Total
14188 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-38760 | 1 Churchcrm | 1 Churchcrm | 2023-08-09 | N/A | 7.5 HIGH |
| SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the role and gender parameters within the /QueryView.php component. | |||||
| CVE-2023-38044 | 1 Hikashop | 1 Hikashop | 2023-08-09 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability allows SQL Injection. | |||||
| CVE-2023-38762 | 1 Churchcrm | 1 Churchcrm | 2023-08-09 | N/A | 7.5 HIGH |
| SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the friendmonths parameter within the /QueryView.php. | |||||
| CVE-2023-33367 | 1 Assaabloy | 1 Control Id Idsecure | 2023-08-09 | N/A | 9.8 CRITICAL |
| A SQL injection vulnerability exists in Control ID IDSecure 4.7.26.0 and prior, allowing unauthenticated attackers to write PHP files on the server's root directory, resulting in remote code execution. | |||||
| CVE-2023-4188 | 1 Instantcms | 1 Instantcms | 2023-08-09 | N/A | 9.1 CRITICAL |
| SQL Injection in GitHub repository instantsoft/icms2 prior to 2.16.1-git. | |||||
| CVE-2023-33366 | 1 Supremainc | 1 Biostar 2 | 2023-08-09 | N/A | 8.8 HIGH |
| A SQL injection vulnerability exists in Suprema BioStar 2 before 2.9.1, which allows authenticated users to inject arbitrary SQL directives into an SQL statement and execute arbitrary SQL commands. | |||||
| CVE-2023-2760 | 1 Taphome | 2 Core, Core Firmware | 2023-08-09 | N/A | 7.6 HIGH |
| An SQL injection vulnerability exists in TapHome core HandleMessageUpdateDevicePropertiesRequest function before version 2023.2, allowing low privileged users to inject arbitrary SQL directives into an SQL query and execute arbitrary SQL commands and get full reading access. This may also lead to limited write access and temporary Denial-of-Service. | |||||
| CVE-2023-36213 | 1 Motocms | 1 Motocms | 2023-08-08 | N/A | 9.8 CRITICAL |
| SQL injection vulnerability in MotoCMS v.3.4.3 allows a remote attacker to gain privileges via the keyword parameter of the search function. | |||||
| CVE-2023-33666 | 1 Ai-dev | 1 Aioptimizedcombinations | 2023-08-08 | N/A | 9.8 CRITICAL |
| ai-dev aioptimizedcombinations before v0.1.3 was discovered to contain a SQL injection vulnerability via the component /includes/ajax.php. | |||||
| CVE-2023-33665 | 1 Ai-dev | 1 Ai-table | 2023-08-08 | N/A | 9.8 CRITICAL |
| ai-dev aitable before v0.2.2 was discovered to contain a SQL injection vulnerability via the component /includes/ajax.php. | |||||
| CVE-2023-39121 | 1 Emlog | 1 Emlog | 2023-08-08 | N/A | 7.2 HIGH |
| emlog v2.1.9 was discovered to contain a SQL injection vulnerability via the component /admin/user.php. | |||||
| CVE-2022-0366 | 1 Capsule8 | 1 Capsule8 | 2023-08-08 | 6.5 MEDIUM | 8.8 HIGH |
| An authenticated and authorized agent user could potentially gain administrative access via an SQLi vulnerability to Capsule8 Console between versions 4.6.0 and 4.9.1. | |||||
| CVE-2022-29652 | 1 Online Sports Complex Booking System Project | 1 Online Sports Complex Booking System | 2023-08-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/classes/Users.php?f=save_client. | |||||
| CVE-2023-38954 | 1 Zkteco | 1 Bioaccess Ivs | 2023-08-07 | N/A | 9.8 CRITICAL |
| ZKTeco BioAccess IVS v3.3.1 was discovered to contain a SQL injection vulnerability. | |||||
| CVE-2022-4557 | 1 Gruparge | 1 Smartpower | 2023-08-05 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Group Arge Energy and Control Systems Smartpower Web allows SQL Injection.This issue affects Smartpower Web: before 23.01.01. | |||||
| CVE-2023-34635 | 1 Wifi-soft | 1 Unibox Administration | 2023-08-04 | N/A | 9.8 CRITICAL |
| Wifi Soft Unibox Administration 3.0 and 3.1 is vulnerable to SQL Injection. The vulnerability occurs because of not validating or sanitizing the user input in the username field of the login page. | |||||
| CVE-2023-37771 | 1 Phpgurukul | 1 Art Gallery Management System | 2023-08-04 | N/A | 9.8 CRITICAL |
| Art Gallery Management System v1.0 contains a SQL injection vulnerability via the cid parameter at /agms/product.php. | |||||
| CVE-2023-3983 | 1 Advantech | 1 Iview | 2023-08-04 | N/A | 8.8 HIGH |
| An authenticated SQL injection vulnerability exists in Advantech iView versions prior to v5.7.4 build 6752. An authenticated remote attacker can bypass checks in com.imc.iview.utils.CUtils.checkSQLInjection() to perform blind SQL injection. | |||||
| CVE-2023-39122 | 1 Bmc | 1 Control-m | 2023-08-04 | N/A | 9.8 CRITICAL |
| BMC Control-M through 9.0.20.200 allows SQL injection via the /RF-Server/report/deleteReport report-id parameter. This is fixed in 9.0.21 (and is also fixed by a patch for 9.0.20.200). | |||||
| CVE-2023-37647 | 1 Sem-cms | 1 Semcms | 2023-08-04 | N/A | 9.8 CRITICAL |
| SEMCMS v1.5 was discovered to contain a SQL injection vulnerability via the id parameter at /Ant_Suxin.php. | |||||