Total
11593 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-13575 | 1 Wpeverest | 1 Everest Forms | 2023-02-27 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL injection vulnerability exists in WPEverest Everest Forms plugin for WordPress through 1.4.9. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via includes/evf-entry-functions.php | |||||
| CVE-2020-25905 | 1 Mobile Shop System Project | 1 Mobile Shop System | 2023-02-27 | 7.5 HIGH | 9.8 CRITICAL |
| An SQL Injection vulnerabilty exists in Sourcecodester Mobile Shop System in PHP MySQL 1.0 via the email parameter in (1) login.php or (2) LoginAsAdmin.php. | |||||
| CVE-2023-24219 | 1 Luckyframe | 1 Luckyframeweb | 2023-02-25 | N/A | 9.8 CRITICAL |
| LuckyframeWEB v3.5 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /system/UserMapper.xml. | |||||
| CVE-2023-24220 | 1 Luckyframe | 1 Luckyframeweb | 2023-02-25 | N/A | 9.8 CRITICAL |
| LuckyframeWEB v3.5 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /system/RoleMapper.xml. | |||||
| CVE-2023-24221 | 1 Luckyframe | 1 Luckyframeweb | 2023-02-25 | N/A | 9.8 CRITICAL |
| LuckyframeWEB v3.5 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /system/DeptMapper.xml. | |||||
| CVE-2019-13572 | 1 Adenion | 1 Blog2social | 2023-02-24 | 7.5 HIGH | 9.8 CRITICAL |
| The Adenion Blog2Social plugin through 5.5.0 for WordPress allows SQL Injection. | |||||
| CVE-2019-14695 | 1 Sygnoos | 1 Popup Builder | 2023-02-24 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL injection vulnerability exists in the Sygnoos Popup Builder plugin before 3.45 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via com/libs/Table.php because Subscribers Table ordering is mishandled. | |||||
| CVE-2015-9333 | 1 Cformsii Project | 1 Cformsii | 2023-02-24 | 7.5 HIGH | 9.8 CRITICAL |
| The cforms2 plugin before 14.6.10 for WordPress has SQL injection. | |||||
| CVE-2019-12239 | 1 Wpbookingsystem | 1 Wp Booking System | 2023-02-24 | 6.5 MEDIUM | 7.2 HIGH |
| The WP Booking System plugin 1.5.1 for WordPress has no CSRF protection, which allows attackers to reach certain SQL injection issues that require administrative access. | |||||
| CVE-2023-23459 | 2 Microsoft, Priority-software | 2 Windows, Priority | 2023-02-24 | N/A | 9.8 CRITICAL |
| Priority Windows may allow Command Execution via SQL Injection using an unspecified method. | |||||
| CVE-2020-23685 | 1 Vtimecn | 1 188jianzhan | 2023-02-24 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection vulnerability in 188Jianzhan v2.1.0, allows attackers to execute arbitrary code and gain escalated privileges, via the username parameter to login.php. | |||||
| CVE-2022-23305 | 5 Apache, Broadcom, Netapp and 2 more | 28 Log4j, Brocade Sannav, Snapmanager and 25 more | 2023-02-24 | 6.8 MEDIUM | 9.8 CRITICAL |
| By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. The message converter, %m, is likely to always be included. This allows attackers to manipulate the SQL by entering crafted strings into input fields or headers of an application that are logged allowing unintended SQL queries to be executed. Note this issue only affects Log4j 1.x when specifically configured to use the JDBCAppender, which is not the default. Beginning in version 2.0-beta8, the JDBCAppender was re-introduced with proper support for parameterized SQL queries and further customization over the columns written to in logs. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions. | |||||
| CVE-2022-47770 | 1 Serinf | 1 Fast Checkin | 2023-02-23 | N/A | 9.8 CRITICAL |
| Serenissima Informatica Fast Checkin version v1.0 is vulnerable to Unauthenticated SQL Injection. | |||||
| CVE-2022-38868 | 1 Ehoney Project | 1 Ehoney | 2023-02-23 | N/A | 7.2 HIGH |
| SQL Injection vulnerability in Ehoney version 2.0.0 in models/protocol.go and models/images.go, allows attackers to execute arbitrary code. | |||||
| CVE-2021-38239 | 1 Dataease | 1 Dataease | 2023-02-23 | N/A | 7.5 HIGH |
| SQL Injection vulnerability in dataease before 1.2.0, allows attackers to gain sensitive information via the orders parameter to /api/sys_msg/list/1/10. | |||||
| CVE-2022-38867 | 1 Rttys Project | 1 Rttys | 2023-02-23 | N/A | 8.8 HIGH |
| SQL Injection vulnerability in rttys versions 4.0.0, 4.0.1, and 4.0.2 in api.go, allows attackers to execute arbitrary code. | |||||
| CVE-2020-21120 | 1 Uqcms | 1 Uqcms | 2023-02-23 | N/A | 9.8 CRITICAL |
| SQL Injection vulnerability in file home\controls\cart.class.php in UQCMS 2.1.3, allows attackers execute arbitrary commands via the cookie_cart parameter to /index.php/cart/num. | |||||
| CVE-2021-33925 | 1 Cms-corephp Project | 1 Cms-corephp | 2023-02-23 | N/A | 9.8 CRITICAL |
| SQL Injection vulnerability in nitinparashar30 cms-corephp through commit bdabe52ef282846823bda102728a35506d0ec8f9 (May 19, 2021) allows unauthenticated attackers to gain escilated privledges via a crafted login. | |||||
| CVE-2021-34117 | 1 Seopanel | 1 Seo Panel | 2023-02-23 | N/A | 7.5 HIGH |
| SQL Injection vulnerability in SEO Panel 4.9.0 in api/user.api.php in function getUserName in the username parameter, allows attackers to gain sensitive information. | |||||
| CVE-2020-21119 | 1 Kliqqi | 1 Kliqqi Cms | 2023-02-23 | N/A | 9.8 CRITICAL |
| SQL Injection vulnerability in Kliqqi-CMS 2.0.2 in admin/admin_update_module_widgets.php in recordIDValue parameter, allows attackers to gain escalated privileges and execute arbitrary code. | |||||