Total
17537 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-44163 | 1 Projectworlds | 1 Online Movie Ticket Booking System | 2024-11-21 | 9.8 Critical |
| The 'search' parameter of the process_search.php resource does not validate the characters received and they are sent unfiltered to the database. | ||||
| CVE-2023-44044 | 1 Superstorefinder | 1 Super Store Finder | 2024-11-21 | 7.2 High |
| Super Store Finder v3.6 and below was discovered to contain a SQL injection vulnerability via the Search parameter at /admin/stores.php. | ||||
| CVE-2023-44025 | 1 Addify | 1 Free Gifts | 2024-11-21 | 9.8 Critical |
| SQL injection vulnerability in addify Addifyfreegifts v.1.0.2 and before allows a remote attacker to execute arbitrary code via a crafted script to the getrulebyid function in the AddifyfreegiftsModel.php component. | ||||
| CVE-2023-44024 | 1 Knowband | 1 One Page Checkout\, Social Login \& Mailchimp | 2024-11-21 | 9.8 Critical |
| SQL injection vulnerability in KnowBand Module One Page Checkout, Social Login & Mailchimp (supercheckout) v.8.0.3 and before allows a remote attacker to execute arbitrary code via a crafted request to the updateCheckoutBehaviour function in the supercheckout.php component. | ||||
| CVE-2023-43986 | 1 Dmconcept | 1 Configurator | 2024-11-21 | 9.8 Critical |
| DM Concept configurator before v4.9.4 was discovered to contain a SQL injection vulnerability via the component ConfiguratorAttachment::getAttachmentByToken. | ||||
| CVE-2023-43983 | 1 Presto-changeo | 1 Attribute Grid | 2024-11-21 | 9.8 Critical |
| Presto Changeo attributegrid up to 2.0.3 was discovered to contain a SQL injection vulnerability via the component disable_json.php. | ||||
| CVE-2023-43980 | 1 Presto-changeo | 1 Testsitecreator | 2024-11-21 | 9.8 Critical |
| Presto Changeo testsitecreator up to v1.1.1 was discovered to contain a SQL injection vulnerability via the component disable_json.php. | ||||
| CVE-2023-43979 | 1 Prestahero | 1 Ybc Blog | 2024-11-21 | 9.8 Critical |
| ETS Soft ybc_blog before v4.4.0 was discovered to contain a SQL injection vulnerability via the component Ybc_blogBlogModuleFrontController::getPosts(). | ||||
| CVE-2023-43909 | 2 Hospital Management System, Hospital Management System Project | 2 Hospital Management System, Hospital Management System | 2024-11-21 | 9.1 Critical |
| Hospital Management System thru commit 4770d was discovered to contain a SQL injection vulnerability via the app_contact parameter in appsearch.php. | ||||
| CVE-2023-43899 | 1 Hansuncms Project | 1 Hansuncms | 2024-11-21 | 9.8 Critical |
| hansun CMS v1.0 was discovered to contain a SQL injection vulnerability via the component /ajax/ajax_login.ashx. | ||||
| CVE-2023-43836 | 1 Jizhicms | 1 Jizhicms | 2024-11-21 | 6.5 Medium |
| There is a SQL injection vulnerability in the Jizhicms 2.4.9 backend, which users can use to obtain database information | ||||
| CVE-2023-43813 | 1 Glpi-project | 1 Glpi | 2024-11-21 | 6.5 Medium |
| GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.11, the saved search feature can be used to perform a SQL injection. Version 10.0.11 contains a patch for the issue. | ||||
| CVE-2023-43739 | 1 Online Book Store Project Project | 1 Online Book Store Project | 2024-11-21 | 9.8 Critical |
| The 'bookisbn' parameter of the cart.php resource does not validate the characters received and they are sent unfiltered to the database. | ||||
| CVE-2023-43640 | 1 Speciesfilegroup | 1 Taxonworks | 2024-11-21 | 6.5 Medium |
| TaxonWorks is a web-based workbench designed for taxonomists and biodiversity scientists. Prior to version 0.34.0, a SQL injection vulnerability was found in TaxonWorks that allows authenticated attackers to extract arbitrary data from the TaxonWorks database (including the users table). This issue may lead to information disclosure. Version 0.34.0 contains a fix for the issue. | ||||
| CVE-2023-43507 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2024-11-21 | 7.2 High |
| A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An attacker could exploit this vulnerability to obtain and modify sensitive information in the underlying database potentially leading to complete compromise of the ClearPass Policy Manager cluster. | ||||
| CVE-2023-43470 | 1 Janobe | 1 Online Voting System | 2024-11-21 | 9.8 Critical |
| SQL injection vulnerability in janobe Online Voting System v.1.0 allows a remote attacker to execute arbitrary code via the checklogin.php component. | ||||
| CVE-2023-43469 | 1 Online Job Portal Project | 1 Online Job Portal | 2024-11-21 | 9.8 Critical |
| SQL injection vulnerability in janobe Online Job Portal v.2020 allows a remote attacker to execute arbitrary code via the ForPass.php component. | ||||
| CVE-2023-43468 | 1 Online Job Portal Project | 1 Online Job Portal | 2024-11-21 | 9.8 Critical |
| SQL injection vulnerability in janobe Online Job Portal v.2020 allows a remote attacker to execute arbitrary code via the login.php component. | ||||
| CVE-2023-43381 | 1 Tianchoy | 1 Blog | 2024-11-21 | 7.5 High |
| SQL Injection vulnerability in Tianchoy Blog v.1.8.8 allows a remote attacker to obtain sensitive information via the id parameter in the login.php | ||||
| CVE-2023-43377 | 1 Digitaldruid | 1 Hoteldruid | 2024-11-21 | 5.4 Medium |
| A cross-site scripting (XSS) vulnerability in /hoteldruid/visualizza_contratto.php of Hoteldruid v3.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the destinatario_email1 parameter. | ||||