Total
11593 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-20915 | 1 Publiccms | 1 Publiccms | 2023-04-07 | N/A | 9.8 CRITICAL |
| SQL Injection vulnerability found in PublicCMS v.4.0 allows a remote attacker to execute arbitrary code via sql parameter of the the SysSiteAdminControl. | |||||
| CVE-2020-20914 | 1 Publiccms | 1 Publiccms | 2023-04-07 | N/A | 9.8 CRITICAL |
| SQL Injection vulnerability found in San Luan PublicCMS v.4.0 allows a remote attacker to execute arbitrary code via the sql parameter. | |||||
| CVE-2020-20913 | 1 Mingsoft | 1 Mcms | 2023-04-07 | N/A | 9.8 CRITICAL |
| SQL Injection vulnerability found in Ming-Soft MCMS v.4.7.2 allows a remote attacker to execute arbitrary code via basic_title parameter. | |||||
| CVE-2023-26858 | 1 Myprestamodules | 1 Frequently Asked Questions Page | 2023-04-07 | N/A | 9.8 CRITICAL |
| SQL injection vulnerability found in PrestaSHp faqs v.3.1.6 allows a remote attacker to escalate privileges via the faqsBudgetModuleFrontController::displayAjaxGenerateBudget component. | |||||
| CVE-2022-46021 | 1 X-man Project | 1 X-man | 2023-04-07 | N/A | 7.5 HIGH |
| X-Man 1.0 has a SQL injection vulnerability, which can cause data leakage. | |||||
| CVE-2022-40347 | 1 Intern Record System Project | 1 Intern Record System | 2023-04-06 | N/A | 9.8 CRITICAL |
| SQL Injection vulnerability in Intern Record System version 1.0 in /intern/controller.php in 'phone', 'email', 'deptType' and 'name' parameters, allows attackers to execute arbitrary code and gain sensitive information. | |||||
| CVE-2022-40032 | 1 Simple Task Managing System Project | 1 Simple Task Managing System | 2023-04-06 | N/A | 9.8 CRITICAL |
| SQL Injection vulnerability in Simple Task Managing System version 1.0 in login.php in 'username' and 'password' parameters, allows attackers to execute arbitrary code and gain sensitive information. | |||||
| CVE-2022-42427 | 1 Centreon | 1 Centreon | 2023-04-06 | N/A | 8.8 HIGH |
| This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the contact groups configuration page. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to escalate privileges to the level of an administrator. Was ZDI-CAN-18541. | |||||
| CVE-2022-42426 | 1 Centreon | 1 Centreon | 2023-04-06 | N/A | 8.8 HIGH |
| This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of requests to modify poller broker configuration. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to escalate privileges to the level of an administrator. Was ZDI-CAN-18554. | |||||
| CVE-2022-42425 | 1 Centreon | 1 Centreon | 2023-04-06 | N/A | 8.8 HIGH |
| This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of requests to modify poller broker configuration. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to escalate privileges to the level of an administrator. Was ZDI-CAN-18555. | |||||
| CVE-2022-42424 | 1 Centreon | 1 Centreon | 2023-04-06 | N/A | 8.8 HIGH |
| This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of requests to modify poller broker configuration. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to escalate privileges to the level of an administrator. Was ZDI-CAN-18556. | |||||
| CVE-2022-36979 | 1 Ivanti | 1 Avalanche | 2023-04-06 | N/A | 9.8 CRITICAL |
| This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the AvalancheDaoSupport class. A crafted request can trigger execution of SQL queries composed from a user-supplied string. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-15493. | |||||
| CVE-2022-36976 | 1 Ivanti | 1 Avalanche | 2023-04-05 | N/A | 9.8 CRITICAL |
| This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. The specific flaw exists within the GroupDaoImpl class. A crafted request can trigger execution of SQL queries composed from a user-supplied string. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-15333. | |||||
| CVE-2022-36975 | 1 Ivanti | 1 Avalanche | 2023-04-05 | N/A | 9.8 CRITICAL |
| This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. The specific flaw exists within the ProfileDaoImpl class. A crafted request can trigger execution of SQL queries composed from a user-supplied string. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-15332. | |||||
| CVE-2022-36973 | 1 Ivanti | 1 Avalanche | 2023-04-05 | N/A | 8.8 HIGH |
| This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the ProfileDaoImpl class. A crafted request can trigger execution of SQL queries composed from a user-supplied string. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-15329. | |||||
| CVE-2022-36972 | 1 Ivanti | 1 Avalanche | 2023-04-05 | N/A | 9.8 CRITICAL |
| This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. The specific flaw exists within the ProfileDaoImpl class. A crafted request can trigger execution of SQL queries composed from a user-supplied string. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-15328. | |||||
| CVE-2022-42429 | 1 Centreon | 1 Centreon | 2023-04-05 | N/A | 8.8 HIGH |
| This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of requests to modify poller broker configuration. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to escalate privileges to the level of an administrator. Was ZDI-CAN-18557. | |||||
| CVE-2023-27167 | 1 Supremainc | 1 Biostar 2 | 2023-04-05 | N/A | 6.5 MEDIUM |
| Suprema BioStar 2 v2.8.16 was discovered to contain a SQL injection vulnerability via the values parameter at /users/absence?search_month=1. | |||||
| CVE-2023-23488 | 1 Strangerstudios | 1 Paid Memberships Pro | 2023-04-03 | N/A | 9.8 CRITICAL |
| The Paid Memberships Pro WordPress Plugin, version < 2.9.8, is affected by an unauthenticated SQL injection vulnerability in the 'code' parameter of the '/pmpro/v1/order' REST route. | |||||
| CVE-2022-31056 | 1 Glpi-project | 1 Glpi | 2023-04-03 | 7.5 HIGH | 9.8 CRITICAL |
| GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In affected versions all assistance forms (Ticket/Change/Problem) permit sql injection on the actor fields. This issue has been resolved in version 10.0.2 and all affected users are advised to upgrade. | |||||