Total
11593 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-50846 | 1 Metagauss | 1 Registrationmagic | 2024-01-04 | N/A | 7.2 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RegistrationMagic RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login.This issue affects RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login: from n/a through 5.2.4.5. | |||||
| CVE-2023-50847 | 1 Collne | 1 Welcart E-commerce | 2024-01-04 | N/A | 7.2 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Collne Inc. Welcart e-Commerce.This issue affects Welcart e-Commerce: from n/a through 2.9.3. | |||||
| CVE-2023-50838 | 1 Basixonline | 1 Nex-forms | 2024-01-04 | N/A | 7.2 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Basix NEX-Forms – Ultimate Form Builder – Contact forms and much more.This issue affects NEX-Forms – Ultimate Form Builder – Contact forms and much more: from n/a through 8.5.5. | |||||
| CVE-2023-50839 | 1 Wiselyhub | 1 Js Help Desk | 2024-01-04 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin.This issue affects JS Help Desk – Best Help Desk & Support Plugin: from n/a through 2.8.1. | |||||
| CVE-2023-4671 | 1 Talentyazilim | 1 Ecop | 2024-01-04 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Talent Software ECOP allows Command Line Execution through SQL Injection.This issue affects ECOP: before 32255. | |||||
| CVE-2023-52082 | 1 Lycheeorg | 1 Lychee | 2024-01-04 | N/A | 9.8 CRITICAL |
| Lychee is a free photo-management tool. Prior to 5.0.2, Lychee is vulnerable to an SQL injection on any binding when using mysql/mariadb. This injection is only active for users with the `.env` settings set to DB_LOG_SQL=true and DB_LOG_SQL_EXPLAIN=true. The defaults settings of Lychee are safe. The patch is provided on version 5.0.2. To work around this issue, disable SQL EXPLAIN logging. | |||||
| CVE-2023-50856 | 1 Funnelkit | 1 Funnel Builder | 2024-01-04 | N/A | 7.2 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in FunnelKit Funnel Builder for WordPress by FunnelKit – Customize WooCommerce Checkout Pages, Create Sales Funnels & Maximize Profits.This issue affects Funnel Builder for WordPress by FunnelKit – Customize WooCommerce Checkout Pages, Create Sales Funnels & Maximize Profits: from n/a through 2.14.3. | |||||
| CVE-2023-50857 | 1 Funnelkit | 1 Funnelkit Automations | 2024-01-04 | N/A | 7.2 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in FunnelKit Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit.This issue affects Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit: from n/a through 2.6.1. | |||||
| CVE-2023-50848 | 1 Ajexperience | 1 404 Solution | 2024-01-04 | N/A | 7.2 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Aaron J 404 Solution.This issue affects 404 Solution: from n/a through 2.34.0. | |||||
| CVE-2023-50851 | 1 Nsqua | 1 Simply Schedule Appointments | 2024-01-04 | N/A | 7.2 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in N Squared Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin.This issue affects Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin: from n/a before 1.6.6.1. | |||||
| CVE-2023-5674 | 1 Wpvibes | 1 Wp Mail Log | 2024-01-04 | N/A | 8.8 HIGH |
| The WP Mail Log WordPress plugin before 1.1.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Contributor. | |||||
| CVE-2023-46989 | 1 Innovadeluxe | 1 Quick Order | 2024-01-04 | N/A | 7.8 HIGH |
| SQL Injection vulnerability in the Innovadeluxe Quick Order module for PrestaShop before v.1.4.0, allows local attackers to execute arbitrary code via the getProducts() function in the productlist.php file. | |||||
| CVE-2023-5645 | 1 Wpvibes | 1 Wp Mail Log | 2024-01-04 | N/A | 8.8 HIGH |
| The WP Mail Log WordPress plugin before 1.1.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Contributor. | |||||
| CVE-2023-52096 | 1 Steve-community | 1 Ocpp-jaxb | 2024-01-04 | N/A | 7.5 HIGH |
| SteVe Community ocpp-jaxb before 0.0.8 generates invalid timestamps such as ones with month 00 in certain situations (such as when an application receives a StartTransaction Open Charge Point Protocol message with a timestamp parameter of 1000000). This may lead to a SQL exception in applications, and may undermine the integrity of transaction records. | |||||
| CVE-2023-49954 | 1 3cx | 1 3cx | 2024-01-03 | N/A | 9.8 CRITICAL |
| The CRM Integration in 3CX before 18.0.9.23 and 20 before 20.0.0.1494 allows SQL Injection via a first name, search string, or email address. | |||||
| CVE-2022-39822 | 1 Nokia | 1 Network Functions Manager For Transport | 2024-01-03 | N/A | 8.8 HIGH |
| In NOKIA NFM-T R19.9, a SQL Injection vulnerability occurs in /cgi-bin/R19.9/easy1350.pl of the VM Manager WebUI via the id or host HTTP GET parameter. An authenticated attacker is required for exploitation. | |||||
| CVE-2023-49934 | 1 Schedmd | 1 Slurm | 2024-01-03 | N/A | 9.8 CRITICAL |
| An issue was discovered in SchedMD Slurm 23.11.x. There is SQL Injection against the SlurmDBD database. The fixed version is 23.11.1. | |||||
| CVE-2023-5203 | 1 Swit | 1 Wp Sessions Time Monitoring Full Automatic | 2024-01-02 | N/A | 7.5 HIGH |
| The WP Sessions Time Monitoring Full Automatic WordPress plugin before 1.0.9 does not sanitize the request URL or query parameters before using them in an SQL query, allowing unauthenticated attackers to extract sensitive data from the database via blind time based SQL injection techniques, or in some cases an error/union based technique. | |||||
| CVE-2022-47532 | 1 Filerun | 1 Filerun | 2024-01-02 | N/A | 9.8 CRITICAL |
| FileRun 20220519 allows SQL Injection via the "dir" parameter in a /?module=users§ion=cpanel&page=list request. | |||||
| CVE-2022-2422 | 1 Feathersjs | 1 Feathers-sequelize | 2024-01-02 | N/A | 9.8 CRITICAL |
| Due to improper input validation in the Feathers js library, it is possible to perform a SQL injection attack on the back-end database, in case the feathers-sequelize package is used. | |||||