Total
11593 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-23966 | 1 Victor Cms Project | 1 Victor Cms | 2023-05-12 | N/A | 9.8 CRITICAL |
| SQL Injection vulnerability in victor cms 1.0 allows attackers to execute arbitrary commands via the post parameter to /post.php in a crafted GET request. | |||||
| CVE-2023-30018 | 1 Judging Management System Project | 1 Judging Management System | 2023-05-11 | N/A | 9.8 CRITICAL |
| Judging Management System v1.0 is vulnerable to SQL Injection. via /php-jms/review_se_result.php?mainevent_id=. | |||||
| CVE-2023-24788 | 1 Notrinos | 1 Notrinoserp | 2023-05-11 | N/A | 8.8 HIGH |
| NotrinosERP v0.7 was discovered to contain a SQL injection vulnerability via the OrderNumber parameter at /NotrinosERP/sales/customer_delivery.php. | |||||
| CVE-2023-30242 | 1 Netentsec | 1 Application Security Gateway | 2023-05-11 | N/A | 9.8 CRITICAL |
| NS-ASG v6.3 was discovered to contain a SQL injection vulnerability via the component /admin/add_ikev2.php. | |||||
| CVE-2023-30243 | 1 Netentsec | 1 Application Security Gateway | 2023-05-11 | N/A | 7.5 HIGH |
| Beijing Netcon NS-ASG Application Security Gateway v6.3 is vulnerable to SQL Injection via TunnelId that allows access to sensitive information. | |||||
| CVE-2023-30203 | 1 Judging Management System Project | 1 Judging Management System | 2023-05-10 | N/A | 9.8 CRITICAL |
| Judging Management System v1.0 was discovered to contain a SQL injection vulnerability via the event_id parameter at /php-jms/result_sheet.php. | |||||
| CVE-2023-23470 | 1 Ibm | 1 I | 2023-05-10 | N/A | 7.2 HIGH |
| IBM i 7.2, 7.3, 7.4, and 7.5 could allow an authenticated privileged administrator to gain elevated privileges in non-default configurations, as a result of improper SQL processing. By using a specially crafted SQL operation, the administrator could exploit the vulnerability to perform additional administrator operations. IBM X-Force ID: 244510. | |||||
| CVE-2023-27568 | 1 Spryker | 1 Commerce Os | 2023-05-10 | N/A | 8.8 HIGH |
| SQL injection vulnerability inSpryker Commerce OS 0.9 that allows for access to sensitive data via customer/order?orderSearchForm[searchText]= | |||||
| CVE-2023-30077 | 1 Judging Management System Project | 1 Judging Management System | 2023-05-10 | N/A | 9.8 CRITICAL |
| Judging Management System v1.0 by oretnom23 was discovered to vulnerable to SQL injection via /php-jms/review_result.php?mainevent_id=, mainevent_id. | |||||
| CVE-2023-31433 | 1 Evasys | 1 Evasys | 2023-05-09 | N/A | 8.8 HIGH |
| A SQL injection issue in Logbuch in evasys before 8.2 Build 2286 and 9.x before 9.0 Build 2401 allows authenticated attackers to execute SQL statements via the welche parameter. | |||||
| CVE-2023-30204 | 1 Judging Management System Project | 1 Judging Management System | 2023-05-09 | N/A | 9.8 CRITICAL |
| Judging Management System v1.0 was discovered to contain a SQL injection vulnerability via the judge_id parameter at /php-jms/edit_judge.php. | |||||
| CVE-2023-30850 | 1 Pimcore | 1 Pimcore | 2023-05-09 | N/A | 8.8 HIGH |
| Pimcore is an open source data and experience management platform. Prior to version 10.5.21, a SQL Injection vulnerability exists in the admin translations API. Users should update to version 10.5.21 to receive a patch or, as a workaround, or apply the patch manually. | |||||
| CVE-2023-26813 | 1 Wang.market | 1 Wangmarket Cms | 2023-05-09 | N/A | 9.8 CRITICAL |
| SQL injection vulnerability in com.xnx3.wangmarket.plugin.dataDictionary.controller.DataDictionaryPluginController.java in wangmarket CMS 4.10 allows remote attackers to run arbitrary SQL commands via the TableName parameter to /plugin/dataDictionary/tableView.do. | |||||
| CVE-2023-26781 | 1 Chshcms | 1 Mccms | 2023-05-08 | N/A | 9.8 CRITICAL |
| SQL injection vulnerability in mccms 2.6 allows remote attackers to run arbitrary SQL commands via Author Center ->Reader Comments ->Search. | |||||
| CVE-2012-5872 | 1 Arc2 Project | 1 Arc2 | 2023-05-05 | N/A | 9.8 CRITICAL |
| ARC (aka ARC2) through 2011-12-01 allows blind SQL Injection in getTriplePatternSQL in ARC2_StoreSelectQueryHandler.php via comments in a SPARQL WHERE clause. | |||||
| CVE-2023-30849 | 1 Pimcore | 1 Pimcore | 2023-05-05 | N/A | 8.8 HIGH |
| Pimcore is an open source data and experience management platform. Prior to version 10.5.21, A SQL injection vulnerability exists in the translation export API. Users should update to version 10.5.21 to receive a patch or, as a workaround, or apply the patch manually. | |||||
| CVE-2023-30848 | 1 Pimcore | 1 Pimcore | 2023-05-05 | N/A | 8.8 HIGH |
| Pimcore is an open source data and experience management platform. Prior to version 10.5.21, the admin search find API has a SQL injection vulnerability. Users should upgrade to version 10.5.21 to receive a patch or, as a workaround, apply the patch manually. | |||||
| CVE-2023-2338 | 1 Pimcore | 1 Pimcore | 2023-05-04 | N/A | 8.8 HIGH |
| SQL Injection in GitHub repository pimcore/pimcore prior to 10.5.21. | |||||
| CVE-2023-30112 | 1 Medicine Tracker System Project | 1 Medicine Tracker System | 2023-05-04 | N/A | 7.5 HIGH |
| Medicine Tracker System in PHP 1.0.0 is vulnerable to SQL Injection. | |||||
| CVE-2023-30545 | 1 Prestashop | 1 Prestashop | 2023-05-04 | N/A | 6.5 MEDIUM |
| PrestaShop is an Open Source e-commerce web application. Prior to versions 8.0.4 and 1.7.8.9, it is possible for a user with access to the SQL Manager (Advanced Options -> Database) to arbitrarily read any file on the operating system when using SQL function `LOAD_FILE` in a `SELECT` request. This gives the user access to critical information. A patch is available in PrestaShop 8.0.4 and PS 1.7.8.9 | |||||