Total
17521 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-39640 | 1 Uplight | 1 Cookie Law | 2024-11-21 | 9.8 Critical |
| UpLight cookiebanner before 1.5.1 was discovered to contain a SQL injection vulnerability via the component Hook::getHookModuleExecList(). | ||||
| CVE-2023-39639 | 1 Leotheme | 1 Leoblog | 2024-11-21 | 9.8 Critical |
| LeoTheme leoblog up to v3.1.2 was discovered to contain a SQL injection vulnerability via the component LeoBlogBlog::getListBlogs. | ||||
| CVE-2023-39582 | 1 Chamilo | 1 Chamilo Lms | 2024-11-21 | 4.9 Medium |
| SQL Injection vulnerability in Chamilo LMS v.1.11 thru v.1.11.20 allows a remote privileged attacker to obtain sensitive information via the import sessions functions. | ||||
| CVE-2023-39560 | 1 Ectouch | 1 Ectouch | 2024-11-21 | 9.8 Critical |
| ECTouch v2 was discovered to contain a SQL injection vulnerability via the $arr['id'] parameter at \default\helpers\insert.php. | ||||
| CVE-2023-39551 | 1 Phpgurukul | 1 Online Security Guards Hiring System | 2024-11-21 | 9.8 Critical |
| PHPGurukul Online Security Guards Hiring System v.1.0 is vulnerable to SQL Injection via osghs/admin/search.php. | ||||
| CVE-2023-39526 | 1 Prestashop | 1 Prestashop | 2024-11-21 | 9.1 Critical |
| PrestaShop is an open source e-commerce web application. Versions prior to 1.7.8.10, 8.0.5, and 8.1.1 are vulnerable to remote code execution through SQL injection and arbitrary file write in the back office. Versions 1.7.8.10, 8.0.5, and 8.1.1 contain a patch. There are no known workarounds. | ||||
| CVE-2023-39524 | 1 Prestashop | 1 Prestashop | 2024-11-21 | 6.7 Medium |
| PrestaShop is an open source e-commerce web application. Prior to version 8.1.1, SQL injection possible in the product search field, in BO's product page. Version 8.1.1 contains a patch for this issue. There are no known workarounds. | ||||
| CVE-2023-39423 | 1 Resortdata | 1 Internet Reservation Module Next Generation | 2024-11-21 | 8.6 High |
| The RDPData.dll file exposes the /irmdata/api/common endpoint that handles session IDs, among other features. By using a UNION SQL operator, an attacker can leak the sessions table, obtain the currently valid sessions and impersonate a currently logged-in user. | ||||
| CVE-2023-39378 | 1 Siberiancms | 1 Siberiancms | 2024-11-21 | 8.8 High |
| SiberianCMS - CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') by an unauthenticated user | ||||
| CVE-2023-39344 | 1 Fobybus | 1 Social-media-skeleton | 2024-11-21 | 10 Critical |
| social-media-skeleton is an uncompleted social media project. A SQL injection vulnerability in the project allows UNION based injections, which indirectly leads to remote code execution. Commit 3cabdd35c3d874608883c9eaf9bf69b2014d25c1 contains a fix for this issue. | ||||
| CVE-2023-39292 | 1 Mitel | 3 Mivoice Office 400, Mivoice Office 400 Smb Controller, Mivoice Office 400 Smb Controller Firmware | 2024-11-21 | 9.8 Critical |
| A SQL Injection vulnerability has been identified in the MiVoice Office 400 SMB Controller through 1.2.5.23 which could allow a malicious actor to access sensitive information and execute arbitrary database and management operations. | ||||
| CVE-2023-39122 | 1 Bmc | 1 Control-m | 2024-11-21 | 9.8 Critical |
| BMC Control-M through 9.0.20.200 allows SQL injection via the /RF-Server/report/deleteReport report-id parameter. This is fixed in 9.0.21 (and is also fixed by a patch for 9.0.20.200). | ||||
| CVE-2023-39121 | 1 Emlog | 1 Emlog | 2024-11-21 | 7.2 High |
| emlog v2.1.9 was discovered to contain a SQL injection vulnerability via the component /admin/user.php. | ||||
| CVE-2023-38992 | 1 Jeecg | 1 Jeecg Boot | 2024-11-21 | 9.8 Critical |
| jeecg-boot v3.5.1 was discovered to contain a SQL injection vulnerability via the title parameter at /sys/dict/loadTreeData. | ||||
| CVE-2023-38954 | 1 Zkteco | 1 Bioaccess Ivs | 2024-11-21 | 9.8 Critical |
| ZKTeco BioAccess IVS v3.3.1 was discovered to contain a SQL injection vulnerability. | ||||
| CVE-2023-38916 | 1 Mohammad-ajazuddin | 1 Evotingsystem-php | 2024-11-21 | 8.8 High |
| SQL Injection vulnerability in eVotingSystem-PHP v.1.0 allows a remote attacker to execute arbitrary code and obtain sensitive information via the user input fields. | ||||
| CVE-2023-38912 | 1 Superstorefinder | 1 Php Script | 2024-11-21 | 9.8 Critical |
| SQL injection vulnerability in Super Store Finder PHP Script v.3.6 allows a remote attacker to execute arbitrary code via a crafted payload to the username parameter. | ||||
| CVE-2023-38905 | 1 Jeecg | 1 Jeecg Boot | 2024-11-21 | 5.5 Medium |
| SQL injection vulnerability in Jeecg-boot v.3.5.0 and before allows a local attacker to cause a denial of service via the Benchmark, PG_Sleep, DBMS_Lock.Sleep, Waitfor, DECODE, and DBMS_PIPE.RECEIVE_MESSAGE functions. | ||||
| CVE-2023-38899 | 1 Berkaygediz | 1 O Blog | 2024-11-21 | 7.8 High |
| SQL injection vulnerability in berkaygediz O_Blog v.1.0 allows a local attacker to escalate privileges via the secure_file_priv component. | ||||
| CVE-2023-38891 | 1 Vtiger | 1 Vtiger Crm | 2024-11-21 | 8.8 High |
| SQL injection vulnerability in Vtiger CRM v.7.5.0 allows a remote authenticated attacker to escalate privileges via the getQueryColumnsList function in ReportRun.php. | ||||