Total
16323 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-34168 | 1 Esiteq | 1 Wp Report Post | 2024-11-21 | N/A | 7.6 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Alex Raven WP Report Post allows SQL Injection.This issue affects WP Report Post: from n/a through 2.1.2. | |||||
| CVE-2023-33993 | 1 Sap | 1 Business One | 2024-11-21 | N/A | 7.1 HIGH |
| B1i module of SAP Business One - version 10.0, application allows an authenticated user with deep knowledge to send crafted queries over the network to read or modify the SQL data. On successful exploitation, the attacker can cause high impact on confidentiality, integrity and availability of the application. | |||||
| CVE-2023-33967 | 1 Megaease | 1 Easeprobe | 2024-11-21 | N/A | 8.2 HIGH |
| EaseProbe is a tool that can do health/status checking. An SQL injection issue was discovered in EaseProbe before 2.1.0 when using MySQL/PostgreSQL data checking. This problem has been fixed in v2.1.0. | |||||
| CVE-2023-33945 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2024-11-21 | N/A | 6.4 MEDIUM |
| SQL injection vulnerability in the upgrade process for SQL Server in Liferay Portal 7.3.1 through 7.4.3.17, and Liferay DXP 7.3 before update 6, and 7.4 before update 18 allows attackers to execute arbitrary SQL commands via the name of a database table's primary key index. This vulnerability is only exploitable when chained with other attacks. To exploit this vulnerability, the attacker must modify the database and wait for the application to be upgraded. | |||||
| CVE-2023-33927 | 1 Themeisle | 1 Multiple Page Generator | 2024-11-21 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeisle Multiple Page Generator Plugin – MPG multiple-pages-generator-by-porthas allows SQL Injection.This issue affects Multiple Page Generator Plugin – MPG: from n/a through 3.3.19. | |||||
| CVE-2023-33924 | 1 Felixwelberg | 1 Sis Handball | 2024-11-21 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Felix Welberg SIS Handball allows SQL Injection.This issue affects SIS Handball: from n/a through 1.0.45. | |||||
| CVE-2023-33852 | 1 Ibm | 1 Security Guardium | 2024-11-21 | N/A | 7.6 HIGH |
| IBM Security Guardium 11.4 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 257614. | |||||
| CVE-2023-33817 | 1 Digitaldruid | 1 Hoteldruid | 2024-11-21 | N/A | 8.8 HIGH |
| hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability. | |||||
| CVE-2023-33666 | 1 Ai-dev | 1 Aioptimizedcombinations | 2024-11-21 | N/A | 9.8 CRITICAL |
| ai-dev aioptimizedcombinations before v0.1.3 was discovered to contain a SQL injection vulnerability via the component /includes/ajax.php. | |||||
| CVE-2023-33665 | 1 Ai-dev | 1 Ai-table | 2024-11-21 | N/A | 9.8 CRITICAL |
| ai-dev aitable before v0.2.2 was discovered to contain a SQL injection vulnerability via the component /includes/ajax.php. | |||||
| CVE-2023-33664 | 1 Ai-dev | 1 Declinaisons A La Volee | 2024-11-21 | N/A | 8.8 HIGH |
| ai-dev aicombinationsonfly before v0.3.1 was discovered to contain a SQL injection vulnerability via the component /includes/ajax.php. | |||||
| CVE-2023-33663 | 1 Ai-dev | 1 Aicustomfee | 2024-11-21 | N/A | 9.8 CRITICAL |
| In the module “Customization fields fee for your store” (aicustomfee) from ai-dev module for PrestaShop, an attacker can perform SQL injection up to 0.2.0. Release 0.2.1 fixed this security issue. | |||||
| CVE-2023-33592 | 1 Oretnom23 | 1 Lost And Found Information System | 2024-11-21 | N/A | 9.8 CRITICAL |
| Lost and Found Information System v1.0 was discovered to contain a SQL injection vulnerability via the component /php-lfis/admin/?page=system_info/contact_information. | |||||
| CVE-2023-33584 | 1 Enrollment System Project | 1 Enrollment System | 2024-11-21 | N/A | 9.8 CRITICAL |
| Sourcecodester Enrollment System Project V1.0 is vulnerable to SQL Injection (SQLI) attacks, which allow an attacker to manipulate the SQL queries executed by the application. The application fails to properly validate user-supplied input in the username and password fields during the login process, enabling an attacker to inject malicious SQL code. | |||||
| CVE-2023-33481 | 1 Remoteclinic | 1 Remote Clinic | 2024-11-21 | N/A | 9.8 CRITICAL |
| RemoteClinic 2.0 is vulnerable to a time-based blind SQL injection attack in the 'start' GET parameter of patients/index.php. | |||||
| CVE-2023-33479 | 1 Remoteclinic | 1 Remote Clinic | 2024-11-21 | N/A | 9.8 CRITICAL |
| RemoteClinic version 2.0 contains a SQL injection vulnerability in the /staff/edit.php file. | |||||
| CVE-2023-33478 | 1 Remoteclinic | 1 Remote Clinic | 2024-11-21 | N/A | 9.8 CRITICAL |
| RemoteClinic 2.0 has a SQL injection vulnerability in the ID parameter of /medicines/stocks.php. | |||||
| CVE-2023-33367 | 1 Assaabloy | 1 Control Id Idsecure | 2024-11-21 | N/A | 9.8 CRITICAL |
| A SQL injection vulnerability exists in Control ID IDSecure 4.7.26.0 and prior, allowing unauthenticated attackers to write PHP files on the server's root directory, resulting in remote code execution. | |||||
| CVE-2023-33366 | 1 Supremainc | 1 Biostar 2 | 2024-11-21 | N/A | 8.8 HIGH |
| A SQL injection vulnerability exists in Suprema BioStar 2 before 2.9.1, which allows authenticated users to inject arbitrary SQL directives into an SQL statement and execute arbitrary SQL commands. | |||||
| CVE-2023-33331 | 1 Woo | 1 Product Vendors | 2024-11-21 | N/A | 8.5 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WooCommerce Product Vendors allows SQL Injection.This issue affects Product Vendors: from n/a through 2.1.76. | |||||