Total
17511 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-36311 | 1 Phpjabbers | 1 Document Creator | 2024-11-21 | 9.8 Critical |
| There is a SQL injection (SQLi) vulnerability in the "column" parameter of index.php in PHPJabbers Document Creator v1.0. | ||||
| CVE-2023-36293 | 1 Wmanager | 1 Wmanager | 2024-11-21 | 7.5 High |
| SQL injection vulnerability in wmanager v.1.0.7 and before allows a remote attacker to obtain sensitive information via a crafted script to the company.php component. | ||||
| CVE-2023-36263 | 1 Prestashop | 1 Opartlimitquantity | 2024-11-21 | 9.8 Critical |
| Prestashop opartlimitquantity 1.4.5 and before is vulnerable to SQL Injection. OpartlimitquantityAlertlimitModuleFrontController::displayAjaxPushAlertMessage()` has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection. | ||||
| CVE-2023-36213 | 1 Motocms | 1 Motocms | 2024-11-21 | 9.8 Critical |
| SQL injection vulnerability in MotoCMS v.3.4.3 allows a remote attacker to gain privileges via the keyword parameter of the search function. | ||||
| CVE-2023-36189 | 1 Langchain | 1 Langchain | 2024-11-21 | 7.5 High |
| SQL injection vulnerability in langchain before v0.0.247 allows a remote attacker to obtain sensitive information via the SQLDatabaseChain component. | ||||
| CVE-2023-36076 | 1 Pocketmanga | 1 Smanga | 2024-11-21 | 9.8 Critical |
| SQL Injection vulnerability in smanga version 3.1.9 and earlier, allows remote attackers to execute arbitrary code and gain sensitive information via mediaId, mangaId, and userId parameters in php/history/add.php. | ||||
| CVE-2023-35924 | 1 Glpi-project | 1 Glpi | 2024-11-21 | 8.6 High |
| GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.8, GLPI inventory endpoint can be used to drive a SQL injection attack. By default, GLPI inventory endpoint requires no authentication. Version 10.0.8 has a patch for this issue. As a workaround, one may disable native inventory. | ||||
| CVE-2023-35915 | 1 Automattic | 1 Woopayments | 2024-11-21 | 7.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Automattic WooPayments – Fully Integrated Solution Built and Supported by Woo.This issue affects WooPayments – Fully Integrated Solution Built and Supported by Woo: from n/a through 5.9.0. | ||||
| CVE-2023-35879 | 1 Woo | 1 Product Vendors | 2024-11-21 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WooCommerce Product Vendors allows SQL Injection.This issue affects Product Vendors: from n/a through 2.1.78. | ||||
| CVE-2023-35851 | 1 Sun.net | 1 Wmpro | 2024-11-21 | 7.5 High |
| SUNNET WMPro portal's FAQ function has insufficient validation for user input. An unauthenticated remote attacker can inject arbitrary SQL commands to obtain sensitive information via a database. | ||||
| CVE-2023-35683 | 1 Google | 1 Android | 2024-11-21 | 5.5 Medium |
| In bindSelection of DatabaseUtils.java, there is a possible way to access files from other applications due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2023-35132 | 1 Moodle | 1 Moodle | 2024-11-21 | 6.3 Medium |
| A limited SQL injection risk was identified on the Mnet SSO access control page. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8, 3.11 to 3.11.14, 3.9 to 3.9.21 and earlier unsupported versions. | ||||
| CVE-2023-35072 | 1 Coyavtravel | 1 Proagent | 2024-11-21 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Coyav Travel Proagent allows SQL Injection.This issue affects Proagent: before 20230904 . | ||||
| CVE-2023-35071 | 1 Mrv | 1 Logging Administration Panel | 2024-11-21 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in MRV Tech Logging Administration Panel allows SQL Injection.This issue affects Logging Administration Panel: before 20230915 . | ||||
| CVE-2023-35070 | 1 Vegagroup | 1 Web Collection | 2024-11-21 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VegaGroup Web Collection allows SQL Injection.This issue affects Web Collection: before 31197. | ||||
| CVE-2023-35068 | 1 Bma | 1 Personnel Tracking System | 2024-11-21 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BMA Personnel Tracking System allows SQL Injection.This issue affects Personnel Tracking System: before 20230904. | ||||
| CVE-2023-35066 | 1 Infodrom | 1 E-invoice Approval System | 2024-11-21 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Infodrom Software E-Invoice Approval System allows SQL Injection.This issue affects E-Invoice Approval System: before v.20230701. | ||||
| CVE-2023-35065 | 1 Osoft | 1 Dyeing - Printing - Finishing Production Management | 2024-11-21 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Osoft Paint Production Management allows SQL Injection.This issue affects Paint Production Management: before 2.1. | ||||
| CVE-2023-34976 | 1 Qnap | 1 Video Station | 2024-11-21 | 4.3 Medium |
| A SQL injection vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: Video Station 5.7.0 ( 2023/07/27 ) and later | ||||
| CVE-2023-34975 | 1 Qnap | 1 Video Station | 2024-11-21 | 6.6 Medium |
| An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. QuTScloud c5.1.x is not affected. We have already fixed the vulnerability in the following versions: QuTS hero h4.5.4.2626 build 20231225 and later QTS 4.5.4.2627 build 20231225 and later | ||||