Total
11593 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-36433 | 1 Jocms Project | 1 Jocms | 2023-02-10 | N/A | 9.1 CRITICAL |
| SQL injection vulnerability in jocms 0.8 allows remote attackers to run arbitrary SQL commands and view sentivie information via jo_delete_mask function in jocms/apps/mask/mask.php. | |||||
| CVE-2021-36432 | 1 Jocms Project | 1 Jocms | 2023-02-10 | N/A | 7.5 HIGH |
| SQL injection vulnerability in jocms 0.8 allows remote attackers to run arbitrary SQL commands and view sentivie information via jo_set_mask() function in jocms/apps/mask/mask.php. | |||||
| CVE-2021-36484 | 1 Jizhicms | 1 Jizhicms | 2023-02-10 | N/A | 9.8 CRITICAL |
| SQL injection vulnerability in JIZHICMS 1.9.5 allows attackers to run arbitrary SQL commands via add or edit article page. | |||||
| CVE-2021-36503 | 1 Native-php-cms Project | 1 Native-php-cms | 2023-02-10 | N/A | 9.8 CRITICAL |
| SQL injection vulnerability in native-php-cms 1.0 allows remote attackers to run arbitrary SQL commands via the cat parameter to /list.php file. | |||||
| CVE-2021-37316 | 1 Asus | 2 Rt-ac68u, Rt-ac68u Firmware | 2023-02-10 | N/A | 7.5 HIGH |
| SQL injection vulnerability in Cloud Disk in ASUS RT-AC68U router firmware version before 3.0.0.4.386.41634 allows remote attackers to view sensitive information via /etc/shadow. | |||||
| CVE-2021-37497 | 1 Pbootcms | 1 Pbootcms | 2023-02-10 | N/A | 9.8 CRITICAL |
| SQL injection vulnerability in route of PbootCMS 3.0.5 allows remote attackers to run arbitrary SQL commands via crafted GET request. | |||||
| CVE-2022-46965 | 1 202-ecommerce | 1 Administrative Mandate | 2023-02-09 | N/A | 8.8 HIGH |
| PrestaShop module, totadministrativemandate before v1.7.1 was discovered to contain a SQL injection vulnerability. | |||||
| CVE-2022-48114 | 1 Ruoyi | 1 Ruoyi | 2023-02-09 | N/A | 9.8 CRITICAL |
| RuoYi up to v4.7.5 was discovered to contain a SQL injection vulnerability via the component /tool/gen/createTable. | |||||
| CVE-2022-48082 | 1 Easyone | 1 Easyone Crm | 2023-02-09 | N/A | 9.8 CRITICAL |
| Easyone CRM v5.50.02 was discovered to contain a SQL Injection vulnerability via the text parameter at /Services/Misc.asmx/SearchTag. | |||||
| CVE-2023-24241 | 1 Forget Heart Message Box Project | 1 Forget Heart Message Box | 2023-02-07 | N/A | 9.8 CRITICAL |
| Forget Heart Message Box v1.1 was discovered to contain a SQL injection vulnerability via the name parameter at /admin/loginpost.php. | |||||
| CVE-2023-24956 | 1 Forget Heart Message Box Project | 1 Forget Heart Message Box | 2023-02-07 | N/A | 8.8 HIGH |
| Forget Heart Message Box v1.1 was discovered to contain a SQL injection vulnerability via the name parameter at /cha.php. | |||||
| CVE-2022-47780 | 1 Bangresto Project | 1 Bangresto | 2023-02-07 | N/A | 9.8 CRITICAL |
| SQL Injection vulnerability in Bangresto 1.0 via the itemID parameter. | |||||
| CVE-2023-22900 | 1 Thinkingsoftware | 1 Efence | 2023-02-07 | N/A | 9.8 CRITICAL |
| Efence login function has insufficient validation for user input. An unauthenticated remote attacker can exploit this vulnerability to inject arbitrary SQL commands to access, modify or delete database. | |||||
| CVE-2019-13578 | 1 Givewp | 1 Givewp | 2023-02-06 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL injection vulnerability exists in the Impress GiveWP Give plugin through 2.5.0 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via includes/payments/class-payments-query.php. | |||||
| CVE-2021-40961 | 1 Cmsmadesimple | 1 Cms Made Simple | 2023-02-06 | 6.5 MEDIUM | 8.8 HIGH |
| CMS Made Simple <=2.2.15 is affected by SQL injection in modules/News/function.admin_articlestab.php. The $sortby variable is concatenated with $query1, but it is possible to inject arbitrary SQL language without using the '. | |||||
| CVE-2023-22324 | 1 Contec | 1 Conprosys Hmi System | 2023-02-06 | N/A | 6.5 MEDIUM |
| SQL injection vulnerability in the CONPROSYS HMI System (CHS) Ver.3.5.0 and earlier allows a remote authenticated attacker to execute an arbitrary SQL command. As a result, information stored in the database may be obtained. | |||||
| CVE-2019-13571 | 1 Vsourz | 1 Advanced Cf7 Db | 2023-02-06 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL injection vulnerability exists in the Vsourz Digital Advanced CF7 DB plugin through 1.6.1 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system. | |||||
| CVE-2022-44298 | 1 Sscms | 1 Siteserver Cms | 2023-02-04 | N/A | 9.8 CRITICAL |
| SiteServer CMS 7.1.3 is vulnerable to SQL Injection. | |||||
| CVE-2022-48011 | 1 Opencats | 1 Opencats | 2023-02-04 | N/A | 9.8 CRITICAL |
| Opencats v0.9.7 was discovered to contain a SQL injection vulnerability via the importID parameter in the Import viewerrors function. | |||||
| CVE-2019-15016 | 1 Zingbox | 1 Inspector | 2023-02-04 | 6.5 MEDIUM | 8.8 HIGH |
| An SQL injection vulnerability exists in the management interface of Zingbox Inspector versions 1.288 and earlier, that allows for unsanitized data provided by an authenticated user to be passed from the web UI into the database. | |||||