Total
15388 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-44294 | 1 Dell | 1 Secure Connect Gateway | 2024-11-21 | N/A | 5.4 MEDIUM |
| In Dell Secure Connect Gateway Application and Secure Connect Gateway Appliance (between v5.10.00.00 and v5.18.00.00), a security concern has been identified, where a malicious user with a valid User session may inject malicious content in filters of Collection Rest API. This issue may potentially lead to unintentional information disclosure from the product database. | |||||
| CVE-2023-44293 | 1 Dell | 1 Secure Connect Gateway | 2024-11-21 | N/A | 5.4 MEDIUM |
| In Dell Secure Connect Gateway Application and Secure Connect Gateway Appliance (between v5.10.00.00 and v5.18.00.00), a security concern has been identified, where a malicious user with a valid User session may inject malicious content in filters of IP Range Rest API. This issue may potentially lead to unintentional information disclosure from the product database. | |||||
| CVE-2023-44284 | 1 Dell | 12 Apex Protection Storage, Dd3300, Dd6400 and 9 more | 2024-11-21 | N/A | 4.3 MEDIUM |
| Dell PowerProtect DD , versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an SQL Injection vulnerability. A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application's backend database causing unauthorized read access to application data. | |||||
| CVE-2023-44267 | 1 Projectworlds | 1 Online Art Gallery | 2024-11-21 | N/A | 9.8 CRITICAL |
| Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'lnm' parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2023-44166 | 1 Projectworlds | 1 Online Movie Ticket Booking System | 2024-11-21 | N/A | 9.8 CRITICAL |
| The 'age' parameter of the process_registration.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2023-44164 | 1 Projectworlds | 1 Online Movie Ticket Booking System | 2024-11-21 | N/A | 9.8 CRITICAL |
| The 'Email' parameter of the process_login.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2023-44163 | 1 Projectworlds | 1 Online Movie Ticket Booking System | 2024-11-21 | N/A | 9.8 CRITICAL |
| The 'search' parameter of the process_search.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2023-44091 | 2024-11-21 | N/A | 7.5 HIGH | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Pandora FMS on all allows SQL Injection. This ulnerability allowed SQL injections to be made even if authentication failed.This issue affects Pandora FMS: from 700 through <776. | |||||
| CVE-2023-44090 | 2024-11-21 | N/A | 6.8 MEDIUM | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Pandora FMS on all allows CVE-2008-5817. This vulnerability allowed SQL changes to be made to several files in the Grafana module. This issue affects Pandora FMS: from 700 through <776. | |||||
| CVE-2023-44088 | 1 Pandorafms | 1 Pandora Fms | 2024-11-21 | N/A | 5.9 MEDIUM |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Pandora FMS on all allows SQL Injection. Arbitrary SQL queries were allowed to be executed using any account with low privileges. This issue affects Pandora FMS: from 700 through 774. | |||||
| CVE-2023-44044 | 1 Superstorefinder | 1 Super Store Finder | 2024-11-21 | N/A | 7.2 HIGH |
| Super Store Finder v3.6 and below was discovered to contain a SQL injection vulnerability via the Search parameter at /admin/stores.php. | |||||
| CVE-2023-44025 | 1 Addify | 1 Free Gifts | 2024-11-21 | N/A | 9.8 CRITICAL |
| SQL injection vulnerability in addify Addifyfreegifts v.1.0.2 and before allows a remote attacker to execute arbitrary code via a crafted script to the getrulebyid function in the AddifyfreegiftsModel.php component. | |||||
| CVE-2023-44024 | 1 Knowband | 1 One Page Checkout\, Social Login \& Mailchimp | 2024-11-21 | N/A | 9.8 CRITICAL |
| SQL injection vulnerability in KnowBand Module One Page Checkout, Social Login & Mailchimp (supercheckout) v.8.0.3 and before allows a remote attacker to execute arbitrary code via a crafted request to the updateCheckoutBehaviour function in the supercheckout.php component. | |||||
| CVE-2023-43986 | 1 Dmconcept | 1 Configurator | 2024-11-21 | N/A | 9.8 CRITICAL |
| DM Concept configurator before v4.9.4 was discovered to contain a SQL injection vulnerability via the component ConfiguratorAttachment::getAttachmentByToken. | |||||
| CVE-2023-43983 | 1 Presto-changeo | 1 Attribute Grid | 2024-11-21 | N/A | 9.8 CRITICAL |
| Presto Changeo attributegrid up to 2.0.3 was discovered to contain a SQL injection vulnerability via the component disable_json.php. | |||||
| CVE-2023-43980 | 1 Presto-changeo | 1 Testsitecreator | 2024-11-21 | N/A | 9.8 CRITICAL |
| Presto Changeo testsitecreator up to v1.1.1 was discovered to contain a SQL injection vulnerability via the component disable_json.php. | |||||
| CVE-2023-43979 | 1 Prestahero | 1 Ybc Blog | 2024-11-21 | N/A | 9.8 CRITICAL |
| ETS Soft ybc_blog before v4.4.0 was discovered to contain a SQL injection vulnerability via the component Ybc_blogBlogModuleFrontController::getPosts(). | |||||
| CVE-2023-43909 | 1 Hospital Management System Project | 1 Hospital Management System | 2024-11-21 | N/A | 9.1 CRITICAL |
| Hospital Management System thru commit 4770d was discovered to contain a SQL injection vulnerability via the app_contact parameter in appsearch.php. | |||||
| CVE-2023-43899 | 1 Hansuncms Project | 1 Hansuncms | 2024-11-21 | N/A | 9.8 CRITICAL |
| hansun CMS v1.0 was discovered to contain a SQL injection vulnerability via the component /ajax/ajax_login.ashx. | |||||
| CVE-2023-43836 | 1 Jizhicms | 1 Jizhicms | 2024-11-21 | N/A | 6.5 MEDIUM |
| There is a SQL injection vulnerability in the Jizhicms 2.4.9 backend, which users can use to obtain database information | |||||