Total
14188 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-45996 | 1 Slims | 2 Senayan Library Management System, Senayan Library Management System Bulian | 2023-11-08 | N/A | 8.8 HIGH |
| SQL injection vulnerability in Senayan Library Management Systems Slims v.9 and Bulian v.9.6.1 allows a remote attacker to obtain sensitive information and execute arbitrary code via a crafted script to the reborrowLimit parameter in the member_type.php. | |||||
| CVE-2023-45378 | 1 Hdclic | 1 Prestablog | 2023-11-08 | N/A | 9.8 CRITICAL |
| In the module "PrestaBlog" (prestablog) version 4.4.7 and before from HDclic for PrestaShop, a guest can perform SQL injection. The script ajax slider_positions.php has a sensitive SQL call that can be executed with a trivial http call and exploited to forge a SQL injection. | |||||
| CVE-2023-27846 | 1 Themevolty | 1 Theme Volty Cms Blog | 2023-11-08 | N/A | 9.8 CRITICAL |
| SQL injection vulnerability found in PrestaShop themevolty v.4.0.8 and before allow a remote attacker to gain privileges via the tvcmsblog, tvcmsvideotab, tvcmswishlist, tvcmsbrandlist, tvcmscategorychainslider, tvcmscategoryproduct, tvcmscategoryslider, tvcmspaymenticon, tvcmstestimonial components. | |||||
| CVE-2023-25045 | 1 Carrcommunications | 1 Rsvpmaker | 2023-11-08 | N/A | 7.2 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David F. Carr RSVPMaker allows SQL Injection.This issue affects RSVPMaker: from n/a through 9.9.3. | |||||
| CVE-2023-5252 | 1 Fareharbor | 1 Fareharbor | 2023-11-08 | N/A | 5.4 MEDIUM |
| The FareHarbor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 3.6.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2023-5315 | 1 Matthewschwartz | 1 Google Maps Made Simple | 2023-11-08 | N/A | 8.8 HIGH |
| The Google Maps made Simple plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 0.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | |||||
| CVE-2023-41891 | 1 Flyte | 1 Flyteadmin | 2023-11-07 | N/A | 8.8 HIGH |
| FlyteAdmin is the control plane for Flyte responsible for managing entities and administering workflow executions. Prior to version 1.1.124, list endpoints on FlyteAdmin have a SQL vulnerability where a malicious user can send a REST request with custom SQL statements as list filters. The attacker needs to have access to the FlyteAdmin installation, typically either behind a VPN or authentication. Version 1.1.124 contains a patch for this issue. | |||||
| CVE-2023-4608 | 1 Lenovo | 104 Thinkagile Hx1331, Thinkagile Hx1331 Firmware, Thinkagile Hx2330 and 101 more | 2023-11-07 | N/A | 7.2 HIGH |
| An authenticated XCC user with elevated privileges can perform blind SQL injection in limited cases through a crafted API command. This affects ThinkSystem v2 and v3 servers with XCC; ThinkSystem v1 servers are not affected. | |||||
| CVE-2023-5336 | 1 Ipanorama 360 Wordpress Virtual Tour Builder Project | 1 Ipanorama 360 Wordpress Virtual Tour Builder | 2023-11-07 | N/A | 6.5 MEDIUM |
| The iPanorama 360 – WordPress Virtual Tour Builder plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 1.8.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with contributor-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | |||||
| CVE-2023-4999 | 1 Gopiplus | 1 Horizontal Scrolling Announcement | 2023-11-07 | N/A | 8.8 HIGH |
| The Horizontal scrolling announcement plugin for WordPress is vulnerable to SQL Injection via the plugin's [horizontal-scrolling] shortcode in versions up to, and including, 9.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | |||||
| CVE-2023-5429 | 1 Gopiplus | 1 Information Reel | 2023-11-07 | N/A | 6.5 MEDIUM |
| The Information Reel plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 10.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | |||||
| CVE-2023-4598 | 1 Wp-slimstat | 1 Slimstat Analytics | 2023-11-07 | N/A | 6.5 MEDIUM |
| The Slimstat Analytics plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 5.0.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with contributor-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | |||||
| CVE-2023-4485 | 1 Ardereg | 1 Sistemas Scada | 2023-11-07 | N/A | 9.8 CRITICAL |
| ARDEREG ?Sistema SCADA Central versions 2.203 and prior login page are vulnerable to an unauthenticated blind SQL injection attack. An attacker could manipulate the application's SQL query logic to extract sensitive information or perform unauthorized actions within the database. In this case, the vulnerability could allow an attacker to execute arbitrary SQL queries through the login page, potentially leading to unauthorized access, data leakage, or even disruption of critical industrial processes. | |||||
| CVE-2023-41636 | 1 Grupposcai | 1 Realgimm | 2023-11-07 | N/A | 9.8 CRITICAL |
| A SQL injection vulnerability in the Data Richiesta dal parameter of GruppoSCAI RealGimm v1.1.37p38 allows attackers to access the database and execute arbitrary commands via a crafted SQL query. | |||||
| CVE-2023-40748 | 1 Phpjabbers | 1 Food Delivery Script | 2023-11-07 | N/A | 9.8 CRITICAL |
| PHPJabbers Food Delivery Script 3.0 has a SQL injection (SQLi) vulnerability in the "q" parameter of index.php. | |||||
| CVE-2023-40749 | 1 Phpjabbers | 1 Food Delivery Script | 2023-11-07 | N/A | 9.8 CRITICAL |
| PHPJabbers Food Delivery Script v3.0 is vulnerable to SQL Injection in the "column" parameter of index.php. | |||||
| CVE-2023-36311 | 1 Phpjabbers | 1 Document Creator | 2023-11-07 | N/A | 9.8 CRITICAL |
| There is a SQL injection (SQLi) vulnerability in the "column" parameter of index.php in PHPJabbers Document Creator v1.0. | |||||
| CVE-2023-2482 | 1 Wpwox | 1 Responsive Css Editor | 2023-11-07 | N/A | 7.2 HIGH |
| The Responsive CSS EDITOR WordPress plugin through 1.0 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high-privilege users such as admin. | |||||
| CVE-2023-2592 | 1 Ncrafts | 1 Formcraft | 2023-11-07 | N/A | 7.2 HIGH |
| The FormCraft WordPress plugin before 3.9.7 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin. | |||||
| CVE-2023-2201 | 1 Salephpscripts | 1 Web Directory Free | 2023-11-07 | N/A | 8.8 HIGH |
| The Web Directory Free for WordPress is vulnerable to SQL Injection via the ‘post_id’ parameter in versions up to, and including, 1.6.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with contributor-level privileges to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | |||||