Total
16884 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-52096 | 1 Steve-community | 1 Ocpp-jaxb | 2024-11-21 | N/A | 7.5 HIGH |
| SteVe Community ocpp-jaxb before 0.0.8 generates invalid timestamps such as ones with month 00 in certain situations (such as when an application receives a StartTransaction Open Charge Point Protocol message with a timestamp parameter of 1000000). This may lead to a SQL exception in applications, and may undermine the integrity of transaction records. | |||||
| CVE-2023-52082 | 1 Lycheeorg | 1 Lychee | 2024-11-21 | N/A | 8.8 HIGH |
| Lychee is a free photo-management tool. Prior to 5.0.2, Lychee is vulnerable to an SQL injection on any binding when using mysql/mariadb. This injection is only active for users with the `.env` settings set to DB_LOG_SQL=true and DB_LOG_SQL_EXPLAIN=true. The defaults settings of Lychee are safe. The patch is provided on version 5.0.2. To work around this issue, disable SQL EXPLAIN logging. | |||||
| CVE-2023-51547 | 1 Wpmanageninja | 1 Fluent Support | 2024-11-21 | N/A | 7.6 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPManageNinja LLC Fluent Support – WordPress Helpdesk and Customer Support Ticket Plugin.This issue affects Fluent Support – WordPress Helpdesk and Customer Support Ticket Plugin: from n/a through 1.7.6. | |||||
| CVE-2023-51469 | 1 Mestresdowp | 1 Checkout Mestres Wp | 2024-11-21 | N/A | 9.3 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mestres do WP Checkout Mestres WP.This issue affects Checkout Mestres WP: from n/a through 7.1.9.6. | |||||
| CVE-2023-51448 | 1 Cacti | 1 Cacti | 2024-11-21 | N/A | 8.8 HIGH |
| Cacti provides an operational monitoring and fault management framework. Version 1.2.25 has a Blind SQL Injection (SQLi) vulnerability within the SNMP Notification Receivers feature in the file `‘managers.php’`. An authenticated attacker with the “Settings/Utilities” permission can send a crafted HTTP GET request to the endpoint `‘/cacti/managers.php’` with an SQLi payload in the `‘selected_graphs_array’` HTTP GET parameter. As of time of publication, no patched versions exist. | |||||
| CVE-2023-51423 | 1 Saleswonder | 1 Webinarignition | 2024-11-21 | N/A | 9.3 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Saleswonder Team Webinar Plugin: Create live/evergreen/automated/instant webinars, stream & Zoom Meetings | WebinarIgnition.This issue affects Webinar Plugin: Create live/evergreen/automated/instant webinars, stream & Zoom Meetings | WebinarIgnition: from n/a through 3.05.0. | |||||
| CVE-2023-51051 | 1 S-cms | 1 S-cms | 2024-11-21 | N/A | 9.8 CRITICAL |
| S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_textauth parameter at /admin/ajax.php. | |||||
| CVE-2023-51050 | 1 S-cms | 1 S-cms | 2024-11-21 | N/A | 9.8 CRITICAL |
| S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_productauth parameter at /admin/ajax.php. | |||||
| CVE-2023-51049 | 1 S-cms | 1 S-cms | 2024-11-21 | N/A | 9.8 CRITICAL |
| S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_bbsauth parameter at /admin/ajax.php. | |||||
| CVE-2023-51048 | 1 S-cms | 1 S-cms | 2024-11-21 | N/A | 9.8 CRITICAL |
| S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_newsauth parameter at /admin/ajax.php. | |||||
| CVE-2023-50867 | 1 Kashipara | 1 Travel Website | 2024-11-21 | N/A | 9.8 CRITICAL |
| Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the signupAction.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2023-50866 | 1 Kashipara | 1 Travel Website | 2024-11-21 | N/A | 9.8 CRITICAL |
| Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the loginAction.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2023-50865 | 1 Kashipara | 1 Travel Website | 2024-11-21 | N/A | 9.8 CRITICAL |
| Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'city' parameter of the hotelSearch.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2023-50864 | 1 Kashipara | 1 Travel Website | 2024-11-21 | N/A | 9.8 CRITICAL |
| Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'hotelId' parameter of the hotelDetails.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2023-50863 | 1 Kashipara | 1 Travel Website | 2024-11-21 | N/A | 9.8 CRITICAL |
| Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'hotelIDHidden' parameter of the generateReceipt.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2023-50862 | 1 Kashipara | 1 Travel Website | 2024-11-21 | N/A | 9.8 CRITICAL |
| Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'hotelIDHidden' parameter of the booking.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2023-50857 | 1 Funnelkit | 1 Funnelkit Automations | 2024-11-21 | N/A | 7.6 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in FunnelKit Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit.This issue affects Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit: from n/a through 2.6.1. | |||||
| CVE-2023-50856 | 1 Funnelkit | 1 Funnel Builder | 2024-11-21 | N/A | 7.6 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in FunnelKit Funnel Builder for WordPress by FunnelKit – Customize WooCommerce Checkout Pages, Create Sales Funnels & Maximize Profits.This issue affects Funnel Builder for WordPress by FunnelKit – Customize WooCommerce Checkout Pages, Create Sales Funnels & Maximize Profits: from n/a through 2.14.3. | |||||
| CVE-2023-50855 | 1 Samperrow | 1 Pre Party Resource Hints | 2024-11-21 | N/A | 7.6 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Sam Perrow Pre* Party Resource Hints.This issue affects Pre* Party Resource Hints: from n/a through 1.8.18. | |||||
| CVE-2023-50853 | 1 Advancedformintegration | 1 Advanced Form Integration | 2024-11-21 | N/A | 7.6 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Nasirahmed Advanced Form Integration – Connect WooCommerce and Contact Form 7 to Google Sheets and other platforms.This issue affects Advanced Form Integration – Connect WooCommerce and Contact Form 7 to Google Sheets and other platforms: from n/a through 1.75.0. | |||||