Total
14524 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-27605 | 1 Wp Reroute Email Project | 1 Wp Reroute Email | 2024-11-21 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Sajjad Hossain WP Reroute Email allows SQL Injection.This issue affects WP Reroute Email: from n/a through 1.4.6. | |||||
| CVE-2023-27463 | 1 Siemens | 1 Ruggedcom Crossbow | 2024-11-21 | N/A | 8.8 HIGH |
| A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.3). The audit log form of affected applications is vulnerable to SQL injection. This could allow authenticated remote attackers to execute arbitrary SQL queries on the server database. | |||||
| CVE-2023-27411 | 1 Siemens | 1 Ruggedcom Crossbow | 2024-11-21 | N/A | 8.8 HIGH |
| A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.4). The affected applications is vulnerable to SQL injection. This could allow an authenticated remote attackers to execute arbitrary SQL queries on the server database and escalate privileges. | |||||
| CVE-2023-27262 | 1 Idattend | 1 Idweb | 2024-11-21 | N/A | 9.8 CRITICAL |
| Unauthenticated SQL injection in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. | |||||
| CVE-2023-27260 | 1 Idattend | 1 Idweb | 2024-11-21 | N/A | 9.8 CRITICAL |
| Unauthenticated SQL injection in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. | |||||
| CVE-2023-27255 | 1 Idattend | 1 Idweb | 2024-11-21 | N/A | 9.8 CRITICAL |
| Unauthenticated SQL injection in the DeleteRoomChanges method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. | |||||
| CVE-2023-27254 | 1 Idattend | 1 Idweb | 2024-11-21 | N/A | 9.8 CRITICAL |
| Unauthenticated SQL injection in the GetRoomChanges method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. | |||||
| CVE-2023-27214 | 1 Online Student Management System Project | 1 Online Student Management System | 2024-11-21 | N/A | 9.8 CRITICAL |
| Online Student Management System v1.0 was discovered to contain multiple SQL injection vulnerabilities via the fromdate and todate parameters at /eduauth/student/between-date-reprtsdetails.php. | |||||
| CVE-2023-27213 | 1 Online Student Management System Project | 1 Online Student Management System | 2024-11-21 | N/A | 9.8 CRITICAL |
| Online Student Management System v1.0 was discovered to contain a SQL injection vulnerability via the searchdata parameter at /eduauth/student/search.php. | |||||
| CVE-2023-27210 | 1 Online Pizza Ordering System Project | 1 Online Pizza Ordering System | 2024-11-21 | N/A | 9.8 CRITICAL |
| Online Pizza Ordering System 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/view_order.php. | |||||
| CVE-2023-27207 | 1 Online Pizza Ordering System Project | 1 Online Pizza Ordering System | 2024-11-21 | N/A | 9.8 CRITICAL |
| Online Pizza Ordering System 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/manage_user.php. | |||||
| CVE-2023-27205 | 1 Best Pos Management System Project | 1 Best Pos Management System | 2024-11-21 | N/A | 9.8 CRITICAL |
| Best POS Management System 1.0 was discovered to contain a SQL injection vulnerability via the month parameter at /kruxton/sales_report.php. | |||||
| CVE-2023-27204 | 1 Best Pos Management System Project | 1 Best Pos Management System | 2024-11-21 | N/A | 9.8 CRITICAL |
| Best POS Management System 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /kruxton/manage_user.php. | |||||
| CVE-2023-27167 | 1 Supremainc | 1 Biostar 2 | 2024-11-21 | N/A | 6.5 MEDIUM |
| Suprema BioStar 2 v2.8.16 was discovered to contain a SQL injection vulnerability via the values parameter at /users/absence?search_month=1. | |||||
| CVE-2023-27074 | 1 Phpgurukul | 1 Bp Monitoring Management System | 2024-11-21 | N/A | 9.8 CRITICAL |
| BP Monitoring Management System v1.0 was discovered to contain a SQL injection vulnerability via the emailid parameter in the login page. | |||||
| CVE-2023-27037 | 1 Qibosoft | 1 Qibocms | 2024-11-21 | N/A | 8.8 HIGH |
| Qibosoft QiboCMS v7 was discovered to contain a remote code execution (RCE) vulnerability via the Get_Title function at label_set_rs.php | |||||
| CVE-2023-27034 | 1 Joommasters | 1 Jms Blog | 2024-11-21 | N/A | 9.8 CRITICAL |
| PrestaShop jmsblog 2.5.5 was discovered to contain a SQL injection vulnerability. | |||||
| CVE-2023-26959 | 1 Phpgurukul | 1 Park Ticketing Management System | 2024-11-21 | N/A | 9.8 CRITICAL |
| Phpgurukul Park Ticketing Management System 1.0 is vulnerable to SQL Injection via the User Name parameter. | |||||
| CVE-2023-26861 | 1 Vivawallet | 1 Viva Wallet | 2024-11-21 | N/A | 9.8 CRITICAL |
| SQL injection vulnerability found in PrestaShop vivawallet v.1.7.10 and before allows a remote attacker to gain privileges via the vivawallet() module. | |||||
| CVE-2023-26859 | 1 Brevo | 1 Brevo | 2024-11-21 | N/A | 9.8 CRITICAL |
| SQL injection vulnerability found in PrestaShop sendinblue v.4.0.15 and before allow a remote attacker to gain privileges via the ajaxOrderTracking.php component. | |||||