Total
15349 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-38768 | 1 Churchcrm | 1 Churchcrm | 2024-11-21 | N/A | 7.5 HIGH |
| SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the PropertyID parameter within the /QueryView.php. | |||||
| CVE-2023-38767 | 1 Churchcrm | 1 Churchcrm | 2024-11-21 | N/A | 7.5 HIGH |
| SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the 'value' and 'custom' parameters within the /QueryView.php. | |||||
| CVE-2023-38765 | 1 Churchcrm | 1 Churchcrm | 2024-11-21 | N/A | 7.5 HIGH |
| SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the membermonth parameter within the /QueryView.php. | |||||
| CVE-2023-38764 | 1 Churchcrm | 1 Churchcrm | 2024-11-21 | N/A | 7.5 HIGH |
| SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the birthmonth and percls parameters within the /QueryView.php. | |||||
| CVE-2023-38763 | 1 Churchcrm | 1 Churchcrm | 2024-11-21 | N/A | 6.5 MEDIUM |
| SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the FundRaiserID parameter within the /FundRaiserEditor.php endpoint. | |||||
| CVE-2023-38762 | 1 Churchcrm | 1 Churchcrm | 2024-11-21 | N/A | 7.5 HIGH |
| SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the friendmonths parameter within the /QueryView.php. | |||||
| CVE-2023-38760 | 1 Churchcrm | 1 Churchcrm | 2024-11-21 | N/A | 7.5 HIGH |
| SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the role and gender parameters within the /QueryView.php component. | |||||
| CVE-2023-38519 | 1 Mainwp | 1 Mainwp Dashboard | 2024-11-21 | N/A | 7.6 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in MainWP MainWP Dashboard – WordPress Manager for Multiple Websites Maintenance.This issue affects MainWP Dashboard – WordPress Manager for Multiple Websites Maintenance: from n/a through 4.4.3.3. | |||||
| CVE-2023-38391 | 1 Themesgrove | 1 Onepage Builder | 2024-11-21 | N/A | 7.2 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themesgrove Onepage Builder allows SQL Injection.This issue affects Onepage Builder: from n/a through 2.4.1. | |||||
| CVE-2023-38382 | 1 Subscribe To Category Project | 1 Subscribe To Category | 2024-11-21 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Daniel Söderström / Sidney van de Stouwe Subscribe to Category allows SQL Injection.This issue affects Subscribe to Category: from n/a through 2.7.4. | |||||
| CVE-2023-38250 | 1 Adobe | 2 Commerce, Magento | 2024-11-21 | N/A | 8.0 HIGH |
| Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could lead in arbitrary code execution by an admin-privilege authenticated attacker. Exploitation of this issue does not require user interaction and attack complexity is high as it requires knowledge of tooling beyond just using the UI. | |||||
| CVE-2023-38249 | 1 Adobe | 2 Commerce, Magento | 2024-11-21 | N/A | 8.0 HIGH |
| Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could lead in arbitrary code execution by an admin-privilege authenticated attacker. Exploitation of this issue does not require user interaction and attack complexity is high as it requires knowledge of tooling beyond just using the UI. | |||||
| CVE-2023-38221 | 1 Adobe | 2 Commerce, Magento | 2024-11-21 | N/A | 8.0 HIGH |
| Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could lead in arbitrary code execution by an admin-privilege authenticated attacker. Exploitation of this issue does not require user interaction and attack complexity is high as it requires knowledge of tooling beyond just using the UI. | |||||
| CVE-2023-38190 | 1 Superwebmailer | 1 Superwebmailer | 2024-11-21 | N/A | 8.8 HIGH |
| An issue was discovered in SuperWebMailer 9.00.0.01710. It allows Export SQL Injection via the size parameter. | |||||
| CVE-2023-38044 | 1 Hikashop | 1 Hikashop | 2024-11-21 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability allows SQL Injection. | |||||
| CVE-2023-37966 | 1 Solwininfotech | 1 User Activity Log | 2024-11-21 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Solwin Infotech User Activity Log user-activity-log allows SQL Injection.This issue affects User Activity Log: from n/a through 1.6.2. | |||||
| CVE-2023-37847 | 1 Novel-plus | 1 Novel-plus | 2024-11-21 | N/A | 9.8 CRITICAL |
| novel-plus v3.6.2 was discovered to contain a SQL injection vulnerability. | |||||
| CVE-2023-37824 | 1 Sitolog | 1 Sitolog Application Connect | 2024-11-21 | N/A | 9.8 CRITICAL |
| Sitolog sitologapplicationconnect v7.8.a and before was discovered to contain a SQL injection vulnerability via the component /activate_hook.php. | |||||
| CVE-2023-37772 | 1 Phpgurukul | 1 Online Shopping Portal | 2024-11-21 | N/A | 8.8 HIGH |
| Online Shopping Portal Project v3.1 was discovered to contain a SQL injection vulnerability via the Email parameter at /shopping/login.php. | |||||
| CVE-2023-37771 | 1 Phpgurukul | 1 Art Gallery Management System | 2024-11-21 | N/A | 9.8 CRITICAL |
| Art Gallery Management System v1.0 contains a SQL injection vulnerability via the cid parameter at /agms/product.php. | |||||