Total
14188 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-46353 | 1 Mypresta | 1 Product Tag Icons Pro | 2023-12-09 | N/A | 9.8 CRITICAL |
| In the module "Product Tag Icons Pro" (ticons) before 1.8.4 from MyPresta.eu for PrestaShop, a guest can perform SQL injection. The method TiconProduct::getTiconByProductAndTicon() has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection. | |||||
| CVE-2023-48823 | 1 Mayurik | 1 Courier Management System | 2023-12-09 | N/A | 9.8 CRITICAL |
| A Blind SQL injection issue in ajax.php in GaatiTrack Courier Management System 1.0 allows an unauthenticated attacker to inject a payload via the email parameter during login. | |||||
| CVE-2023-49429 | 1 Tenda | 2 Ax9, Ax9 Firmware | 2023-12-09 | N/A | 9.8 CRITICAL |
| Tenda AX9 V22.03.01.46 was discovered to contain a SQL command injection vulnerability in the 'setDeviceInfo' feature through the 'mac' parameter at /goform/setModules. | |||||
| CVE-2023-6063 | 1 Wpfastestcache | 1 Wp Fastest Cache | 2023-12-08 | N/A | 7.5 HIGH |
| The WP Fastest Cache WordPress plugin before 1.2.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users. | |||||
| CVE-2023-46575 | 1 Layer5 | 1 Meshery | 2023-12-08 | N/A | 9.8 CRITICAL |
| A SQL injection vulnerability exists in Meshery prior to version v0.6.179, enabling a remote attacker to retrieve sensitive information and execute arbitrary code through the “order” parameter | |||||
| CVE-2011-0448 | 1 Rubyonrails | 1 Rails | 2023-12-07 | 7.5 HIGH | N/A |
| Ruby on Rails 3.0.x before 3.0.4 does not ensure that arguments to the limit function specify integer values, which makes it easier for remote attackers to conduct SQL injection attacks via a non-numeric argument. | |||||
| CVE-2023-5108 | 1 Alphabpo | 1 Easy Newsletter Signups | 2023-12-07 | N/A | 7.2 HIGH |
| The Easy Newsletter Signups WordPress plugin through 1.0.4 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin | |||||
| CVE-2023-5634 | 1 Arslansoft Education Portal Project | 1 Arslansoft Education Portal | 2023-12-06 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ArslanSoft Education Portal allows SQL Injection.This issue affects Education Portal: before v1.1. | |||||
| CVE-2023-49371 | 1 Ruoyi | 1 Ruoyi | 2023-12-06 | N/A | 9.8 CRITICAL |
| RuoYi up to v4.6 was discovered to contain a SQL injection vulnerability via /system/dept/edit. | |||||
| CVE-2023-48813 | 1 Slims | 1 Senayan Library Management System Bulian | 2023-12-06 | N/A | 8.8 HIGH |
| Senayan Library Management Systems (Slims) 9 Bulian v9.6.1 is vulnerable to SQL Injection via admin/modules/reporting/customs/fines_report.php. | |||||
| CVE-2023-48016 | 1 Phpgurukul | 1 Restaurant Table Booking System | 2023-12-06 | N/A | 7.5 HIGH |
| Restaurant Table Booking System V1.0 is vulnerable to SQL Injection in rtbs/admin/index.php via the username parameter. | |||||
| CVE-2023-6360 | 1 Joedolson | 1 My Calendar | 2023-12-06 | N/A | 9.8 CRITICAL |
| The 'My Calendar' WordPress Plugin, version < 3.4.22 is affected by an unauthenticated SQL injection vulnerability in the 'from' and 'to' parameters in the '/my-calendar/v1/events' rest route. | |||||
| CVE-2023-48742 | 1 Wpexperts | 1 License Manager For Woocommerce | 2023-12-05 | N/A | 7.2 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LicenseManager License Manager for WooCommerce license-manager-for-woocommerce allows SQL Injection.This issue affects License Manager for WooCommerce: from n/a through 2.2.10. | |||||
| CVE-2023-40056 | 1 Solarwinds | 1 Solarwinds Platform | 2023-12-04 | N/A | 8.8 HIGH |
| SQL Injection Remote Code Vulnerability was found in the SolarWinds Platform. This vulnerability can be exploited with a low privileged account. | |||||
| CVE-2023-6412 | 1 Aatifaneeq | 1 Voovi | 2023-12-02 | N/A | 7.5 HIGH |
| A vulnerability has been reported in Voovi Social Networking Script that affects version 1.0 and consists of a SQL injection via photo.php in multiple parameters. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the application. | |||||
| CVE-2023-6414 | 1 Aatifaneeq | 1 Voovi | 2023-12-02 | N/A | 7.5 HIGH |
| A vulnerability has been reported in Voovi Social Networking Script that affects version 1.0 and consists of a SQL injection via perfil.php in the id and user parameters. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the application. | |||||
| CVE-2023-6411 | 1 Aatifaneeq | 1 Voovi | 2023-12-02 | N/A | 7.5 HIGH |
| A vulnerability has been reported in Voovi Social Networking Script that affects version 1.0 and consists of a SQL injection via home.php in the update parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the application. | |||||
| CVE-2023-6417 | 1 Aatifaneeq | 1 Voovi | 2023-12-02 | N/A | 7.5 HIGH |
| A vulnerability has been reported in Voovi Social Networking Script that affects version 1.0 and consists of a SQL injection via update.php in the id parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the application. | |||||
| CVE-2023-6415 | 1 Aatifaneeq | 1 Voovi | 2023-12-02 | N/A | 7.5 HIGH |
| A vulnerability has been reported in Voovi Social Networking Script that affects version 1.0 and consists of a SQL injection via signin.php in the user parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the application. | |||||
| CVE-2023-6413 | 1 Aatifaneeq | 1 Voovi | 2023-12-02 | N/A | 7.5 HIGH |
| A vulnerability has been reported in Voovi Social Networking Script that affects version 1.0 and consists of a SQL injection via photos.php in the id and user parameters. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the application. | |||||