Total
14188 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-37472 | 1 Eng | 1 Knowage | 2023-07-27 | N/A | 6.5 MEDIUM |
| Knowage is an open source suite for business analytics. The application often use user supplied data to create HQL queries without prior sanitization. An attacker can create specially crafted HQL queries that will break subsequent SQL queries generated by the Hibernate engine. The endpoint `_/knowage/restful-services/2.0/documents/listDocument_` calls the `_countBIObjects_` method of the `_BIObjectDAOHibImpl_` object with the user supplied `_label_` parameter without prior sanitization. This can lead to SQL injection in the backing database. Other injections have been identified in the application as well. An authenticated attacker with low privileges could leverage this vulnerability in order to retrieve sensitive information from the database, such as account credentials or business information. This issue has been addressed in version 8.1.8. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-3743 | 1 Leothemes | 1 Ap Page Builder | 2023-07-27 | N/A | 7.5 HIGH |
| Ap Page Builder, in versions lower than 1.7.8.2, could allow a remote attacker to send a specially crafted SQL query to the product_one_img parameter to retrieve the information stored in the database. | |||||
| CVE-2023-3820 | 1 Pimcore | 1 Pimcore | 2023-07-26 | N/A | 7.2 HIGH |
| SQL Injection in GitHub repository pimcore/pimcore prior to 10.6.4. | |||||
| CVE-2023-2963 | 1 Olivaekspertiz | 1 Oliva Ekspertiz | 2023-07-26 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Oliva Expertise Oliva Expertise EKS allows SQL Injection.This issue affects Oliva Expertise EKS: before 1.2. | |||||
| CVE-2023-3673 | 1 Pimcore | 1 Pimcore | 2023-07-26 | N/A | 7.2 HIGH |
| SQL Injection in GitHub repository pimcore/pimcore prior to 10.5.24. | |||||
| CVE-2023-3376 | 1 Dijital | 1 Zekiweb | 2023-07-26 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Digital Strategy Zekiweb allows SQL Injection.This issue affects Zekiweb: before 2. | |||||
| CVE-2023-23660 | 1 Mainwp | 1 Mainwp Maintenance Extension | 2023-07-26 | N/A | 8.8 HIGH |
| Auth. (subscriber+) SQL Injection (SQLi) vulnerability in MainWP MainWP Maintenance Extension plugin <= 4.1.1 versions. | |||||
| CVE-2023-35070 | 1 Vegagroup | 1 Web Collection | 2023-07-25 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VegaGroup Web Collection allows SQL Injection.This issue affects Web Collection: before 31197. | |||||
| CVE-2023-2957 | 1 Lisayazilim | 1 Florist Site | 2023-07-20 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Lisa Software Florist Site allows SQL Injection.This issue affects Florist Site: before 3.0. | |||||
| CVE-2023-37627 | 1 Code-projects | 1 Online Restaurant Management System | 2023-07-20 | N/A | 9.8 CRITICAL |
| Code-projects Online Restaurant Management System 1.0 is vulnerable to SQL Injection. Through SQL injection, an attacker can bypass the admin panel and view order records, add items, delete items etc. | |||||
| CVE-2023-37628 | 1 Simple Online Piggery Management System Project | 1 Simple Online Piggery Management System | 2023-07-20 | N/A | 9.8 CRITICAL |
| Online Piggery Management System 1.0 is vulnerable to SQL Injection. | |||||
| CVE-2023-37196 | 1 Schneider-electric | 1 Struxureware Data Center Expert | 2023-07-19 | N/A | 8.8 HIGH |
| A CWE-89: Improper Neutralization of Special Elements vulnerability used in an SQL Command ('SQL Injection') vulnerability exists that could allow a user already authenticated on DCE to access unauthorized content, change, or delete content, or perform unauthorized actions when tampering with the alert settings of endpoints on DCE. | |||||
| CVE-2023-37197 | 1 Schneider-electric | 1 Struxureware Data Center Expert | 2023-07-19 | N/A | 8.8 HIGH |
| A CWE-89: Improper Neutralization of Special Elements vulnerability used in an SQL Command ('SQL Injection') vulnerability exists that could allow a user already authenticated on DCE to access unauthorized content, change, or delete content, or perform unauthorized actions when tampering with the mass configuration settings of endpoints on DCE. | |||||
| CVE-2023-26861 | 1 Vivawallet | 1 Viva Wallet | 2023-07-18 | N/A | 9.8 CRITICAL |
| SQL injection vulnerability found in PrestaShop vivawallet v.1.7.10 and before allows a remote attacker to gain privileges via the vivawallet() module. | |||||
| CVE-2023-36293 | 1 Wmanager | 1 Wmanager | 2023-07-18 | N/A | 7.5 HIGH |
| SQL injection vulnerability in wmanager v.1.0.7 and before allows a remote attacker to obtain sensitive information via a crafted script to the company.php component. | |||||
| CVE-2023-3045 | 1 Tise | 1 Parking Web Report | 2023-07-17 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tise Technology Parking Web Report allows SQL Injection.This issue affects Parking Web Report: before 2.1. | |||||
| CVE-2023-33664 | 1 Ai-dev | 1 Declinaisons A La Volee | 2023-07-17 | N/A | 8.8 HIGH |
| ai-dev aicombinationsonfly before v0.3.1 was discovered to contain a SQL injection vulnerability via the component /includes/ajax.php. | |||||
| CVE-2023-2046 | 1 Yontemizleme | 1 Vehicle Tracking System | 2023-07-14 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Yontem Informatics Vehicle Tracking System allows SQL Injection.This issue affects Vehicle Tracking System: before 8. | |||||
| CVE-2023-2852 | 1 Softmedyazilim | 1 Selfpatron | 2023-07-14 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Softmed SelfPatron allows SQL Injection.This issue affects SelfPatron : before 2.0. | |||||
| CVE-2023-37270 | 1 Piwigo | 1 Piwigo | 2023-07-14 | N/A | 8.8 HIGH |
| Piwigo is open source photo gallery software. Prior to version 13.8.0, there is a SQL Injection vulnerability in the login of the administrator screen. The SQL statement that acquires the HTTP Header `User-Agent` is vulnerable at the endpoint that records user information when logging in to the administrator screen. It is possible to execute arbitrary SQL statements. Someone who wants to exploit the vulnerability must be log in to the administrator screen, even with low privileges. Any SQL statement can be executed. Doing so may leak information from the database. Version 13.8.0 contains a fix for this issue. As another mitigation, those who want to execute a SQL statement verbatim with user-enterable parameters should be sure to escape the parameter contents appropriately. | |||||