Total
14188 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-32530 | 1 Trendmicro | 1 Apex Central | 2023-06-30 | N/A | 8.8 HIGH |
| Vulnerable modules of Trend Micro Apex Central (on-premise) contain vulnerabilities which would allow authenticated users to perform a SQL injection that could lead to remote code execution. Please note: an attacker must first obtain authentication on the target system in order to exploit these vulnerabilities. This is similar to, but not identical to CVE-2023-32529. | |||||
| CVE-2023-34601 | 1 Jeesite | 1 Jeesite | 2023-06-30 | N/A | 9.8 CRITICAL |
| Jeesite before commit 10742d3 was discovered to contain a SQL injection vulnerability via the component ${businessTable} at /act/ActDao.xml. | |||||
| CVE-2023-36284 | 1 Webkul | 1 Qloapps | 2023-06-30 | N/A | 7.5 HIGH |
| An unauthenticated Time-Based SQL injection found in Webkul QloApps 1.6.0 via GET parameter date_from, date_to, and id_product allows a remote attacker to bypass a web application's authentication and authorization mechanisms and retrieve the contents of an entire database. | |||||
| CVE-2023-32754 | 1 Thinkingsoftware | 1 Efence | 2023-06-30 | N/A | 9.8 CRITICAL |
| Thinking Software Efence login function has insufficient validation for user input. An unauthenticated remote attacker can exploit this vulnerability to inject arbitrary SQL commands to access, modify or delete database. | |||||
| CVE-2023-2907 | 1 Marksoft | 1 Marksoft | 2023-06-29 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Marksoft allows SQL Injection.This issue affects Marksoft: through Mobile:v.7.1.7 ; Login:1.4 ; API:20230605. | |||||
| CVE-2022-47593 | 1 Rapidload | 1 Rapidload Power-up For Autoptimize | 2023-06-28 | N/A | 6.5 MEDIUM |
| Auth. (subscriber+) SQL Injection (SQLi) vulnerability in RapidLoad RapidLoad Power-Up for Autoptimize plugin <= 1.6.35 versions. | |||||
| CVE-2022-47586 | 1 Themefic | 1 Ultimate Addons For Contact Form 7 | 2023-06-27 | N/A | 9.8 CRITICAL |
| Unauth. SQL Injection (SQLi) vulnerability in Themefic Ultimate Addons for Contact Form 7 plugin <= 3.1.23 versions. | |||||
| CVE-2023-35782 | 1 Ipandlanguageredirect Project | 1 Ipandlanguageredirect | 2023-06-26 | N/A | 9.8 CRITICAL |
| The ipandlanguageredirect extension before 5.1.2 for TYPO3 allows SQL Injection. | |||||
| CVE-2023-32115 | 1 Sap | 1 Master Data Synchronization | 2023-06-26 | N/A | 6.1 MEDIUM |
| An attacker can exploit MDS COMPARE TOOL and use specially crafted inputs to read and modify database commands, resulting in the retrieval of additional information persisted by the system. | |||||
| CVE-2023-34659 | 1 Jeecg | 1 Jeecg Boot | 2023-06-23 | N/A | 9.8 CRITICAL |
| jeecg-boot 3.5.0 and 3.5.1 have a SQL injection vulnerability the id parameter of the /jeecg-boot/jmreport/show interface. | |||||
| CVE-2023-35064 | 1 Satos | 1 Satos Mobile | 2023-06-23 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Satos Satos Mobile allows SQL Injection through SOAP Parameter Tampering.This issue affects Satos Mobile: before 20230607. | |||||
| CVE-2023-34249 | 1 Pybb Project | 1 Pybb | 2023-06-23 | N/A | 9.8 CRITICAL |
| benjjvi/PyBB is an open source bulletin board. Prior to commit dcaeccd37198ecd3e41ea766d1099354b60d69c2, benjjvi/PyBB is vulnerable to SQL Injection. This vulnerability has been fixed as of commit dcaeccd37198ecd3e41ea766d1099354b60d69c2. As a workaround, a user may be able to update the software manually to avoid this problem by sanitizing user queries to `BulletinDatabaseModule.py`. | |||||
| CVE-2023-34626 | 1 Piwigo | 1 Piwigo | 2023-06-22 | N/A | 4.3 MEDIUM |
| Piwigo 13.7.0 is vulnerable to SQL Injection via the "Users" function. | |||||
| CVE-2023-3047 | 1 Tmtmakine | 2 Lockcell, Lockcell Firmware | 2023-06-20 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TMT Lockcell allows SQL Injection.This issue affects Lockcell: before 15. | |||||
| CVE-2023-35708 | 1 Progress | 1 Moveit Transfer | 2023-06-20 | N/A | 9.8 CRITICAL |
| In Progress MOVEit Transfer before 2021.0.8 (13.0.8), 2021.1.6 (13.1.6), 2022.0.6 (14.0.6), 2022.1.7 (14.1.7), and 2023.0.3 (15.0.3), a SQL injection vulnerability has been identified in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to MOVEit Transfer's database. An attacker could submit a crafted payload to a MOVEit Transfer application endpoint that could result in modification and disclosure of MOVEit database content. These are fixed versions of the DLL drop-in: 2020.1.10 (12.1.10), 2021.0.8 (13.0.8), 2021.1.6 (13.1.6), 2022.0.6 (14.0.6), 2022.1.7 (14.1.7), and 2023.0.3 (15.0.3). | |||||
| CVE-2023-33817 | 1 Digitaldruid | 1 Hoteldruid | 2023-06-17 | N/A | 8.8 HIGH |
| hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability. | |||||
| CVE-2023-34581 | 1 Service Provider Management System Project | 1 Service Provider Management System | 2023-06-16 | N/A | 9.8 CRITICAL |
| Sourcecodester Service Provider Management System v1.0 is vulnerable to SQL Injection via the ID parameter in /php-spms/?page=services/view&id=2 | |||||
| CVE-2023-28701 | 1 Elite | 1 Webfax | 2023-06-09 | N/A | 9.8 CRITICAL |
| ELITE TECHNOLOGY CORP. Web Fax has a vulnerability of SQL Injection. An unauthenticated remote attacker can inject SQL commands into the input field of the login page to perform arbitrary system commands, disrupt service or terminate service. | |||||
| CVE-2023-3000 | 1 Erikogluteknoloji | 1 Energy Monitoring | 2023-06-09 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Erikoglu Technology ErMon allows Command Line Execution through SQL Injection, Authentication Bypass.This issue affects ErMon: before 230602. | |||||
| CVE-2023-33967 | 1 Megaease | 1 Easeprobe | 2023-06-07 | N/A | 9.8 CRITICAL |
| EaseProbe is a tool that can do health/status checking. An SQL injection issue was discovered in EaseProbe before 2.1.0 when using MySQL/PostgreSQL data checking. This problem has been fixed in v2.1.0. | |||||