Total
15391 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-46006 | 1 Mayurik | 1 Best Courier Management System | 2024-11-21 | N/A | 9.8 CRITICAL |
| Sourcecodester Best Courier Management System 1.0 is vulnerable to SQL Injection via the parameter id in /edit_user.php. | |||||
| CVE-2023-46005 | 1 Mayurik | 1 Best Courier Management System | 2024-11-21 | N/A | 9.8 CRITICAL |
| Sourcecodester Best Courier Management System 1.0 is vulnerable to SQL Injection via the parameter id in /edit_branch.php. | |||||
| CVE-2023-45996 | 1 Slims | 2 Senayan Library Management System, Senayan Library Management System Bulian | 2024-11-21 | N/A | 8.8 HIGH |
| SQL injection vulnerability in Senayan Library Management Systems Slims v.9 and Bulian v.9.6.1 allows a remote attacker to obtain sensitive information and execute arbitrary code via a crafted script to the reborrowLimit parameter in the member_type.php. | |||||
| CVE-2023-45951 | 1 Lylme | 1 Lylme Spage | 2024-11-21 | N/A | 9.8 CRITICAL |
| lylme_spage v1.7.0 was discovered to contain a SQL injection vulnerability via the $userip parameter at function.php. | |||||
| CVE-2023-45830 | 1 Adaplugin | 1 Accessibility Suite By Online Ada | 2024-11-21 | N/A | 8.5 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Online ADA Accessibility Suite by Online ADA allows SQL Injection.This issue affects Accessibility Suite by Online ADA: from n/a through 4.12. | |||||
| CVE-2023-45826 | 1 Leantime | 1 Leantime | 2024-11-21 | N/A | 6.5 MEDIUM |
| Leantime is an open source project management system. A 'userId' variable in `app/domain/files/repositories/class.files.php` is not parameterized. An authenticated attacker can send a carefully crafted POST request to `/api/jsonrpc` to exploit an SQL injection vulnerability. Confidentiality is impacted as it allows for dumping information from the database. This issue has been addressed in version 2.4-beta-4. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-45684 | 1 Northern.tech | 1 Cfengine | 2024-11-21 | N/A | 7.5 HIGH |
| Northern.tech CFEngine Enterprise before 3.21.3 allows SQL Injection. The fixed versions are 3.18.6 and 3.21.3. The earliest affected version is 3.6.0. The issue is in the Mission Portal login page in the CFEngine hub. | |||||
| CVE-2023-45674 | 1 Farmbot | 1 Farmbot Web App | 2024-11-21 | N/A | 7.7 HIGH |
| Farmbot-Web-App is a web control interface for the Farmbot farm automation platform. An SQL injection vulnerability was found in FarmBot's web app that allows authenticated attackers to extract arbitrary data from its database (including the user table). This issue may lead to Information Disclosure. This issue has been patched in version 15.8.4. Users are advised to upgrade. There are no known workarounds for this issue. | |||||
| CVE-2023-45657 | 1 Posimyth | 1 Nexter | 2024-11-21 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in POSIMYTH Nexter allows SQL Injection.This issue affects Nexter: from n/a through 2.0.3. | |||||
| CVE-2023-45387 | 1 Myprestamodules | 1 Exportproducts | 2024-11-21 | N/A | 9.8 CRITICAL |
| In the module "Product Catalog (CSV, Excel, XML) Export PRO" (exportproducts) in versions up to 5.0.0 from MyPrestaModules for PrestaShop, a guest can perform SQL injection via `exportProduct::_addDataToDb().` | |||||
| CVE-2023-45386 | 1 Mypresta | 1 Product Extra Tabs Pro | 2024-11-21 | N/A | 9.8 CRITICAL |
| In the module extratabspro before version 2.2.8 from MyPresta.eu for PrestaShop, a guest can perform SQL injection via `extratabspro::searchcategory()`, `extratabspro::searchproduct()` and `extratabspro::searchmanufacturer().' | |||||
| CVE-2023-45381 | 1 Webshopworks | 1 Creativepopup | 2024-11-21 | N/A | 9.8 CRITICAL |
| In the module "Creative Popup" (creativepopup) up to version 1.6.9 from WebshopWorks for PrestaShop, a guest can perform SQL injection via `cp_download_popup().` | |||||
| CVE-2023-45379 | 1 Posthemes | 1 Posrotatorimg | 2024-11-21 | N/A | 9.8 CRITICAL |
| In the module "Rotator Img" (posrotatorimg) in versions at least up to 1.1 from PosThemes for PrestaShop, a guest can perform SQL injection. | |||||
| CVE-2023-45378 | 1 Hdclic | 1 Prestablog | 2024-11-21 | N/A | 9.8 CRITICAL |
| In the module "PrestaBlog" (prestablog) version 4.4.7 and before from HDclic for PrestaShop, a guest can perform SQL injection. The script ajax slider_positions.php has a sensitive SQL call that can be executed with a trivial http call and exploited to forge a SQL injection. | |||||
| CVE-2023-45376 | 1 Hipresta | 1 Carousels Pack | 2024-11-21 | N/A | 9.8 CRITICAL |
| In the module "Carousels Pack - Instagram, Products, Brands, Supplier" (hicarouselspack) for PrestaShop up to version 1.5.0 from HiPresta for PrestaShop, a guest can perform SQL injection via HiCpProductGetter::getViewedProduct().` | |||||
| CVE-2023-45375 | 1 01generator | 1 Pireospay | 2024-11-21 | N/A | 8.8 HIGH |
| In the module "PireosPay" (pireospay) before version 1.7.10 from 01generator.com for PrestaShop, a guest can perform SQL injection via `PireosPayValidationModuleFrontController::postProcess().` | |||||
| CVE-2023-45347 | 1 Projectworlds | 1 Online Food Ordering Script | 2024-11-21 | N/A | 9.8 CRITICAL |
| Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The '*_verified' parameter of the routers/user-router.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2023-45346 | 1 Projectworlds | 1 Online Food Ordering Script | 2024-11-21 | N/A | 9.8 CRITICAL |
| Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The '*_role' parameter of the routers/user-router.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2023-45345 | 1 Projectworlds | 1 Online Food Ordering Script | 2024-11-21 | N/A | 9.8 CRITICAL |
| Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The '*_deleted' parameter of the routers/user-router.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2023-45344 | 1 Projectworlds | 1 Online Food Ordering System | 2024-11-21 | N/A | 9.8 CRITICAL |
| Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The '*_balance' parameter of the routers/user-router.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||