Total
15343 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-34576 | 1 Opartfaq Project | 1 Opartfaq | 2024-11-21 | N/A | 9.8 CRITICAL |
| SQL injection vulnerability in updatepos.php in PrestaShop opartfaq through 1.0.3 allows remote attackers to run arbitrary SQL commands via unspedified vector. | |||||
| CVE-2023-34575 | 1 Op\'art Save Cart Project | 1 Op\'art Save Cart | 2024-11-21 | N/A | 9.8 CRITICAL |
| SQL injection vulnerability in PrestaShop opartsavecart through 2.0.7 allows remote attackers to run arbitrary SQL commands via OpartSaveCartDefaultModuleFrontController::initContent() and OpartSaveCartDefaultModuleFrontController::displayAjaxSendCartByEmail() methods. | |||||
| CVE-2023-34545 | 1 Cskaza | 1 Cszcms | 2024-11-21 | N/A | 9.8 CRITICAL |
| A SQL injection vulnerability in CSZCMS 1.3.0 allows remote attackers to run arbitrary SQL commands via p parameter or the search URL. | |||||
| CVE-2023-34487 | 1 Online Hotel Management System Project | 1 Online Hotel Management System | 2024-11-21 | N/A | 9.8 CRITICAL |
| itsourcecode Online Hotel Management System Project In PHP v1.0.0 is vulnerable to SQL Injection. SQL injection points exist in the login password input box. This vulnerability can be exploited through time-based blind injection. | |||||
| CVE-2023-34477 | 1 Braincert | 1 Virtual Classroom | 2024-11-21 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability allows SQL Injection. | |||||
| CVE-2023-34476 | 1 Mooj | 1 Proforms | 2024-11-21 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability allows SQL Injection. | |||||
| CVE-2023-34418 | 1 Lenovo | 1 Xclarity Administrator | 2024-11-21 | N/A | 8.1 HIGH |
| A valid, authenticated LXCA user may be able to gain unauthorized access to events and other data stored in LXCA due to a SQL injection vulnerability in a specific web API. | |||||
| CVE-2023-34383 | 1 Wedevs | 1 Wp Project Manager | 2024-11-21 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in weDevs WP Project Manager wedevs-project-manager allows SQL Injection.This issue affects WP Project Manager: from n/a through 2.6.0. | |||||
| CVE-2023-34249 | 1 Pybb Project | 1 Pybb | 2024-11-21 | N/A | 9.8 CRITICAL |
| benjjvi/PyBB is an open source bulletin board. Prior to commit dcaeccd37198ecd3e41ea766d1099354b60d69c2, benjjvi/PyBB is vulnerable to SQL Injection. This vulnerability has been fixed as of commit dcaeccd37198ecd3e41ea766d1099354b60d69c2. As a workaround, a user may be able to update the software manually to avoid this problem by sanitizing user queries to `BulletinDatabaseModule.py`. | |||||
| CVE-2023-34210 | 1 Easyuse | 1 Mailhunter Ultimate | 2024-11-21 | N/A | 7.7 HIGH |
| SQL Injection in create customer group function in EasyUse MailHunter Ultimate 2023 and earlier allow remote authenticated users to execute arbitrary SQL commands via the ctl00$ContentPlaceHolder1$txtCustSQL parameter. | |||||
| CVE-2023-34179 | 1 Groundhogg | 1 Groundhogg | 2024-11-21 | N/A | 7.2 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Groundhogg Inc. Groundhogg allows SQL Injection.This issue affects Groundhogg: from n/a through 2.7.11. | |||||
| CVE-2023-34168 | 1 Esiteq | 1 Wp Report Post | 2024-11-21 | N/A | 7.6 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Alex Raven WP Report Post allows SQL Injection.This issue affects WP Report Post: from n/a through 2.1.2. | |||||
| CVE-2023-33993 | 1 Sap | 1 Business One | 2024-11-21 | N/A | 7.1 HIGH |
| B1i module of SAP Business One - version 10.0, application allows an authenticated user with deep knowledge to send crafted queries over the network to read or modify the SQL data. On successful exploitation, the attacker can cause high impact on confidentiality, integrity and availability of the application. | |||||
| CVE-2023-33967 | 1 Megaease | 1 Easeprobe | 2024-11-21 | N/A | 8.2 HIGH |
| EaseProbe is a tool that can do health/status checking. An SQL injection issue was discovered in EaseProbe before 2.1.0 when using MySQL/PostgreSQL data checking. This problem has been fixed in v2.1.0. | |||||
| CVE-2023-33945 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2024-11-21 | N/A | 6.4 MEDIUM |
| SQL injection vulnerability in the upgrade process for SQL Server in Liferay Portal 7.3.1 through 7.4.3.17, and Liferay DXP 7.3 before update 6, and 7.4 before update 18 allows attackers to execute arbitrary SQL commands via the name of a database table's primary key index. This vulnerability is only exploitable when chained with other attacks. To exploit this vulnerability, the attacker must modify the database and wait for the application to be upgraded. | |||||
| CVE-2023-33927 | 1 Themeisle | 1 Multiple Page Generator | 2024-11-21 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeisle Multiple Page Generator Plugin – MPG multiple-pages-generator-by-porthas allows SQL Injection.This issue affects Multiple Page Generator Plugin – MPG: from n/a through 3.3.19. | |||||
| CVE-2023-33924 | 1 Felixwelberg | 1 Sis Handball | 2024-11-21 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Felix Welberg SIS Handball allows SQL Injection.This issue affects SIS Handball: from n/a through 1.0.45. | |||||
| CVE-2023-33852 | 1 Ibm | 1 Security Guardium | 2024-11-21 | N/A | 7.6 HIGH |
| IBM Security Guardium 11.4 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 257614. | |||||
| CVE-2023-33817 | 1 Digitaldruid | 1 Hoteldruid | 2024-11-21 | N/A | 8.8 HIGH |
| hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability. | |||||
| CVE-2023-33666 | 1 Ai-dev | 1 Aioptimizedcombinations | 2024-11-21 | N/A | 9.8 CRITICAL |
| ai-dev aioptimizedcombinations before v0.1.3 was discovered to contain a SQL injection vulnerability via the component /includes/ajax.php. | |||||