Total
14188 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-44693 | 1 Dlink | 2 Dar-7000, Dar-7000 Firmware | 2023-10-20 | N/A | 9.8 CRITICAL |
| D-Link Online behavior audit gateway DAR-7000 V31R02B1413C is vulnerable to SQL Injection via /importexport.php. | |||||
| CVE-2023-40852 | 1 User Registration \& Login And User Management System With Admin Panel Project | 1 User Registration \& Login And User Management System With Admin Panel | 2023-10-20 | N/A | 9.8 CRITICAL |
| SQL Injection vulnerability in Phpgurukul User Registration & Login and User Management System With admin panel 3.0 allows attackers to obtain sensitive information via crafted string in the admin user name field on the admin log in page. | |||||
| CVE-2023-5591 | 1 Librenms | 1 Librenms | 2023-10-19 | N/A | 6.5 MEDIUM |
| SQL Injection in GitHub repository librenms/librenms prior to 23.10.0. | |||||
| CVE-2023-45674 | 1 Farmbot | 1 Farmbot Web App | 2023-10-18 | N/A | 6.5 MEDIUM |
| Farmbot-Web-App is a web control interface for the Farmbot farm automation platform. An SQL injection vulnerability was found in FarmBot's web app that allows authenticated attackers to extract arbitrary data from its database (including the user table). This issue may lead to Information Disclosure. This issue has been patched in version 15.8.4. Users are advised to upgrade. There are no known workarounds for this issue. | |||||
| CVE-2023-34976 | 1 Qnap | 1 Video Station | 2023-10-18 | N/A | 8.8 HIGH |
| A SQL injection vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: Video Station 5.7.0 ( 2023/07/27 ) and later | |||||
| CVE-2023-30154 | 1 Shoprunners | 1 Aftermail | 2023-10-18 | N/A | 9.8 CRITICAL |
| Multiple improper neutralization of SQL parameters in module AfterMail (aftermailpresta) for PrestaShop, before version 2.2.1, allows remote attackers to perform SQL injection attacks via `id_customer`, `id_conf`, `id_product` and `token` parameters in `aftermailajax.php via the 'id_product' parameter in hooks DisplayRightColumnProduct and DisplayProductButtons. | |||||
| CVE-2021-45252 | 1 Oretnom23 | 1 Simple Forum\/discussion System | 2023-10-18 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple SQL injection vulnerabilities are found on Simple Forum-Discussion System 1.0 For example on three applications which are manage_topic.php, manage_user.php, and ajax.php. The attacker can be retrieving all information from the database of this system by using this vulnerability. | |||||
| CVE-2021-44653 | 1 Oretnom23 | 1 Online Magazine Management System | 2023-10-18 | 7.5 HIGH | 9.8 CRITICAL |
| Online Magazine Management System 1.0 contains a SQL injection authentication bypass vulnerability. The Admin panel authentication can be bypassed due to SQL injection vulnerability in the login form allowing attacker to gain access as admin to the application. | |||||
| CVE-2023-23737 | 1 Managewp | 1 Broken Link Checker | 2023-10-17 | N/A | 9.8 CRITICAL |
| Unauth. SQL Injection (SQLi) vulnerability in MainWP MainWP Broken Links Checker Extension plugin <= 4.0 versions. | |||||
| CVE-2023-44961 | 1 Koha-community | 1 Koha Library Software | 2023-10-16 | N/A | 7.5 HIGH |
| SQL Injection vulnerability in Koha Library Software 23.0.5.04 and before allows a remote attacker to obtain sensitive information via the intranet/cgi bin/cataloging/ysearch.pl. component. | |||||
| CVE-2023-41262 | 1 Plixer | 1 Scrutinizer | 2023-10-16 | N/A | 9.8 CRITICAL |
| An issue was discovered in /fcgi/scrut_fcgi.fcgi in Plixer Scrutinizer before 19.3.1. The csvExportReport endpoint action generateCSV is vulnerable to SQL injection through the sorting parameter, allowing an unauthenticated user to execute arbitrary SQL statements in the context of the application's backend database server. | |||||
| CVE-2023-30058 | 1 Xxyopen | 1 Novel-plus | 2023-10-15 | N/A | 9.8 CRITICAL |
| novel-plus 3.6.2 is vulnerable to SQL Injection. | |||||
| CVE-2023-23651 | 1 Mainwp | 1 Mainwp Google Analytics Extension | 2023-10-14 | N/A | 8.8 HIGH |
| Auth. (subscriber+) SQL Injection (SQLi) vulnerability in MainWP Google Analytics Extension plugin <= 4.0.4 versions. | |||||
| CVE-2023-38221 | 1 Adobe | 2 Commerce, Magento | 2023-10-14 | N/A | 6.6 MEDIUM |
| Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could lead in arbitrary code execution by an admin-privilege authenticated attacker. Exploitation of this issue does not require user interaction and attack complexity is high as it requires knowledge of tooling beyond just using the UI. | |||||
| CVE-2023-38250 | 1 Adobe | 2 Commerce, Magento | 2023-10-14 | N/A | 6.6 MEDIUM |
| Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could lead in arbitrary code execution by an admin-privilege authenticated attacker. Exploitation of this issue does not require user interaction and attack complexity is high as it requires knowledge of tooling beyond just using the UI. | |||||
| CVE-2023-38249 | 1 Adobe | 2 Commerce, Magento | 2023-10-14 | N/A | 6.6 MEDIUM |
| Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could lead in arbitrary code execution by an admin-privilege authenticated attacker. Exploitation of this issue does not require user interaction and attack complexity is high as it requires knowledge of tooling beyond just using the UI. | |||||
| CVE-2023-43899 | 1 Hansuncms Project | 1 Hansuncms | 2023-10-11 | N/A | 9.8 CRITICAL |
| hansun CMS v1.0 was discovered to contain a SQL injection vulnerability via the component /ajax/ajax_login.ashx. | |||||
| CVE-2023-4530 | 1 Turnatasarim | 1 Advertising Administration Panel | 2023-10-11 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Turna Advertising Administration Panel allows SQL Injection.This issue affects Advertising Administration Panel: before 1.1. | |||||
| CVE-2023-4103 | 1 Qsige | 1 Qsige | 2023-10-10 | N/A | 8.8 HIGH |
| QSige statistics are affected by a remote SQLi vulnerability. It has been identified that the web application does not correctly filter input parameters, allowing SQL injections, DoS or information disclosure. As a prerequisite, it is necessary to log into the application. | |||||
| CVE-2023-4102 | 1 Qsige | 1 Qsige | 2023-10-10 | N/A | 8.8 HIGH |
| QSige login SSO does not have an access control mechanism to verify whether the user requesting a resource has sufficient permissions to do so. As a prerequisite, it is necessary to log into the application. | |||||