthenticated attackers to engage with the underlying database seamlessly and passively. Consequently, malicious actors could gain access to vital information, such as Industrial Control System (ICS) and OT data, alongside other sensitive records like SMS and SMS Logs. The unauthorized database access exposes compromised systems to potential manipulation or breach of essential infrastructure data, highlighting the severity of this vulnerability. | |||||
| CVE-2023-30245 | 1 Judging Management System Project | 1 Judging Management System | 2023-05-24 | N/A | 9.8 CRITICAL |
| SQL injection vulnerability found in Judging Management System v.1.0 allows a remote attacker to execute arbitrary code via the crit_id parameter of the edit_criteria.php file. | |||||
| CVE-2023-32306 | 1 Anuko | 1 Time Tracker | 2023-05-24 | N/A | 9.8 CRITICAL |
| Time Tracker is an open source time tracking system. A time-based blind injection vulnerability existed in Time Tracker reports in versions prior to 1.22.13.5792. This was happening because the `reports.php` page was not validating all parameters in POST requests. Because some parameters were not checked, it was possible to craft POST requests with malicious SQL for Time Tracker database. This issue is fixed in version 1.22.13.5792. As a workaround, use the fixed code in `ttReportHelper.class.php` from version 1.22.13.5792. | |||||
| CVE-2019-10692 | 1 Codecabin | 1 Wp Go Maps | 2023-05-23 | 7.5 HIGH | 9.8 CRITICAL |
| In the wp-google-maps plugin before 7.11.18 for WordPress, includes/class.rest-api.php in the REST API does not sanitize field names before a SELECT statement. | |||||
| CVE-2023-31607 | 1 Openlinksw | 1 Virtuoso | 2023-05-23 | N/A | 7.5 HIGH |
| An issue in the __libc_malloc component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | |||||
| CVE-2023-31608 | 1 Openlinksw | 1 Virtuoso | 2023-05-23 | N/A | 7.5 HIGH |
| An issue in the artm_div_int component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | |||||
| CVE-2023-31609 | 1 Openlinksw | 1 Virtuoso | 2023-05-23 | N/A | 7.5 HIGH |
| An issue in the dfe_unit_col_loci component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | |||||