Total
15348 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-35879 | 1 Woo | 1 Product Vendors | 2024-11-21 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WooCommerce Product Vendors allows SQL Injection.This issue affects Product Vendors: from n/a through 2.1.78. | |||||
| CVE-2023-35851 | 1 Sun.net | 1 Wmpro | 2024-11-21 | N/A | 7.5 HIGH |
| SUNNET WMPro portal's FAQ function has insufficient validation for user input. An unauthenticated remote attacker can inject arbitrary SQL commands to obtain sensitive information via a database. | |||||
| CVE-2023-35811 | 1 Sugarcrm | 1 Sugarcrm | 2024-11-21 | N/A | 8.8 HIGH |
| An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3. Two SQL Injection vectors have been identified in the REST API. By using crafted requests, custom SQL code can be injected through the REST API because of missing input validation. Regular user privileges can use used for exploitation. Editions other than Enterprise are also affected. | |||||
| CVE-2023-35782 | 1 Ipandlanguageredirect Project | 1 Ipandlanguageredirect | 2024-11-21 | N/A | 8.2 HIGH |
| The ipandlanguageredirect extension before 5.1.2 for TYPO3 allows SQL Injection. | |||||
| CVE-2023-35720 | 2024-11-21 | N/A | 6.5 MEDIUM | ||
| ASUS RT-AX92U lighttpd mod_webdav.so SQL Injection Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected ASUS RT-AX92U routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the mod_webdav.so module. When parsing a request, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose information in the context of root. Was ZDI-CAN-16078. | |||||
| CVE-2023-35708 | 1 Progress | 1 Moveit Transfer | 2024-11-21 | N/A | 9.8 CRITICAL |
| In Progress MOVEit Transfer before 2021.0.8 (13.0.8), 2021.1.6 (13.1.6), 2022.0.6 (14.0.6), 2022.1.7 (14.1.7), and 2023.0.3 (15.0.3), a SQL injection vulnerability has been identified in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to MOVEit Transfer's database. An attacker could submit a crafted payload to a MOVEit Transfer application endpoint that could result in modification and disclosure of MOVEit database content. These are fixed versions of the DLL drop-in: 2020.1.10 (12.1.10), 2021.0.8 (13.0.8), 2021.1.6 (13.1.6), 2022.0.6 (14.0.6), 2022.1.7 (14.1.7), and 2023.0.3 (15.0.3). | |||||
| CVE-2023-35683 | 1 Google | 1 Android | 2024-11-21 | N/A | 5.5 MEDIUM |
| In bindSelection of DatabaseUtils.java, there is a possible way to access files from other applications due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-35188 | 1 Solarwinds | 1 Solarwinds Platform | 2024-11-21 | N/A | 8.0 HIGH |
| SQL Injection Remote Code Execution Vulnerability was found using a create statement in the SolarWinds Platform. This vulnerability requires user authentication to be exploited. | |||||
| CVE-2023-35132 | 1 Moodle | 1 Moodle | 2024-11-21 | N/A | 6.3 MEDIUM |
| A limited SQL injection risk was identified on the Mnet SSO access control page. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8, 3.11 to 3.11.14, 3.9 to 3.9.21 and earlier unsupported versions. | |||||
| CVE-2023-35072 | 1 Coyavtravel | 1 Proagent | 2024-11-21 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Coyav Travel Proagent allows SQL Injection.This issue affects Proagent: before 20230904 . | |||||
| CVE-2023-35071 | 1 Mrv | 1 Logging Administration Panel | 2024-11-21 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in MRV Tech Logging Administration Panel allows SQL Injection.This issue affects Logging Administration Panel: before 20230915 . | |||||
| CVE-2023-35070 | 1 Vegagroup | 1 Web Collection | 2024-11-21 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VegaGroup Web Collection allows SQL Injection.This issue affects Web Collection: before 31197. | |||||
| CVE-2023-35068 | 1 Bma | 1 Personnel Tracking System | 2024-11-21 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BMA Personnel Tracking System allows SQL Injection.This issue affects Personnel Tracking System: before 20230904. | |||||
| CVE-2023-35066 | 1 Infodrom | 1 E-invoice Approval System | 2024-11-21 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Infodrom Software E-Invoice Approval System allows SQL Injection.This issue affects E-Invoice Approval System: before v.20230701. | |||||
| CVE-2023-35065 | 1 Osoft | 1 Dyeing - Printing - Finishing Production Management | 2024-11-21 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Osoft Paint Production Management allows SQL Injection.This issue affects Paint Production Management: before 2.1. | |||||
| CVE-2023-35064 | 1 Satos | 1 Satos Mobile | 2024-11-21 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Satos Satos Mobile allows SQL Injection through SOAP Parameter Tampering.This issue affects Satos Mobile: before 20230607. | |||||
| CVE-2023-34976 | 1 Qnap | 1 Video Station | 2024-11-21 | N/A | 4.3 MEDIUM |
| A SQL injection vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: Video Station 5.7.0 ( 2023/07/27 ) and later | |||||
| CVE-2023-34975 | 1 Qnap | 1 Video Station | 2024-11-21 | N/A | 6.6 MEDIUM |
| An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. QuTScloud c5.1.x is not affected. We have already fixed the vulnerability in the following versions: QuTS hero h4.5.4.2626 build 20231225 and later QTS 4.5.4.2627 build 20231225 and later | |||||
| CVE-2023-34735 | 1 Property Cloud Platform Management Center Project | 1 Property Cloud Platform Management Center | 2024-11-21 | N/A | 9.8 CRITICAL |
| Property Cloud Platform Management Center 1.0 is vulnerable to error-based SQL injection. | |||||
| CVE-2023-34659 | 1 Jeecg | 1 Jeecg Boot | 2024-11-21 | N/A | 9.8 CRITICAL |
| jeecg-boot 3.5.0 and 3.5.1 have a SQL injection vulnerability the id parameter of the /jeecg-boot/jmreport/show interface. | |||||