Total
11593 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-2717 | 1 Beardev | 1 Joomsport | 2024-01-11 | N/A | 4.9 MEDIUM |
| The JoomSport – for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter on the joomsport-events-form page in versions up to, and including, 5.2.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrative privileges, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | |||||
| CVE-2023-41287 | 1 Qnap | 1 Video Station | 2024-01-10 | N/A | 8.8 HIGH |
| A SQL injection vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow users to inject malicious code via a network. We have already fixed the vulnerability in the following version: Video Station 5.7.2 ( 2023/11/23 ) and later | |||||
| CVE-2023-47219 | 1 Qnap | 1 Qumagie | 2024-01-10 | N/A | 8.8 HIGH |
| A SQL injection vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: QuMagie 2.2.1 and later | |||||
| CVE-2023-49622 | 1 Kashipara | 1 Billing Software | 2024-01-10 | N/A | 9.8 CRITICAL |
| Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'itemnameid' parameter of the material_bill.php?action=itemRelation resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2023-49624 | 1 Kashipara | 1 Billing Software | 2024-01-10 | N/A | 9.8 CRITICAL |
| Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'cancelid' parameter of the material_bill.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2023-49625 | 1 Kashipara | 1 Billing Software | 2024-01-10 | N/A | 9.8 CRITICAL |
| Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'id' parameter of the partylist_edit_submit.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2023-49633 | 1 Kashipara | 1 Billing Software | 2024-01-10 | N/A | 9.8 CRITICAL |
| Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'buyer_address' parameter of the buyer_detail_submit.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2023-49639 | 1 Kashipara | 1 Billing Software | 2024-01-10 | N/A | 9.8 CRITICAL |
| Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'customer_details' parameter of the buyer_invoice_submit.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2023-49658 | 1 Kashipara | 1 Billing Software | 2024-01-10 | N/A | 9.8 CRITICAL |
| Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'bank_details' parameter of the party_submit.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2023-49665 | 1 Kashipara | 1 Billing Software | 2024-01-10 | N/A | 9.8 CRITICAL |
| Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'quantity[]' parameter of the submit_delivery_list.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2023-49666 | 1 Kashipara | 1 Billing System | 2024-01-10 | N/A | 9.8 CRITICAL |
| Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'custmer_details' parameter of the submit_material_list.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2023-50743 | 1 Kashipara | 1 Online Notice Board System | 2024-01-10 | N/A | 9.8 CRITICAL |
| Online Notice Board System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'dd' parameter of the registration.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2023-50752 | 1 Kashipara | 1 Online Notice Board System | 2024-01-10 | N/A | 9.8 CRITICAL |
| Online Notice Board System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'e' parameter of the login.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2023-50753 | 1 Kashipara | 1 Online Notice Board System | 2024-01-10 | N/A | 9.8 CRITICAL |
| Online Notice Board System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'dd' parameter of the user/update_profile.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2023-50862 | 1 Kashipara | 1 Travel Website | 2024-01-10 | N/A | 9.8 CRITICAL |
| Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'hotelIDHidden' parameter of the booking.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2023-50863 | 1 Kashipara | 1 Travel Website | 2024-01-10 | N/A | 9.8 CRITICAL |
| Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'hotelIDHidden' parameter of the generateReceipt.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2023-50864 | 1 Kashipara | 1 Travel Website | 2024-01-10 | N/A | 9.8 CRITICAL |
| Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'hotelId' parameter of the hotelDetails.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2023-50865 | 1 Kashipara | 1 Travel Website | 2024-01-10 | N/A | 9.8 CRITICAL |
| Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'city' parameter of the hotelSearch.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2023-50866 | 1 Kashipara | 1 Travel Website | 2024-01-10 | N/A | 9.8 CRITICAL |
| Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the loginAction.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2023-50867 | 1 Kashipara | 1 Travel Website | 2024-01-10 | N/A | 9.8 CRITICAL |
| Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the signupAction.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||