Total
11593 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-27570 | 1 Prestashop | 1 Eo Tags | 2023-03-24 | N/A | 9.8 CRITICAL |
| The eo_tags package before 1.4.19 for PrestaShop allows SQL injection via a crafted _ga cookie. | |||||
| CVE-2023-28424 | 1 Gentoo | 1 Soko | 2023-03-24 | N/A | 9.8 CRITICAL |
| Soko if the code that powers packages.gentoo.org. Prior to version 1.0.2, the two package search handlers, `Search` and `SearchFeed`, implemented in `pkg/app/handler/packages/search.go`, are affected by a SQL injection via the `q` parameter. As a result, unauthenticated attackers can execute arbitrary SQL queries on `https://packages.gentoo.org/`. It was also demonstrated that primitive was enough to gain code execution in the context of the PostgreSQL container. The issue was addressed in commit `4fa6e4b619c0362728955b6ec56eab0e0cbf1e23y` of version 1.0.2 using prepared statements to interpolate user-controlled data in SQL queries. | |||||
| CVE-2023-1545 | 1 Teampass | 1 Teampass | 2023-03-24 | N/A | 7.5 HIGH |
| SQL Injection in GitHub repository nilsteampassnet/teampass prior to 3.0.0.23. | |||||
| CVE-2023-26905 | 1 Alphaware - Simple E-commerce System Project | 1 Alphaware - Simple E-commerce System | 2023-03-23 | N/A | 9.8 CRITICAL |
| An issue was discovered in Alphaware - Simple E-Commerce System v1.0. There is a SQL injection that can directly issue instructions to the background database system via /alphaware/details.php?id. | |||||
| CVE-2023-27041 | 1 School Registration And Fee System Project | 1 School Registration And Fee System | 2023-03-22 | N/A | 9.8 CRITICAL |
| School Registration and Fee System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at/bilal final/edit_user.php. | |||||
| CVE-2023-28108 | 1 Pimcore | 1 Pimcore | 2023-03-22 | N/A | 7.8 HIGH |
| Pimcore is an open source data and experience management platform. Prior to version 10.5.19, quoting is not done properly in UUID DAO model. There is the theoretical possibility to inject custom SQL if the developer is using this methods with input data and not doing proper input validation in advance and so relies on the auto-quoting being done by the DAO class. Users should update to version 10.5.19 to receive a patch or, as a workaround, apply the patch manually. | |||||
| CVE-2023-26784 | 1 Tosec | 1 Kirin Fortress Machine | 2023-03-22 | N/A | 9.8 CRITICAL |
| SQL Injection vulnerability found in Kirin Fortress Machine v.1.7-2020-0610 allows attackers to execute arbitrary code via the /admin.php?controller=admin_commonuser parameter. | |||||
| CVE-2023-27709 | 1 Dedecms | 1 Dedecms | 2023-03-22 | N/A | 7.2 HIGH |
| SQL injection vulnerability found in DedeCMS v.5.7.106 allows a remote attacker to execute arbitrary code via the rank_* parameter in the /dedestory_catalog.php endpoint. | |||||
| CVE-2023-27707 | 1 Dedecms | 1 Dedecms | 2023-03-22 | N/A | 7.2 HIGH |
| SQL injection vulnerability found in DedeCMS v.5.7.106 allows a remote attacker to execute arbitrary code via the rank_* parameter in the /dede/group_store.php endpoint. | |||||
| CVE-2023-27037 | 1 Qibosoft | 1 Qibocms | 2023-03-22 | N/A | 8.8 HIGH |
| Qibosoft QiboCMS v7 was discovered to contain a remote code execution (RCE) vulnerability via the Get_Title function at label_set_rs.php | |||||
| CVE-2023-27250 | 1 Online Book Store Project Project | 1 Online Book Store Project | 2023-03-21 | N/A | 9.8 CRITICAL |
| Online Book Store Project v1.0 is vulnerable to SQL Injection via /bookstore/bookPerPub.php. | |||||
| CVE-2023-24732 | 1 Simple Customer Relationship Management System Project | 1 Simple Customer Relationship Management System | 2023-03-17 | N/A | 8.8 HIGH |
| Simple Customer Relationship Management System v1.0 as discovered to contain a SQL injection vulnerability via the gender parameter in the user profile update function. | |||||
| CVE-2023-24731 | 1 Simple Customer Relationship Management System Project | 1 Simple Customer Relationship Management System | 2023-03-17 | N/A | 8.8 HIGH |
| Simple Customer Relationship Management System v1.0 as discovered to contain a SQL injection vulnerability via the query parameter in the user profile update function. | |||||
| CVE-2023-24730 | 1 Simple Customer Relationship Management System Project | 1 Simple Customer Relationship Management System | 2023-03-17 | N/A | 8.8 HIGH |
| Simple Customer Relationship Management System v1.0 as discovered to contain a SQL injection vulnerability via the company parameter in the user profile update function. | |||||
| CVE-2023-24729 | 1 Simple Customer Relationship Management System Project | 1 Simple Customer Relationship Management System | 2023-03-17 | N/A | 8.8 HIGH |
| Simple Customer Relationship Management System v1.0 as discovered to contain a SQL injection vulnerability via the address parameter in the user profile update function. | |||||
| CVE-2023-24728 | 1 Simple Customer Relationship Management System Project | 1 Simple Customer Relationship Management System | 2023-03-17 | N/A | 8.8 HIGH |
| Simple Customer Relationship Management System v1.0 as discovered to contain a SQL injection vulnerability via the contact parameter in the user profile update function. | |||||
| CVE-2023-25206 | 1 Prestashop | 1 Advanced Reviews | 2023-03-17 | N/A | 8.8 HIGH |
| PrestaShop ws_productreviews < 3.6.2 is vulnerable to SQL Injection. | |||||
| CVE-2023-27463 | 1 Siemens | 1 Ruggedcom Crossbow | 2023-03-17 | N/A | 8.8 HIGH |
| A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.3). The audit log form of affected applications is vulnerable to SQL injection. This could allow authenticated remote attackers to execute arbitrary SQL queries on the server database. | |||||
| CVE-2023-27052 | 1 Moosikay Project | 1 Moosikay | 2023-03-16 | N/A | 9.8 CRITICAL |
| E-Commerce System v1.0 ws discovered to contain a SQL injection vulnerability via the id parameter at /admin/delete_user.php. | |||||
| CVE-2023-1361 | 1 Bumsys Project | 1 Bumsys | 2023-03-15 | N/A | 6.5 MEDIUM |
| SQL Injection in GitHub repository unilogies/bumsys prior to v2.0.2. | |||||