Total
14188 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-27463 | 1 Siemens | 1 Ruggedcom Crossbow | 2023-03-17 | N/A | 8.8 HIGH |
| A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.3). The audit log form of affected applications is vulnerable to SQL injection. This could allow authenticated remote attackers to execute arbitrary SQL queries on the server database. | |||||
| CVE-2023-1361 | 1 Bumsys Project | 1 Bumsys | 2023-03-15 | N/A | 6.5 MEDIUM |
| SQL Injection in GitHub repository unilogies/bumsys prior to v2.0.2. | |||||
| CVE-2022-24281 | 1 Siemens | 1 Sinec Network Management System | 2023-03-14 | 6.5 MEDIUM | 7.2 HIGH |
| A vulnerability has been identified in SINEC NMS (All versions < V1.0.3), SINEMA Server V14 (All versions). A privileged authenticated attacker could execute arbitrary commands in the local database by sending specially crafted requests to the webserver of the affected application. | |||||
| CVE-2021-36393 | 1 Moodle | 1 Moodle | 2023-03-13 | N/A | 9.8 CRITICAL |
| In Moodle, an SQL injection risk was identified in the library fetching a user's recent courses. | |||||
| CVE-2021-36392 | 1 Moodle | 1 Moodle | 2023-03-13 | N/A | 9.8 CRITICAL |
| In Moodle, an SQL injection risk was identified in the library fetching a user's enrolled courses. | |||||
| CVE-2023-27213 | 1 Online Student Management System Project | 1 Online Student Management System | 2023-03-13 | N/A | 9.8 CRITICAL |
| Online Student Management System v1.0 was discovered to contain a SQL injection vulnerability via the searchdata parameter at /eduauth/student/search.php. | |||||
| CVE-2023-27214 | 1 Online Student Management System Project | 1 Online Student Management System | 2023-03-13 | N/A | 9.8 CRITICAL |
| Online Student Management System v1.0 was discovered to contain multiple SQL injection vulnerabilities via the fromdate and todate parameters at /eduauth/student/between-date-reprtsdetails.php. | |||||
| CVE-2023-27210 | 1 Online Pizza Ordering System Project | 1 Online Pizza Ordering System | 2023-03-13 | N/A | 9.8 CRITICAL |
| Online Pizza Ordering System 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/view_order.php. | |||||
| CVE-2023-27207 | 1 Online Pizza Ordering System Project | 1 Online Pizza Ordering System | 2023-03-13 | N/A | 9.8 CRITICAL |
| Online Pizza Ordering System 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/manage_user.php. | |||||
| CVE-2023-27204 | 1 Best Pos Management System Project | 1 Best Pos Management System | 2023-03-13 | N/A | 9.8 CRITICAL |
| Best POS Management System 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /kruxton/manage_user.php. | |||||
| CVE-2023-27205 | 1 Best Pos Management System Project | 1 Best Pos Management System | 2023-03-13 | N/A | 9.8 CRITICAL |
| Best POS Management System 1.0 was discovered to contain a SQL injection vulnerability via the month parameter at /kruxton/sales_report.php. | |||||
| CVE-2023-1211 | 1 Phpipam | 1 Phpipam | 2023-03-11 | N/A | 7.2 HIGH |
| SQL Injection in GitHub repository phpipam/phpipam prior to v1.5.2. | |||||
| CVE-2022-46501 | 1 Accruent | 1 Maintenance Connection | 2023-03-10 | N/A | 9.8 CRITICAL |
| Accruent LLC Maintenance Connection 2021 (all) & 2022.2 was discovered to contain a SQL injection vulnerability via the E-Mail to Work Order function. | |||||
| CVE-2023-26780 | 1 Yf-exam Project | 1 Yf-exam | 2023-03-10 | N/A | 9.8 CRITICAL |
| CleverStupidDog yf-exam v 1.8.0 is vulnerable to SQL Injection. | |||||
| CVE-2023-23315 | 1 Stripe | 1 Stripe Payment Pro | 2023-03-10 | N/A | 9.8 CRITICAL |
| The PrestaShop e-commerce platform module stripejs contains a Blind SQL injection vulnerability up to version 4.5.5. The method `stripejsValidationModuleFrontController::initContent()` has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection. | |||||
| CVE-2023-24643 | 1 Judging Management System Project | 1 Judging Management System | 2023-03-09 | N/A | 9.8 CRITICAL |
| Judging Management System v1.0 was discovered to contain a SQL injection vulnerability via the sid parameter at /php-jms/updateBlankTxtview.php. | |||||
| CVE-2022-1531 | 1 Rtx Project | 1 Rtx | 2023-03-07 | 10.0 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in ARAX-UI Synonym Lookup functionality in GitHub repository rtxteam/rtx prior to checkpoint_2022-04-20 . This vulnerability is critical as it can lead to remote code execution and thus complete server takeover. | |||||
| CVE-2023-24253 | 1 Domoticalabs | 1 Ikon Server | 2023-03-07 | N/A | 9.8 CRITICAL |
| Domotica Labs srl Ikon Server before v2.8.6 was discovered to contain a SQL injection vulnerability. | |||||
| CVE-2023-24206 | 1 Davinci Project | 1 Davinci | 2023-03-07 | N/A | 9.8 CRITICAL |
| Davinci v0.3.0-rc was discovered to contain a SQL injection vulnerability via the copyDisplay function. | |||||
| CVE-2023-26037 | 1 Zoneminder | 1 Zoneminder | 2023-03-07 | N/A | 9.8 CRITICAL |
| ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain an SQL Injection. The minTime and maxTime request parameters are not properly validated and could be used execute arbitrary SQL. This issue is fixed in versions 1.36.33 and 1.37.33. | |||||