Total
16884 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-49688 | 1 Kashipara | 1 Job Portal | 2024-11-21 | N/A | 9.8 CRITICAL |
| Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'txtUser' parameter of the login.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2023-49681 | 1 Kashipara | 1 Job Portal | 2024-11-21 | N/A | 9.8 CRITICAL |
| Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'cmbQual' parameter of the Employer/InsertWalkin.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2023-49677 | 1 Kashipara | 1 Job Portal | 2024-11-21 | N/A | 9.8 CRITICAL |
| Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'cmbQual' parameter of the Employer/InsertJob.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2023-49666 | 1 Kashipara | 1 Billing System | 2024-11-21 | N/A | 9.8 CRITICAL |
| Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'custmer_details' parameter of the submit_material_list.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2023-49665 | 1 Kashipara | 1 Billing Software | 2024-11-21 | N/A | 9.8 CRITICAL |
| Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'quantity[]' parameter of the submit_delivery_list.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2023-49658 | 1 Kashipara | 1 Billing Software | 2024-11-21 | N/A | 9.8 CRITICAL |
| Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'bank_details' parameter of the party_submit.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2023-49639 | 1 Kashipara | 1 Billing Software | 2024-11-21 | N/A | 9.8 CRITICAL |
| Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'customer_details' parameter of the buyer_invoice_submit.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2023-49633 | 1 Kashipara | 1 Billing Software | 2024-11-21 | N/A | 9.8 CRITICAL |
| Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'buyer_address' parameter of the buyer_detail_submit.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2023-49625 | 1 Kashipara | 1 Billing Software | 2024-11-21 | N/A | 9.8 CRITICAL |
| Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'id' parameter of the partylist_edit_submit.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2023-49624 | 1 Kashipara | 1 Billing Software | 2024-11-21 | N/A | 9.8 CRITICAL |
| Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'cancelid' parameter of the material_bill.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2023-49622 | 1 Kashipara | 1 Billing Software | 2024-11-21 | N/A | 9.8 CRITICAL |
| Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'itemnameid' parameter of the material_bill.php?action=itemRelation resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2023-49581 | 1 Sap | 1 Netweaver Application Server Abap | 2024-11-21 | N/A | 4.1 MEDIUM |
| SAP GUI for Windows and SAP GUI for Java allow an unauthenticated attacker to access information which would otherwise be restricted and confidential. In addition, this vulnerability allows the unauthenticated attacker to write data to a database table. By doing so the attacker could increase response times of the AS ABAP, leading to mild impact on availability. | |||||
| CVE-2023-49429 | 1 Tenda | 2 Ax9, Ax9 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| Tenda AX9 V22.03.01.46 was discovered to contain a SQL command injection vulnerability in the 'setDeviceInfo' feature through the 'mac' parameter at /goform/setModules. | |||||
| CVE-2023-49371 | 1 Ruoyi | 1 Ruoyi | 2024-11-21 | N/A | 9.8 CRITICAL |
| RuoYi up to v4.6 was discovered to contain a SQL injection vulnerability via /system/dept/edit. | |||||
| CVE-2023-49363 | 1 Rockoa | 1 Rockoa | 2024-11-21 | N/A | 9.8 CRITICAL |
| Rockoa <2.3.3 is vulnerable to SQL Injection. The problem exists in the indexAction method in reimpAction.php. | |||||
| CVE-2023-49166 | 1 Magiclogix | 1 Msync | 2024-11-21 | N/A | 7.6 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Magic Logix MSync.This issue affects MSync: from n/a through 1.0.0. | |||||
| CVE-2023-49161 | 1 Guelbetech | 1 Bravo Translate | 2024-11-21 | N/A | 7.6 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Guelben Bravo Translate.This issue affects Bravo Translate: from n/a through 1.2. | |||||
| CVE-2023-49085 | 1 Cacti | 1 Cacti | 2024-11-21 | N/A | 8.8 HIGH |
| Cacti provides an operational monitoring and fault management framework. In versions 1.2.25 and prior, it is possible to execute arbitrary SQL code through the `pollers.php` script. An authorized user may be able to execute arbitrary SQL code. The vulnerable component is the `pollers.php`. Impact of the vulnerability - arbitrary SQL code execution. As of time of publication, a patch does not appear to exist. | |||||
| CVE-2023-49030 | 1 32ns | 1 Klive | 2024-11-21 | N/A | 7.5 HIGH |
| SQL Injection vulnerability in32ns KLive v.2019-1-19 and before allows a remote attacker to obtain sensitive information via a crafted script to the web/user.php component. | |||||
| CVE-2023-48987 | 1 Cusg | 1 Content Management System | 2024-11-21 | N/A | 7.5 HIGH |
| Blind SQL Injection vulnerability in CU Solutions Group (CUSG) Content Management System (CMS) before v.7.75 allows a remote attacker to execute arbitrary code, escalate privileges, and obtain sensitive information via a crafted script to the pages.php component. | |||||