Total
11593 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-14313 | 1 10web | 1 Photo Gallery | 2023-03-03 | 10.0 HIGH | 9.8 CRITICAL |
| A SQL injection vulnerability exists in the 10Web Photo Gallery plugin before 1.5.31 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via filemanager/model.php. | |||||
| CVE-2021-34249 | 1 Online Book Store Project | 1 Online Book Store | 2023-03-03 | N/A | 7.5 HIGH |
| SQL injection vulnerability in sourcecodester online-book-store 1.0 allows remote attackers to view sensitive information via the id paremeter in application URL. | |||||
| CVE-2023-25813 | 1 Sequelizejs | 1 Sequelize | 2023-03-03 | N/A | 9.8 CRITICAL |
| Sequelize is a Node.js ORM tool. In versions prior to 6.19.1 a SQL injection exploit exists related to replacements. Parameters which are passed through replacements are not properly escaped which can lead to arbitrary SQL injection depending on the specific queries in use. The issue has been fixed in Sequelize 6.19.1. Users are advised to upgrade. Users unable to upgrade should not use the `replacements` and the `where` option in the same query. | |||||
| CVE-2023-25158 | 1 Geotools | 1 Geotools | 2023-03-02 | N/A | 9.8 CRITICAL |
| GeoTools is an open source Java library that provides tools for geospatial data. GeoTools includes support for OGC Filter expression language parsing, encoding and execution against a range of datastore. SQL Injection Vulnerabilities have been found when executing OGC Filters with JDBCDataStore implementations. Users are advised to upgrade to either version 27.4 or to 28.2 to resolve this issue. Users unable to upgrade may disable `encode functions` for PostGIS DataStores or enable `prepared statements` for JDBCDataStores as a partial mitigation. | |||||
| CVE-2022-45677 | 1 Tuition Management System Project | 1 Tuition Management System | 2023-03-02 | N/A | 9.8 CRITICAL |
| SQL Injection Vulnerability in tanujpatra228 Tution Management System (TMS) via the email parameter to processes/student_login.process.php. | |||||
| CVE-2022-45564 | 1 Znfit | 1 Home Improvement Erp Management System | 2023-03-02 | N/A | 9.8 CRITICAL |
| SQL Injection vulnerability in znfit Home improvement ERP management system V50_20220207,v42 allows attackers to execute arbitrary sql commands via the userCode parameter to the wechat applet. | |||||
| CVE-2020-5511 | 1 Small Crm Project | 1 Small Crm | 2023-03-01 | 6.5 MEDIUM | 8.8 HIGH |
| PHPGurukul Small CRM v2.0 was found vulnerable to authentication bypass via SQL injection when logging into the administrator login page. | |||||
| CVE-2019-13573 | 1 Foliovision | 1 Fv Flowplayer Video Player | 2023-03-01 | 10.0 HIGH | 9.8 CRITICAL |
| A SQL injection vulnerability exists in the FolioVision FV Flowplayer Video Player plugin before 7.3.19.727 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system. | |||||
| CVE-2023-24654 | 1 Simple Customer Relationship Management System Project | 1 Simple Customer Relationship Management System | 2023-03-01 | N/A | 8.8 HIGH |
| Simple Customer Relationship Management System v1.0 was discovered to contain a SQL injection vulnerability via the name parameter under the Request a Quote function. | |||||
| CVE-2023-24653 | 1 Simple Customer Relationship Management System Project | 1 Simple Customer Relationship Management System | 2023-03-01 | N/A | 8.8 HIGH |
| Simple Customer Relationship Management System v1.0 was discovered to contain a SQL injection vulnerability via the oldpass parameter under the Change Password function. | |||||
| CVE-2023-24652 | 1 Simple Customer Relationship Management System Project | 1 Simple Customer Relationship Management System | 2023-03-01 | N/A | 8.8 HIGH |
| Simple Customer Relationship Management System v1.0 was discovered to contain a SQL injection vulnerability via the Description parameter under the Create ticket function. | |||||
| CVE-2023-24364 | 1 Simple Customer Relationship Management System Project | 1 Simple Customer Relationship Management System | 2023-03-01 | N/A | 8.8 HIGH |
| Simple Customer Relationship Management System v1.0 was discovered to contain a SQL injection vulnerability via the username parameter under the Admin Panel. | |||||
| CVE-2023-24656 | 1 Simple Customer Relationship Management System Project | 1 Simple Customer Relationship Management System | 2023-03-01 | N/A | 8.8 HIGH |
| Simple Customer Relationship Management System v1.0 was discovered to contain a SQL injection vulnerability via the subject parameter under the Create Ticket function. | |||||
| CVE-2021-33948 | 1 Hotels Server Project | 1 Hotels Server | 2023-02-28 | N/A | 9.8 CRITICAL |
| SQL injection vulnerability in FantasticLBP Hotels Server v1.0 allows attacker to execute arbitrary code via the username parameter. | |||||
| CVE-2023-26093 | 1 Puzzle | 1 Liima | 2023-02-28 | N/A | 9.8 CRITICAL |
| Liima before 1.17.28 allows Hibernate query language (HQL) injection, related to colToSort in the deployment filter. | |||||
| CVE-2023-23279 | 1 Canteen Management System Project | 1 Canteen Management System | 2023-02-28 | N/A | 9.8 CRITICAL |
| Canteen Management System 1.0 is vulnerable to SQL Injection via /php_action/getOrderReport.php. | |||||
| CVE-2021-32441 | 1 Exponentcms | 1 Exponent Cms | 2023-02-28 | N/A | 7.5 HIGH |
| SQL Injection vulnerability in Exponent-CMS v.2.6.0 fixed in 2.7.0 allows attackers to gain access to sensitive information via the selectValue function in the expConfig class. | |||||
| CVE-2019-9918 | 1 Harmistechnology | 1 Je Messenger | 2023-02-28 | 6.4 MEDIUM | 9.1 CRITICAL |
| An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. Input does not get validated and queries are not written in a way to prevent SQL injection. Therefore arbitrary SQL-Statements can be executed in the database. | |||||
| CVE-2023-23007 | 1 Ecisp | 1 Espcms | 2023-02-28 | N/A | 7.2 HIGH |
| An issue was discovered in ESPCMS P8.21120101 after logging in to the background, there is a SQL injection vulnerability in the function node where members are added. | |||||
| CVE-2019-18413 | 1 Typestack Class-validator Project | 1 Typestack Class-validator | 2023-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| In TypeStack class-validator 0.10.2, validate() input validation can be bypassed because certain internal attributes can be overwritten via a conflicting name. Even though there is an optional forbidUnknownValues parameter that can be used to reduce the risk of this bypass, this option is not documented and thus most developers configure input validation in the vulnerable default manner. With this vulnerability, attackers can launch SQL Injection or XSS attacks by injecting arbitrary malicious input. NOTE: a software maintainer agrees with the "is not documented" finding but suggests that much of the responsibility for the risk lies in a different product. | |||||