Total
11593 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-46350 | 1 Innovadeluxe | 1 Manufacturer Or Supplier Alphabetical Search | 2024-02-15 | N/A | 9.8 CRITICAL |
| SQL injection vulnerability in InnovaDeluxe "Manufacturer or supplier alphabetical search" (idxrmanufacturer) module for PrestaShop versions 2.0.4 and before, allows remote attackers to escalate privileges and obtain sensitive information via the methods IdxrmanufacturerFunctions::getCornersLink, IdxrmanufacturerFunctions::getManufacturersLike and IdxrmanufacturerFunctions::getSuppliersLike. | |||||
| CVE-2023-6677 | 1 Oduyo | 1 Online Collection | 2024-02-15 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Oduyo Financial Technology Online Collection allows SQL Injection.This issue affects Online Collection: before v.1.0.2. | |||||
| CVE-2024-0594 | 1 Getawesomesupport | 1 Awesome Support | 2024-02-15 | N/A | 8.8 HIGH |
| The Awesome Support – WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to union-based SQL Injection via the 'q' parameter of the wpas_get_users action in all versions up to, and including, 6.1.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | |||||
| CVE-2024-25216 | 1 Sherlock | 1 Employee Management System | 2024-02-15 | N/A | 9.8 CRITICAL |
| Employee Managment System v1.0 was discovered to contain a SQL injection vulnerability via the mailud parameter at /aprocess.php. | |||||
| CVE-2024-25215 | 1 Sherlock | 1 Employee Management System | 2024-02-15 | N/A | 9.8 CRITICAL |
| Employee Managment System v1.0 was discovered to contain a SQL injection vulnerability via the pwd parameter at /aprocess.php. | |||||
| CVE-2024-25214 | 1 Sherlock | 1 Employee Management System | 2024-02-15 | N/A | 9.8 CRITICAL |
| An issue in Employee Managment System v1.0 allows attackers to bypass authentication via injecting a crafted payload into the E-mail and Password parameters at /alogin.html. | |||||
| CVE-2024-25213 | 1 Sherlock | 1 Employee Management System | 2024-02-15 | N/A | 7.2 HIGH |
| Employee Managment System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /edit.php. | |||||
| CVE-2024-25212 | 1 Sherlock | 1 Employee Management System | 2024-02-15 | N/A | 7.2 HIGH |
| Employee Managment System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /delete.php. | |||||
| CVE-2024-1523 | 2024-02-15 | N/A | 8.8 HIGH | ||
| EC-WEB FS-EZViewer(Web)'s query functionality lacks proper restrictions of user input, allowing remote attackers authenticated as regular user to inject SQL commands for reading, modifying, and deleting database records, as well as executing system commands. Attackers may even leverage the dbo privilege in the database for privilege escalation, elevating their privileges to administrator. | |||||
| CVE-2024-26262 | 2024-02-15 | N/A | 8.8 HIGH | ||
| EBM Technologies Uniweb/SoliPACS WebServer's query functionality lacks proper restrictions of user input, allowing remote attackers authenticated as regular user to inject SQL commands for reading, modifying, and deleting database records, as well as executing system commands. Attackers may even leverage the dbo privilege in the database for privilege escalation, elevating their privileges to administrator . | |||||
| CVE-2024-26264 | 2024-02-15 | N/A | 9.8 CRITICAL | ||
| EBM Technologies RISWEB's specific query function parameter does not properly restrict user input, and this feature page is accessible without login. This allows remote attackers to inject SQL commands without authentication, enabling them to read, modify, and delete database records. | |||||
| CVE-2023-50061 | 1 Store-opart | 1 Op\'art Easy Redirect | 2024-02-15 | N/A | 9.8 CRITICAL |
| PrestaShop Op'art Easy Redirect >= 1.3.8 and <= 1.3.12 is vulnerable to SQL Injection via Oparteasyredirect::hookActionDispatcher(). | |||||
| CVE-2024-23763 | 1 Gambio | 1 Gambio | 2024-02-15 | N/A | 9.8 CRITICAL |
| SQL Injection vulnerability in Gambio through 4.9.2.0 allows attackers to run arbitrary SQL commands via crafted GET request using modifiers[attribute][] parameter. | |||||
| CVE-2024-1207 | 1 Wpbookingcalendar | 1 Booking Calendar | 2024-02-15 | N/A | 9.8 CRITICAL |
| The WP Booking Calendar plugin for WordPress is vulnerable to SQL Injection via the 'calendar_request_params[dates_ddmmyy_csv]' parameter in all versions up to, and including, 9.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | |||||
| CVE-2024-24811 | 1 Zope | 1 Sqlalchemyda | 2024-02-14 | N/A | 9.8 CRITICAL |
| SQLAlchemyDA is a generic database adapter for ZSQL methods. A vulnerability found in versions prior to 2.2 allows unauthenticated execution of arbitrary SQL statements on the database to which the SQLAlchemyDA instance is connected. All users are affected. The problem has been patched in version 2.2. There is no workaround for the problem. | |||||
| CVE-2024-24303 | 1 Hipresta | 1 Gift Wrapping Pro | 2024-02-14 | N/A | 9.8 CRITICAL |
| SQL Injection vulnerability in HiPresta "Gift Wrapping Pro" (hiadvancedgiftwrapping) module for PrestaShop before version 1.4.1, allows remote attackers to escalate privileges and obtain sensitive information via the HiAdvancedGiftWrappingGiftWrappingModuleFrontController::addGiftWrappingCartValue() method. | |||||
| CVE-2023-46914 | 1 Bookingcalendar Project | 1 Bookingcalendar | 2024-02-14 | N/A | 9.8 CRITICAL |
| SQL Injection vulnerability in RM bookingcalendar module for PrestaShop versions 2.7.9 and before, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via ics_export.php. | |||||
| CVE-2022-43086 | 1 Codeastro | 1 Restaurant Pos System | 2024-02-14 | N/A | 4.9 MEDIUM |
| Restaurant POS System v1.0 was discovered to contain a SQL injection vulnerability via update_customer.php. | |||||
| CVE-2024-23603 | 2024-02-14 | N/A | 3.8 LOW | ||
| An SQL injection vulnerability exists in an undisclosed page of the BIG-IP Configuration utility. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | |||||
| CVE-2023-51951 | 1 Stock Management System Project | 1 Stock Management System | 2024-02-14 | N/A | 9.8 CRITICAL |
| SQL Injection vulnerability in Stock Management System 1.0 allows a remote attacker to execute arbitrary code via the id parameter in the manage_bo.php file. | |||||