Total
14188 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-32128 | 1 Adastracrypto | 1 Cryptocurrency Payment \& Donation Box | 2023-12-22 | N/A | 7.2 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Adastra Crypto Cryptocurrency Payment & Donation Box – Accept Payments in any Cryptocurrency on your WP Site for Free.This issue affects Cryptocurrency Payment & Donation Box – Accept Payments in any Cryptocurrency on your WP Site for Free: from n/a through 2.2.7. | |||||
| CVE-2023-34168 | 1 Esiteq | 1 Wp Report Post | 2023-12-22 | N/A | 8.8 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Alex Raven WP Report Post allows SQL Injection.This issue affects WP Report Post: from n/a through 2.1.2. | |||||
| CVE-2023-33331 | 1 Woo | 1 Product Vendors | 2023-12-22 | N/A | 7.2 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WooCommerce Product Vendors allows SQL Injection.This issue affects Product Vendors: from n/a through 2.1.76. | |||||
| CVE-2023-47506 | 1 Masterslider | 1 Master Slider | 2023-12-22 | N/A | 8.8 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Master slider Master Slider Pro allows SQL Injection.This issue affects Master Slider Pro: from n/a through 3.6.5. | |||||
| CVE-2023-47530 | 1 Wpvibes | 1 Redirect 404 Error Page To Homepage Or Custom Page With Logs | 2023-12-22 | N/A | 7.2 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPVibes Redirect 404 Error Page to Homepage or Custom Page with Logs allows SQL Injection.This issue affects Redirect 404 Error Page to Homepage or Custom Page with Logs: from n/a through 1.8.7. | |||||
| CVE-2023-30867 | 1 Apache | 1 Streampark | 2023-12-21 | N/A | 4.9 MEDIUM |
| In the Streampark platform, when users log in to the system and use certain features, some pages provide a name-based fuzzy search, such as job names, role names, etc. The sql syntax :select * from table where jobName like '%jobName%'. However, the jobName field may receive illegal parameters, leading to SQL injection. This could potentially result in information leakage. Mitigation: Users are recommended to upgrade to version 2.1.2, which fixes the issue. | |||||
| CVE-2023-26959 | 1 Phpgurukul | 1 Park Ticketing Management System | 2023-12-21 | N/A | 9.8 CRITICAL |
| Phpgurukul Park Ticketing Management System 1.0 is vulnerable to SQL Injection via the User Name parameter. | |||||
| CVE-2023-47558 | 1 Lindeni | 1 Who Hit The Page - Hit Counter | 2023-12-20 | N/A | 6.5 MEDIUM |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mahlamusa Who Hit The Page – Hit Counter allows SQL Injection.This issue affects Who Hit The Page – Hit Counter: from n/a through 1.4.14.3. | |||||
| CVE-2023-31936 | 1 Phpgurukul | 1 Rail Pass Management System | 2023-12-20 | N/A | 7.2 HIGH |
| Sql injection vulnerability found in Rail Pass Management System v.1.0 allows a remote attacker to execute arbitrary code via the viewid parameter of the view-pass-detail.php file. | |||||
| CVE-2023-31932 | 1 Phpgurukul | 1 Rail Pass Management System | 2023-12-20 | N/A | 7.2 HIGH |
| Sql injection vulnerability found in Rail Pass Management System v.1.0 allows a remote attacker to execute arbitrary code via the viewid parameter of the view-enquiry.php file. | |||||
| CVE-2023-31933 | 1 Phpgurukul | 1 Rail Pass Management System | 2023-12-20 | N/A | 7.2 HIGH |
| Sql injection vulnerability found in Rail Pass Management System v.1.0 allows a remote attacker to execute arbitrary code via the editid parameter of the edit-pass-detail.php file. | |||||
| CVE-2023-31937 | 1 Phpgurukul | 1 Rail Pass Management System | 2023-12-20 | N/A | 7.2 HIGH |
| Sql injection vulnerability found in Rail Pass Management System v.1.0 allows a remote attacker to execute arbitrary code via the editid parameter of the edit-cateogry-detail.php file. | |||||
| CVE-2023-23156 | 1 Phpgurukul | 1 Art Gallery Management System | 2023-12-20 | N/A | 9.8 CRITICAL |
| Art Gallery Management System Project in PHP 1.0 was discovered to contain a SQL injection vulnerability via the pid parameter in the single-product page. | |||||
| CVE-2023-23155 | 1 Phpgurukul | 1 Art Gallery Management System | 2023-12-20 | N/A | 9.8 CRITICAL |
| Art Gallery Management System Project in PHP 1.0 was discovered to contain a SQL injection vulnerability via the username parameter in the Admin Login. | |||||
| CVE-2023-23162 | 1 Phpgurukul | 1 Art Gallery Management System | 2023-12-20 | N/A | 9.8 CRITICAL |
| Art Gallery Management System Project v1.0 was discovered to contain a SQL injection vulnerability via the cid parameter at product.php. | |||||
| CVE-2023-24726 | 1 Phpgurukul | 1 Art Gallery Management System | 2023-12-20 | N/A | 9.8 CRITICAL |
| Art Gallery Management System v1.0 was discovered to contain a SQL injection vulnerability via the viewid parameter on the enquiry page. | |||||
| CVE-2023-23163 | 1 Phpgurukul | 1 Art Gallery Management System | 2023-12-20 | N/A | 9.8 CRITICAL |
| Art Gallery Management System Project v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter. | |||||
| CVE-2022-1800 | 1 Soflyy | 1 Export Any Wordpress Data To Xml\/csv | 2023-12-20 | 6.5 MEDIUM | 7.2 HIGH |
| The Export any WordPress data to XML/CSV WordPress plugin before 1.3.5 does not sanitize the cpt POST parameter when exporting post data before using it in a database query, leading to an SQL injection vulnerability. | |||||
| CVE-2023-40954 | 1 Gmarczynski | 1 Dynamic Progress Bar | 2023-12-20 | N/A | 9.8 CRITICAL |
| A SQL injection vulnerability in Grzegorz Marczynski Dynamic Progress Bar (aka web_progress) v. 11.0 through 11.0.2, v12.0 through v12.0.2, v.13.0 through v13.0.2, v.14.0 through v14.0.2.1, v.15.0 through v15.0.2, and v16.0 through v16.0.2.1 allows a remote attacker to gain privileges via the recency parameter in models/web_progress.py component. | |||||
| CVE-2023-48049 | 1 Cybrosys | 1 Website Blog Search | 2023-12-20 | N/A | 9.8 CRITICAL |
| A SQL injection vulnerability in Cybrosys Techno Solutions Website Blog Search (aka website_search_blog) v. 13.0 through 13.0.1.0.1 allows a remote attacker to execute arbitrary code and to gain privileges via the name parameter in controllers/main.py component. | |||||