Total
14188 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-43507 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2023-11-01 | N/A | 8.8 HIGH |
| A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An attacker could exploit this vulnerability to obtain and modify sensitive information in the underlying database potentially leading to complete compromise of the ClearPass Policy Manager cluster. | |||||
| CVE-2023-45376 | 1 Hipresta | 1 Carousels Pack | 2023-10-31 | N/A | 9.8 CRITICAL |
| In the module "Carousels Pack - Instagram, Products, Brands, Supplier" (hicarouselspack) for PrestaShop up to version 1.5.0 from HiPresta for PrestaShop, a guest can perform SQL injection via HiCpProductGetter::getViewedProduct().` | |||||
| CVE-2022-41775 | 1 Deltaww | 1 Diaenergie | 2023-10-30 | N/A | 8.8 HIGH |
| SQL Injection in Handler_CFG.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network | |||||
| CVE-2022-43506 | 1 Deltaww | 1 Diaenergie | 2023-10-30 | N/A | 8.8 HIGH |
| SQL Injection in HandlerTag_KID.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network | |||||
| CVE-2022-43447 | 1 Deltaww | 1 Diaenergie | 2023-10-30 | N/A | 8.8 HIGH |
| SQL Injection in AM_EBillAnalysis.aspx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network | |||||
| CVE-2023-46435 | 1 Oretnom23 | 1 Packers And Movers Management System | 2023-10-30 | N/A | 9.8 CRITICAL |
| Sourcecodester Packers and Movers Management System v1.0 is vulnerable to SQL Injection via mpms/?p=services/view_service&id. | |||||
| CVE-2023-37824 | 1 Sitolog | 1 Sitolog Application Connect | 2023-10-28 | N/A | 9.8 CRITICAL |
| Sitolog sitologapplicationconnect v7.8.a and before was discovered to contain a SQL injection vulnerability via the component /activate_hook.php. | |||||
| CVE-2023-38190 | 1 Superwebmailer | 1 Superwebmailer | 2023-10-28 | N/A | 8.8 HIGH |
| An issue was discovered in SuperWebMailer 9.00.0.01710. It allows Export SQL Injection via the size parameter. | |||||
| CVE-2023-27262 | 1 Idattend | 1 Idweb | 2023-10-28 | N/A | 9.1 CRITICAL |
| Unauthenticated SQL injection in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. | |||||
| CVE-2023-26572 | 1 Idattend | 1 Idweb | 2023-10-28 | N/A | 9.1 CRITICAL |
| Unauthenticated SQL injection in the GetExcursionList method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. | |||||
| CVE-2023-27255 | 1 Idattend | 1 Idweb | 2023-10-28 | N/A | 9.1 CRITICAL |
| Unauthenticated SQL injection in the DeleteRoomChanges method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. | |||||
| CVE-2023-26584 | 1 Idattend | 1 Idweb | 2023-10-28 | N/A | 9.1 CRITICAL |
| Unauthenticated SQL injection in the GetStudentInconsistencies method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. | |||||
| CVE-2023-26583 | 1 Idattend | 1 Idweb | 2023-10-28 | N/A | 9.1 CRITICAL |
| Unauthenticated SQL injection in the GetCurrentPeriod method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. | |||||
| CVE-2023-26581 | 1 Idattend | 1 Idweb | 2023-10-28 | N/A | 9.1 CRITICAL |
| Unauthenticated SQL injection in the GetVisitors method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. | |||||
| CVE-2023-27260 | 1 Idattend | 1 Idweb | 2023-10-28 | N/A | 9.1 CRITICAL |
| Unauthenticated SQL injection in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. | |||||
| CVE-2023-27254 | 1 Idattend | 1 Idweb | 2023-10-28 | N/A | 9.1 CRITICAL |
| Unauthenticated SQL injection in the GetRoomChanges method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. | |||||
| CVE-2023-26568 | 1 Idattend | 1 Idweb | 2023-10-28 | N/A | 9.1 CRITICAL |
| Unauthenticated SQL injection in the GetStudentGroupStudents method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. | |||||
| CVE-2023-26582 | 1 Idattend | 1 Idweb | 2023-10-28 | N/A | 9.1 CRITICAL |
| Unauthenticated SQL injection in the GetExcursionDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. | |||||
| CVE-2023-26569 | 1 Idattend | 1 Idweb | 2023-10-28 | N/A | 9.1 CRITICAL |
| Unauthenticated SQL injection in the StudentPopupDetails_Timetable method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. | |||||
| CVE-2022-43452 | 1 Deltaww | 1 Diaenergie | 2023-10-27 | N/A | 8.8 HIGH |
| SQL Injection in FtyInfoSetting.aspx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network | |||||