Total
15327 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-24206 | 1 Davinci Project | 1 Davinci | 2024-11-21 | N/A | 9.8 CRITICAL |
| Davinci v0.3.0-rc was discovered to contain a SQL injection vulnerability via the copyDisplay function. | |||||
| CVE-2023-24000 | 1 Gamipress | 1 Gamipress | 2024-11-21 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in GamiPress gamipress allows SQL Injection.This issue affects GamiPress: from n/a through 2.5.7. | |||||
| CVE-2023-23991 | 2024-11-21 | N/A | 7.6 HIGH | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPdevelop / Oplugins Booking Calendar allows SQL Injection.This issue affects Booking Calendar: from n/a through 9.4.3. | |||||
| CVE-2023-23824 | 1 Wp Topbar Project | 1 Wp Topbar | 2024-11-21 | N/A | 6.7 MEDIUM |
| Auth. SQL Injection (SQLi) vulnerability in WP-TopBar <= 5.36 versions. | |||||
| CVE-2023-23758 | 1 Creative-solutions | 1 Creative Gallery | 2024-11-21 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability allows SQL Injection. | |||||
| CVE-2023-23757 | 1 Bestaddon | 1 Bestaddon Gallery | 2024-11-21 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability allows SQL Injection. | |||||
| CVE-2023-23737 | 1 Managewp | 1 Broken Link Checker | 2024-11-21 | N/A | 9.3 CRITICAL |
| Unauth. SQL Injection (SQLi) vulnerability in MainWP MainWP Broken Links Checker Extension plugin <= 4.0 versions. | |||||
| CVE-2023-23660 | 1 Mainwp | 1 Mainwp Maintenance Extension | 2024-11-21 | N/A | 8.5 HIGH |
| Auth. (subscriber+) SQL Injection (SQLi) vulnerability in MainWP MainWP Maintenance Extension plugin <= 4.1.1 versions. | |||||
| CVE-2023-23651 | 1 Mainwp | 1 Mainwp Google Analytics Extension | 2024-11-21 | N/A | 8.5 HIGH |
| Auth. (subscriber+) SQL Injection (SQLi) vulnerability in MainWP Google Analytics Extension plugin <= 4.0.4 versions. | |||||
| CVE-2023-23634 | 1 Documize | 1 Documize | 2024-11-21 | N/A | 9.8 CRITICAL |
| SQL Injection vulnerability in Documize version 5.4.2, allows remote attackers to execute arbitrary code via the user parameter of the /api/dashboard/activity endpoint. | |||||
| CVE-2023-23563 | 1 Geomatika | 1 Isigeo Web | 2024-11-21 | N/A | 6.5 MEDIUM |
| An issue was discovered in Geomatika IsiGeo Web 6.0. It allows remote authenticated users to obtain sensitive database content via SQL Injection. | |||||
| CVE-2023-23315 | 1 Stripe | 1 Stripe Payment Pro | 2024-11-21 | N/A | 9.8 CRITICAL |
| The PrestaShop e-commerce platform module stripejs contains a Blind SQL injection vulnerability up to version 4.5.5. The method `stripejsValidationModuleFrontController::initContent()` has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection. | |||||
| CVE-2023-23163 | 1 Phpgurukul | 1 Art Gallery Management System | 2024-11-21 | N/A | 9.8 CRITICAL |
| Art Gallery Management System Project v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter. | |||||
| CVE-2023-23162 | 1 Phpgurukul | 1 Art Gallery Management System | 2024-11-21 | N/A | 9.8 CRITICAL |
| Art Gallery Management System Project v1.0 was discovered to contain a SQL injection vulnerability via the cid parameter at product.php. | |||||
| CVE-2023-23156 | 1 Phpgurukul | 1 Art Gallery Management System | 2024-11-21 | N/A | 9.8 CRITICAL |
| Art Gallery Management System Project in PHP 1.0 was discovered to contain a SQL injection vulnerability via the pid parameter in the single-product page. | |||||
| CVE-2023-23155 | 1 Phpgurukul | 1 Art Gallery Management System | 2024-11-21 | N/A | 9.8 CRITICAL |
| Art Gallery Management System Project in PHP 1.0 was discovered to contain a SQL injection vulnerability via the username parameter in the Admin Login. | |||||
| CVE-2023-22900 | 1 Thinkingsoftware | 1 Efence | 2024-11-21 | N/A | 9.8 CRITICAL |
| Efence login function has insufficient validation for user input. An unauthenticated remote attacker can exploit this vulnerability to inject arbitrary SQL commands to access, modify or delete database. | |||||
| CVE-2023-22794 | 1 Activerecord Project | 1 Activerecord | 2024-11-21 | N/A | 8.8 HIGH |
| A vulnerability in ActiveRecord <6.0.6.1, v6.1.7.1 and v7.0.4.1 related to the sanitization of comments. If malicious user input is passed to either the `annotate` query method, the `optimizer_hints` query method, or through the QueryLogs interface which automatically adds annotations, it may be sent to the database withinsufficient sanitization and be able to inject SQL outside of the comment. | |||||
| CVE-2023-22727 | 1 Cakephp | 1 Cakephp | 2024-11-21 | N/A | 9.8 CRITICAL |
| CakePHP is a development framework for PHP web apps. In affected versions the `Cake\Database\Query::limit()` and `Cake\Database\Query::offset()` methods are vulnerable to SQL injection if passed un-sanitized user request data. This issue has been fixed in 4.2.12, 4.3.11, 4.4.10. Users are advised to upgrade. Users unable to upgrade may mitigate this issue by using CakePHP's Pagination library. Manually validating or casting parameters to these methods will also mitigate the issue. | |||||
| CVE-2023-22583 | 1 Danfoss | 2 Ak-em100, Ak-em100 Firmware | 2024-11-21 | N/A | 10.0 CRITICAL |
| The Danfoss AK-EM100 web forms allow for SQL injection in the login forms. | |||||