Total
16884 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-48925 | 1 Buy-addons | 1 Bavideotab | 2024-11-21 | N/A | 9.8 CRITICAL |
| SQL injection vulnerability in Buy Addons bavideotab before version 1.0.6, allows attackers to escalate privileges and obtain sensitive information via the component BaVideoTabSaveVideoModuleFrontController::run(). | |||||
| CVE-2023-48893 | 1 Slims | 1 Senayan Library Management System Bulian | 2024-11-21 | N/A | 8.8 HIGH |
| SLiMS (aka SENAYAN Library Management System) through 9.6.1 allows admin/modules/reporting/customs/staff_act.php SQL Injection via startDate or untilDate. | |||||
| CVE-2023-48823 | 1 Mayurik | 1 Courier Management System | 2024-11-21 | N/A | 9.8 CRITICAL |
| A Blind SQL injection issue in ajax.php in GaatiTrack Courier Management System 1.0 allows an unauthenticated attacker to inject a payload via the email parameter during login. | |||||
| CVE-2023-48813 | 1 Slims | 1 Senayan Library Management System Bulian | 2024-11-21 | N/A | 8.8 HIGH |
| Senayan Library Management Systems (Slims) 9 Bulian v9.6.1 is vulnerable to SQL Injection via admin/modules/reporting/customs/fines_report.php. | |||||
| CVE-2023-48764 | 1 Guardgiant | 1 Guardgiant | 2024-11-21 | N/A | 7.6 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in GuardGiant Brute Force Protection WordPress Brute Force Protection – Stop Brute Force Attacks.This issue affects WordPress Brute Force Protection – Stop Brute Force Attacks: from n/a through 2.2.5. | |||||
| CVE-2023-48742 | 1 Wpexperts | 1 License Manager For Woocommerce | 2024-11-21 | N/A | 7.6 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LicenseManager License Manager for WooCommerce license-manager-for-woocommerce allows SQL Injection.This issue affects License Manager for WooCommerce: from n/a through 2.2.10. | |||||
| CVE-2023-48738 | 1 Portotheme | 1 Functionality | 2024-11-21 | N/A | 9.3 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Porto Theme Porto Theme - Functionality.This issue affects Porto Theme - Functionality: from n/a before 2.12.1. | |||||
| CVE-2023-48722 | 1 Phpgurukul | 1 Student Result Management System | 2024-11-21 | N/A | 9.8 CRITICAL |
| Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'class_name' parameter of the add_results.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2023-48720 | 1 Phpgurukul | 1 Student Result Management System | 2024-11-21 | N/A | 9.8 CRITICAL |
| Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'password' parameter of the login.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2023-48718 | 1 Phpgurukul | 1 Student Result Management System | 2024-11-21 | N/A | 9.8 CRITICAL |
| Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'class_name' parameter of the add_students.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2023-48716 | 1 Projectworlds | 1 Student Result Management System | 2024-11-21 | N/A | 9.8 CRITICAL |
| Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'class_id' parameter of the add_classes.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2023-48689 | 1 Projectworlds | 1 Railway Reservation System | 2024-11-21 | N/A | 9.8 CRITICAL |
| Railway Reservation System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'byname' parameter of the train.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2023-48687 | 1 Projectworlds | 1 Railway Reservation System | 2024-11-21 | N/A | 9.8 CRITICAL |
| Railway Reservation System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'from' parameter of the reservation.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2023-48685 | 1 Projectworlds | 1 Railway Reservation System | 2024-11-21 | N/A | 9.8 CRITICAL |
| Railway Reservation System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'psd' parameter of the login.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2023-48434 | 1 Projectworlds | 1 Online Voting System Project | 2024-11-21 | N/A | 9.8 CRITICAL |
| Online Voting System Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the reg_action.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2023-48433 | 1 Projectworlds | 1 Online Voting System Project | 2024-11-21 | N/A | 9.8 CRITICAL |
| Online Voting System Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the login_action.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2023-48395 | 1 Kaifa | 1 Webitr Attendance System | 2024-11-21 | N/A | 6.5 MEDIUM |
| Kaifa Technology WebITR is an online attendance system, it has insufficient validation for user input within a special function. A remote attacker with regular user privilege can exploit this vulnerability to inject arbitrary SQL commands to read database. | |||||
| CVE-2023-48384 | 1 Armorxgt | 1 Spamtrap | 2024-11-21 | N/A | 9.8 CRITICAL |
| ArmorX Global Technology Corporation ArmorX Spam has insufficient validation for user input within a special function. An unauthenticated remote attacker can exploit this vulnerability to inject arbitrary SQL commands to access, modify and delete database. | |||||
| CVE-2023-48372 | 1 Itpison | 1 Omicard Edm | 2024-11-21 | N/A | 9.8 CRITICAL |
| ITPison OMICARD EDM 's SMS-related function has insufficient validation for user input. An unauthenticated remote attacker can exploit this vulnerability to inject arbitrary SQL commands to access, modify and delete database. | |||||
| CVE-2023-48327 | 1 Wcvendors | 1 Woocommerce Multi-vendor\, Woocommerce Marketplace\, Product Vendors | 2024-11-21 | N/A | 7.6 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WC Vendors WC Vendors – WooCommerce Multi-Vendor, WooCommerce Marketplace, Product Vendors.This issue affects WC Vendors – WooCommerce Multi-Vendor, WooCommerce Marketplace, Product Vendors: from n/a through 2.4.7. | |||||