Total
14188 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-38916 | 1 Mohammad-ajazuddin | 1 Evotingsystem-php | 2023-08-22 | N/A | 8.8 HIGH |
| SQL Injection vulnerability in eVotingSystem-PHP v.1.0 allows a remote attacker to execute arbitrary code and obtain sensitive information via the user input fields. | |||||
| CVE-2023-38838 | 1 Kiduswb | 1 Minimati | 2023-08-22 | N/A | 7.5 HIGH |
| SQL injection vulnerability in Kidus Minimati v.1.0.0 allows a remote attacker to obtain sensitive information via the edit.php component. | |||||
| CVE-2023-31944 | 1 Online Travel Agency System Project | 1 Online Travel Agency System | 2023-08-18 | N/A | 7.2 HIGH |
| SQL injection vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via the emp_id parameter at employee_edit.php. | |||||
| CVE-2023-31945 | 1 Online Travel Agency System Project | 1 Online Travel Agency System | 2023-08-18 | N/A | 7.2 HIGH |
| SQL injection vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via the id parameter at daily_expenditure_edit.php. | |||||
| CVE-2023-31943 | 1 Online Travel Agency System Project | 1 Online Travel Agency System | 2023-08-18 | N/A | 7.2 HIGH |
| SQL injection vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via the ticket_id parameter at ticket_detail.php. | |||||
| CVE-2023-39850 | 1 Schoolmate Project | 1 Schoolmate | 2023-08-18 | N/A | 9.8 CRITICAL |
| Schoolmate v1.3 was discovered to contain multiple SQL injection vulnerabilities via the $courseid and $teacherid parameters at DeleteFunctions.php. | |||||
| CVE-2021-29378 | 1 Pearadmin | 1 Pear Admin Think | 2023-08-18 | N/A | 8.8 HIGH |
| SQL Injection in pear-admin-think version 2.1.2, allows attackers to execute arbitrary code and escalate privileges via crafted GET request to Crud.php. | |||||
| CVE-2023-3864 | 2 Microsoft, Snowsoftware | 2 Windows, Snow License Manager | 2023-08-18 | N/A | 7.2 HIGH |
| Blind SQL injection in a service running in Snow Software license manager from version 8.0.0 up to and including 9.30.1 on Windows allows a logged in user with high privileges to inject SQL commands via the web portal. | |||||
| CVE-2020-36034 | 1 School Faculty Scheduling System Project | 1 School Faculty Scheduling System | 2023-08-17 | N/A | 9.8 CRITICAL |
| SQL Injection vulnerability in oretnom23 School Faculty Scheduling System version 1.0, allows remote attacker to execute arbitrary code, escalate privilieges, and gain sensitive information via crafted payload to id parameter in manage_user.php. | |||||
| CVE-2020-24950 | 1 Thedaylightstudio | 1 Fuel Cms | 2023-08-16 | N/A | 8.8 HIGH |
| SQL Injection vulnerability in file Base_module_model.php in Daylight Studio FUEL-CMS version 1.4.9, allows remote attackers to execute arbitrary code via the col parameter to function list_items. | |||||
| CVE-2020-36136 | 1 Cskaza | 1 Cszcms | 2023-08-15 | N/A | 7.5 HIGH |
| SQL Injection vulnerability in cskaza cszcms version 1.2.9, allows attackers to gain sensitive information via pm_sendmail parameter in csz_model.php. | |||||
| CVE-2023-39806 | 1 Idreamsoft | 1 Icms | 2023-08-15 | N/A | 9.8 CRITICAL |
| iCMS v7.0.16 was discovered to contain a SQL injection vulnerability via the bakupdata function. | |||||
| CVE-2023-39805 | 1 Idreamsoft | 1 Icms | 2023-08-15 | N/A | 9.8 CRITICAL |
| iCMS v7.0.16 was discovered to contain a SQL injection vulnerability via the where parameter at admincp.php. | |||||
| CVE-2023-33993 | 1 Sap | 1 Business One | 2023-08-15 | N/A | 7.5 HIGH |
| B1i module of SAP Business One - version 10.0, application allows an authenticated user with deep knowledge to send crafted queries over the network to read or modify the SQL data. On successful exploitation, the attacker can cause high impact on confidentiality, integrity and availability of the application. | |||||
| CVE-2023-3651 | 1 Digital-ant | 1 Digital Ant | 2023-08-15 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Digital Ant E-Commerce Software allows SQL Injection.This issue affects E-Commerce Software: before 11. | |||||
| CVE-2023-34545 | 1 Cskaza | 1 Cszcms | 2023-08-11 | N/A | 9.8 CRITICAL |
| A SQL injection vulnerability in CSZCMS 1.3.0 allows remote attackers to run arbitrary SQL commands via p parameter or the search URL. | |||||
| CVE-2023-3522 | 1 A2technology | 1 License Portal System | 2023-08-11 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in a2 License Portal System allows SQL Injection.This issue affects License Portal System: before 1.48. | |||||
| CVE-2023-3386 | 1 A2technology | 1 Camera Trap Tracking System | 2023-08-11 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in a2 Camera Trap Tracking System allows SQL Injection.This issue affects Camera Trap Tracking System: before 3.1905. | |||||
| CVE-2023-3717 | 1 Farmakom | 1 Remote Administration Console | 2023-08-10 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Farmakom Remote Administration Console allows SQL Injection.This issue affects Remote Administration Console: before 1.02. | |||||
| CVE-2023-37372 | 1 Siemens | 1 Ruggedcom Crossbow | 2023-08-10 | N/A | 9.8 CRITICAL |
| A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.4). The affected applications is vulnerable to SQL injection. This could allow an unauthenticated remote attackers to execute arbitrary SQL queries on the server database. | |||||