Total
11593 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-3872 | 1 Dlink | 2 Dap-1350, Dap-1350 Firmware | 2023-04-26 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the administration login page in D-Link DAP-1350 (Rev. A1) with firmware 1.14 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password. | |||||
| CVE-2023-27844 | 1 Litextension | 1 Leurlrewrite | 2023-04-26 | N/A | 9.8 CRITICAL |
| SQL injection vulnerability found in PrestaShopleurlrewrite v.1.0 and before allow a remote attacker to gain privileges via the Dispatcher::getController component. | |||||
| CVE-2022-46764 | 2 Microsoft, Trueconf | 2 Windows, Server | 2023-04-26 | N/A | 9.8 CRITICAL |
| A SQL injection issue in the web API in TrueConf Server 5.2.0.10225 allows remote unauthenticated attackers to execute arbitrary SQL commands, ultimately leading to remote code execution. | |||||
| CVE-2022-46763 | 2 Microsoft, Trueconf | 2 Windows, Server | 2023-04-26 | N/A | 8.8 HIGH |
| A SQL injection issue in a database stored function in TrueConf Server 5.2.0.10225 allows a low-privileged database user to execute arbitrary SQL commands as the database administrator, resulting in execution of arbitrary code. | |||||
| CVE-2021-36520 | 1 Washington | 1 I-tech Trainsmart | 2023-04-25 | N/A | 7.5 HIGH |
| A SQL injection vulnerability in I-Tech Trainsmart r1044 exists via a evaluation/assign-evaluation?id= URI. | |||||
| CVE-2023-27610 | 1 Transbank | 1 Transbank Webpay Rest | 2023-04-25 | N/A | 7.2 HIGH |
| Auth. (admin+) SQL Injection (SQLi) vulnerability in TransbankDevelopers Transbank Webpay REST plugin <= 1.6.6 versions. | |||||
| CVE-2023-1723 | 1 Vegayazilim | 1 Mobile Assistant | 2023-04-25 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Veragroup Mobile Assistant allows SQL Injection.This issue affects Mobile Assistant: before 21.S.2343. | |||||
| CVE-2022-45030 | 1 Rconfig | 1 Rconfig | 2023-04-24 | N/A | 8.8 HIGH |
| A SQL injection vulnerability in rConfig 3.9.7 exists via lib/ajaxHandlers/ajaxCompareGetCmdDates.php?command= (this may interact with secure-file-priv). | |||||
| CVE-2022-42245 | 1 Dreamer Cms Project | 1 Dreamer Cms | 2023-04-24 | N/A | 9.8 CRITICAL |
| Dreamer CMS 4.0.01 is vulnerable to SQL Injection. | |||||
| CVE-2023-27667 | 1 Auto Dealer Management System Project | 1 Auto Dealer Management System | 2023-04-21 | N/A | 9.8 CRITICAL |
| Auto Dealer Management System v1.0 was discovered to contain a SQL injection vulnerability. | |||||
| CVE-2023-29598 | 1 Lmxcms | 1 Lmxcms | 2023-04-21 | N/A | 9.8 CRITICAL |
| lmxcms v1.4.1 was discovered to contain a SQL injection vulnerability via the setbook parameter at index.php. | |||||
| CVE-2023-27779 | 1 Amsystem | 1 Am Presencia | 2023-04-21 | N/A | 9.8 CRITICAL |
| AM Presencia v3.7.3 was discovered to contain a SQL injection vulnerability via the user parameter in the login form. | |||||
| CVE-2023-27649 | 1 Bestools | 1 Trusted Tools Free Music | 2023-04-21 | N/A | 7.5 HIGH |
| SQL injection vulnerability found in Trusted Tools Free Music v.2.1.0.47, v.2.0.0.46, v.1.9.1.45, v.1.8.2.43 allows a remote attacker to cause a denial of service via the search history table | |||||
| CVE-2023-29622 | 1 Purchase Order Management Project | 1 Purchase Order Management | 2023-04-20 | N/A | 9.8 CRITICAL |
| Purchase Order Management v1.0 was discovered to contain a SQL injection vulnerability via the password parameter at /purchase_order/admin/login.php. | |||||
| CVE-2023-29626 | 1 Yoga Class Registration System Project | 1 Yoga Class Registration System | 2023-04-20 | N/A | 7.5 HIGH |
| Yoga Class Registration System 1.0 was discovered to contain a SQL injection vulnerability via the cid parameter at /admin/login.php. | |||||
| CVE-2023-27032 | 1 Idnovate | 1 Popup Module \(on Entering\, Exit Popup\, Add Product\) And Newsletter | 2023-04-19 | N/A | 9.8 CRITICAL |
| Prestashop advancedpopupcreator v1.1.21 to v1.1.24 was discovered to contain a SQL injection vulnerability via the component AdvancedPopup::getPopups(). | |||||
| CVE-2023-30465 | 1 Apache | 1 Inlong | 2023-04-18 | N/A | 5.3 MEDIUM |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.5.0. By manipulating the "orderType" parameter and the ordering of the returned content using an SQL injection attack, an attacker can extract the username of the user with ID 1 from the "user" table, one character at a time. Users are advised to upgrade to Apache InLong's 1.6.0 or cherry-pick [1] to solve it. https://programmer.help/blogs/jdbc-deserialization-vulnerability-learning.html [1] https://github.com/apache/inlong/issues/7529 https://github.com/apache/inlong/issues/7529 | |||||
| CVE-2020-36077 | 1 Tailor Mangement System Project | 1 Tailor Mangement System | 2023-04-18 | N/A | 8.8 HIGH |
| SQL injection vulnerability found in Tailor Mangement System v.1 allows a remote attacker to execute arbitrary code via the customer parameter of the orderadd.php file | |||||
| CVE-2022-2807 | 1 Algan | 1 Prens Student Information System | 2023-04-16 | N/A | 9.8 CRITICAL |
| SQL Injection vulnerability in Algan Software Prens Student Information System allows SQL Injection.This issue affects Prens Student Information System: before 2.1.11. | |||||
| CVE-2022-4422 | 1 Bulutses | 1 Bulutdesk Callcenter | 2023-04-16 | N/A | 9.8 CRITICAL |
| Call Center System developed by Bulutses Information Technologies before version 3.0 has an unauthenticated Sql Injection vulnerability. This has been fixed in the version 3.0 | |||||