Total
14188 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-5645 | 1 Wpvibes | 1 Wp Mail Log | 2024-01-04 | N/A | 8.8 HIGH |
| The WP Mail Log WordPress plugin before 1.1.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Contributor. | |||||
| CVE-2023-52096 | 1 Steve-community | 1 Ocpp-jaxb | 2024-01-04 | N/A | 7.5 HIGH |
| SteVe Community ocpp-jaxb before 0.0.8 generates invalid timestamps such as ones with month 00 in certain situations (such as when an application receives a StartTransaction Open Charge Point Protocol message with a timestamp parameter of 1000000). This may lead to a SQL exception in applications, and may undermine the integrity of transaction records. | |||||
| CVE-2023-49934 | 1 Schedmd | 1 Slurm | 2024-01-03 | N/A | 9.8 CRITICAL |
| An issue was discovered in SchedMD Slurm 23.11.x. There is SQL Injection against the SlurmDBD database. The fixed version is 23.11.1. | |||||
| CVE-2022-47532 | 1 Filerun | 1 Filerun | 2024-01-02 | N/A | 9.8 CRITICAL |
| FileRun 20220519 allows SQL Injection via the "dir" parameter in a /?module=users§ion=cpanel&page=list request. | |||||
| CVE-2022-29822 | 1 Feathersjs | 1 Feathers-sequelize | 2024-01-02 | N/A | 9.8 CRITICAL |
| Due to improper parameter filtering in the Feathers js library, which may ultimately lead to SQL injection | |||||
| CVE-2022-2422 | 1 Feathersjs | 1 Feathers-sequelize | 2024-01-02 | N/A | 9.8 CRITICAL |
| Due to improper input validation in the Feathers js library, it is possible to perform a SQL injection attack on the back-end database, in case the feathers-sequelize package is used. | |||||
| CVE-2023-48893 | 1 Slims | 1 Senayan Library Management System Bulian | 2023-12-31 | N/A | 8.8 HIGH |
| SLiMS (aka SENAYAN Library Management System) through 9.6.1 allows admin/modules/reporting/customs/staff_act.php SQL Injection via startDate or untilDate. | |||||
| CVE-2023-49752 | 1 Spoonthemes | 1 Adifier | 2023-12-30 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Spoon themes Adifier - Classified Ads WordPress Theme.This issue affects Adifier - Classified Ads WordPress Theme: from n/a before 3.1.4. | |||||
| CVE-2023-49677 | 1 Kashipara | 1 Job Portal | 2023-12-29 | N/A | 9.8 CRITICAL |
| Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'cmbQual' parameter of the Employer/InsertJob.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2023-44481 | 1 Projectworlds | 1 Leave Management System | 2023-12-29 | N/A | 8.8 HIGH |
| Leave Management System Project v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'setearnleave' parameter of the admin/setleaves.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2023-48327 | 1 Wcvendors | 1 Woocommerce Multi-vendor\, Woocommerce Marketplace\, Product Vendors | 2023-12-29 | N/A | 7.2 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WC Vendors WC Vendors – WooCommerce Multi-Vendor, WooCommerce Marketplace, Product Vendors.This issue affects WC Vendors – WooCommerce Multi-Vendor, WooCommerce Marketplace, Product Vendors: from n/a through 2.4.7. | |||||
| CVE-2023-44482 | 1 Projectworlds | 1 Leave Management System | 2023-12-29 | N/A | 8.8 HIGH |
| Leave Management System Project v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'setsickleave' parameter of the admin/setleaves.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2023-49776 | 1 Dmry | 1 Sayfa Sayac | 2023-12-29 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Hakan Demiray Sayfa Sayac.This issue affects Sayfa Sayac: from n/a through 2.6. | |||||
| CVE-2023-48718 | 1 Phpgurukul | 1 Student Result Management System | 2023-12-29 | N/A | 9.8 CRITICAL |
| Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'class_name' parameter of the add_students.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2023-48722 | 1 Phpgurukul | 1 Student Result Management System | 2023-12-29 | N/A | 9.8 CRITICAL |
| Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'class_name' parameter of the add_results.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2023-48720 | 1 Phpgurukul | 1 Student Result Management System | 2023-12-29 | N/A | 9.8 CRITICAL |
| Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'password' parameter of the login.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2023-48687 | 1 Projectworlds | 1 Railway Reservation System | 2023-12-29 | N/A | 9.8 CRITICAL |
| Railway Reservation System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'from' parameter of the reservation.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2023-48685 | 1 Projectworlds | 1 Railway Reservation System | 2023-12-29 | N/A | 9.8 CRITICAL |
| Railway Reservation System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'psd' parameter of the login.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2023-48689 | 1 Projectworlds | 1 Railway Reservation System | 2023-12-29 | N/A | 9.8 CRITICAL |
| Railway Reservation System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'byname' parameter of the train.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2023-48716 | 1 Projectworlds | 1 Student Result Management System | 2023-12-29 | N/A | 9.8 CRITICAL |
| Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'class_id' parameter of the add_classes.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||