Total
11593 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-45589 | 1 Talend | 1 Esb Runtime | 2023-04-03 | N/A | 7.2 HIGH |
| All versions before 8.0.1-R2022-10-RT and 7.3.1-R2022-09-RT of the Talend ESB Runtime are potentially vulnerable to SQL Injection attacks in the provisioning service only. Users of the provisioning service should upgrade to either 8.0.1-R2022-10-RT or 7.3.1-R2022-09-RT or a later release and use it in place of the previous version. | |||||
| CVE-2023-27847 | 1 Xipblog Project | 1 Xipblog | 2023-04-01 | N/A | 9.8 CRITICAL |
| SQL injection vulnerability found in PrestaShop xipblog v.2.0.1 and before allow a remote attacker to gain privileges via the xipcategoryclass and xippostsclass components. | |||||
| CVE-2022-45297 | 1 Eq Project | 1 Eq | 2023-03-31 | N/A | 9.8 CRITICAL |
| EQ v1.5.31 to v2.2.0 was discovered to contain a SQL injection vulnerability via the UserPwd parameter. | |||||
| CVE-2023-28437 | 1 Dataease | 1 Dataease | 2023-03-30 | N/A | 9.8 CRITICAL |
| Dataease is an open source data visualization and analysis tool. The blacklist for SQL injection protection is missing entries. This vulnerability has been fixed in version 1.18.5. There are no known workarounds. | |||||
| CVE-2023-24840 | 1 Hgiga | 1 Oaklouds Mailsherlock | 2023-03-30 | N/A | 7.2 HIGH |
| HGiga MailSherlock mail query function has vulnerability of insufficient validation for user input. An authenticated remote attacker with administrator privilege can exploit this vulnerability to inject SQL commands to read, modify, and delete the database. | |||||
| CVE-2023-26864 | 1 Smplredirectionsmanager Project | 1 Smplredirectionsmanager | 2023-03-30 | N/A | 9.8 CRITICAL |
| SQL injection vulnerability found in PrestaShop smplredirectionsmanager v.1.1.19 and before allow a remote attacker to gain privileges via the SmplTools::getMatchingRedirectionsFromPartscomponent. | |||||
| CVE-2023-25350 | 1 Ladybirdweb | 1 Faveo Helpdesk | 2023-03-29 | N/A | 8.8 HIGH |
| Faveo Helpdesk 1.0-1.11.1 is vulnerable to SQL Injection. When the user logs in through the login box, he has no judgment on the validity of the user's input data. The parameters passed from the front end to the back end are controllable, which will lead to SQL injection. | |||||
| CVE-2023-28660 | 1 E-dynamics | 1 Events Made Easy | 2023-03-28 | N/A | 8.8 HIGH |
| The Events Made Easy WordPress Plugin, version <= 2.3.14 is affected by an authenticated SQL injection vulnerability in the 'search_name' parameter in the eme_recurrences_list action. | |||||
| CVE-2023-27034 | 1 Joommasters | 1 Jms Blog | 2023-03-28 | N/A | 9.8 CRITICAL |
| PrestaShop jmsblog 2.5.5 was discovered to contain a SQL injection vulnerability. | |||||
| CVE-2023-24655 | 1 Simple Customer Relationship Management System Project | 1 Simple Customer Relationship Management System | 2023-03-28 | N/A | 9.8 CRITICAL |
| Simple Customer Relationship Management System v1.0 was discovered to contain a SQL injection vulnerability via the name parameter under the Profile Update function. | |||||
| CVE-2023-28663 | 1 Formidablepro2pdf | 1 Formidable Pro2pdf | 2023-03-28 | N/A | 8.8 HIGH |
| The Formidable PRO2PDF WordPress Plugin, version < 3.11, is affected by an authenticated SQL injection vulnerability in the ‘fieldmap’ parameter in the fpropdf_export_file action. | |||||
| CVE-2023-28662 | 1 Codemenschen | 1 Gift Vouchers | 2023-03-28 | N/A | 9.8 CRITICAL |
| The Gift Cards (Gift Vouchers and Packages) WordPress Plugin, version <= 4.3.1, is affected by an unauthenticated SQL injection vulnerability in the template parameter in the wpgv_doajax_voucher_pdf_save_func action. | |||||
| CVE-2023-28659 | 1 Plugin | 1 Waiting | 2023-03-28 | N/A | 8.8 HIGH |
| The Waiting: One-click Countdowns WordPress Plugin, version <= 0.6.2, is affected by an authenticated SQL injection vulnerability in the pbc_down[meta][id] parameter of the pbc_save_downs action. | |||||
| CVE-2023-25223 | 1 Crmeb | 1 Crmeb Java | 2023-03-28 | N/A | 7.2 HIGH |
| CRMEB <=1.3.4 is vulnerable to SQL Injection via /api/admin/user/list. | |||||
| CVE-2023-28661 | 1 Accesspressthemes | 1 Wp Popup Banners | 2023-03-28 | N/A | 8.8 HIGH |
| The WP Popup Banners WordPress Plugin, version <= 1.2.5, is affected by an authenticated SQL injection vulnerability in the 'value' parameter in the get_popup_data action. | |||||
| CVE-2023-28438 | 1 Pimcore | 1 Pimcore | 2023-03-27 | N/A | 8.0 HIGH |
| Pimcore is an open source data and experience management platform. Prior to version 10.5.19, since a user with 'report' permission can already write arbitrary SQL queries and given the fact that this endpoint is using the GET method (no CSRF protection), an attacker can inject an arbitrary query by manipulating a user to click on a link. Users should upgrade to version 10.5.19 to receive a patch or, as a workaround, may apply the patch manually. | |||||
| CVE-2022-26986 | 1 Impresscms | 1 Impresscms | 2023-03-27 | 8.5 HIGH | 7.2 HIGH |
| SQL Injection in ImpressCMS 1.4.3 and earlier allows remote attackers to inject into the code in unintended way, this allows an attacker to read and modify the sensitive information from the database used by the application. If misconfigured, an attacker can even upload a malicious web shell to compromise the entire system. | |||||
| CVE-2023-24258 | 1 Spip | 1 Spip | 2023-03-24 | N/A | 9.8 CRITICAL |
| SPIP v4.1.5 and earlier was discovered to contain a SQL injection vulnerability via the _oups parameter. This vulnerability allows attackers to execute arbitrary code via a crafted POST request. | |||||
| CVE-2023-1578 | 1 Pimcore | 1 Pimcore | 2023-03-24 | N/A | 8.8 HIGH |
| SQL Injection in GitHub repository pimcore/pimcore prior to 10.5.19. | |||||
| CVE-2023-27569 | 1 Prestashop | 1 Eo Tags | 2023-03-24 | N/A | 9.8 CRITICAL |
| The eo_tags package before 1.3.0 for PrestaShop allows SQL injection via an HTTP User-Agent or Referer header. | |||||