Total
16313 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-28491 | 1 Tribulant | 1 Slideshow Gallery | 2024-11-21 | N/A | 6.7 MEDIUM |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tribulant Slideshow Gallery LITE.This issue affects Slideshow Gallery LITE: from n/a through 1.7.6. | |||||
| CVE-2023-28438 | 1 Pimcore | 1 Pimcore | 2024-11-21 | N/A | 6.2 MEDIUM |
| Pimcore is an open source data and experience management platform. Prior to version 10.5.19, since a user with 'report' permission can already write arbitrary SQL queries and given the fact that this endpoint is using the GET method (no CSRF protection), an attacker can inject an arbitrary query by manipulating a user to click on a link. Users should upgrade to version 10.5.19 to receive a patch or, as a workaround, may apply the patch manually. | |||||
| CVE-2023-28437 | 1 Dataease | 1 Dataease | 2024-11-21 | N/A | 9.8 CRITICAL |
| Dataease is an open source data visualization and analysis tool. The blacklist for SQL injection protection is missing entries. This vulnerability has been fixed in version 1.18.5. There are no known workarounds. | |||||
| CVE-2023-28329 | 1 Moodle | 1 Moodle | 2024-11-21 | N/A | 8.8 HIGH |
| Insufficient validation of profile field availability condition resulted in an SQL injection risk (by default only available to teachers and managers). | |||||
| CVE-2023-28108 | 1 Pimcore | 1 Pimcore | 2024-11-21 | N/A | 7.9 HIGH |
| Pimcore is an open source data and experience management platform. Prior to version 10.5.19, quoting is not done properly in UUID DAO model. There is the theoretical possibility to inject custom SQL if the developer is using this methods with input data and not doing proper input validation in advance and so relies on the auto-quoting being done by the DAO class. Users should update to version 10.5.19 to receive a patch or, as a workaround, apply the patch manually. | |||||
| CVE-2023-28019 | 1 Hcltech | 1 Bigfix Webui | 2024-11-21 | N/A | 5.5 MEDIUM |
| Insufficient validation in Bigfix WebUI API App site version < 14 allows an authenticated WebUI user to issue SQL queries via an unparameterized SQL query. | |||||
| CVE-2023-27847 | 1 Xipblog Project | 1 Xipblog | 2024-11-21 | N/A | 9.8 CRITICAL |
| SQL injection vulnerability found in PrestaShop xipblog v.2.0.1 and before allow a remote attacker to gain privileges via the xipcategoryclass and xippostsclass components. | |||||
| CVE-2023-27846 | 1 Themevolty | 1 Theme Volty Cms Blog | 2024-11-21 | N/A | 9.8 CRITICAL |
| SQL injection vulnerability found in PrestaShop themevolty v.4.0.8 and before allow a remote attacker to gain privileges via the tvcmsblog, tvcmsvideotab, tvcmswishlist, tvcmsbrandlist, tvcmscategorychainslider, tvcmscategoryproduct, tvcmscategoryslider, tvcmspaymenticon, tvcmstestimonial components. | |||||
| CVE-2023-27845 | 1 Kerawen | 1 Omnichannel Stocks | 2024-11-21 | N/A | 9.8 CRITICAL |
| SQL injection vulnerability found in PrestaShop lekerawen_ocs before v.1.4.1 allow a remote attacker to gain privileges via the KerawenHelper::setCartOperationInfo, and KerawenHelper::resetCheckoutSessionData components. | |||||
| CVE-2023-27610 | 1 Transbank | 1 Transbank Webpay Rest | 2024-11-21 | N/A | 5.5 MEDIUM |
| Auth. (admin+) SQL Injection (SQLi) vulnerability in TransbankDevelopers Transbank Webpay REST plugin <= 1.6.6 versions. | |||||
| CVE-2023-27605 | 1 Wp Reroute Email Project | 1 Wp Reroute Email | 2024-11-21 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Sajjad Hossain WP Reroute Email allows SQL Injection.This issue affects WP Reroute Email: from n/a through 1.4.6. | |||||
| CVE-2023-27463 | 1 Siemens | 1 Ruggedcom Crossbow | 2024-11-21 | N/A | 8.8 HIGH |
| A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.3). The audit log form of affected applications is vulnerable to SQL injection. This could allow authenticated remote attackers to execute arbitrary SQL queries on the server database. | |||||
| CVE-2023-27411 | 1 Siemens | 1 Ruggedcom Crossbow | 2024-11-21 | N/A | 8.8 HIGH |
| A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.4). The affected applications is vulnerable to SQL injection. This could allow an authenticated remote attackers to execute arbitrary SQL queries on the server database and escalate privileges. | |||||
| CVE-2023-27262 | 1 Idattend | 1 Idweb | 2024-11-21 | N/A | 9.8 CRITICAL |
| Unauthenticated SQL injection in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. | |||||
| CVE-2023-27260 | 1 Idattend | 1 Idweb | 2024-11-21 | N/A | 9.8 CRITICAL |
| Unauthenticated SQL injection in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. | |||||
| CVE-2023-27255 | 1 Idattend | 1 Idweb | 2024-11-21 | N/A | 9.8 CRITICAL |
| Unauthenticated SQL injection in the DeleteRoomChanges method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. | |||||
| CVE-2023-27254 | 1 Idattend | 1 Idweb | 2024-11-21 | N/A | 9.8 CRITICAL |
| Unauthenticated SQL injection in the GetRoomChanges method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. | |||||
| CVE-2023-27214 | 1 Online Student Management System Project | 1 Online Student Management System | 2024-11-21 | N/A | 9.8 CRITICAL |
| Online Student Management System v1.0 was discovered to contain multiple SQL injection vulnerabilities via the fromdate and todate parameters at /eduauth/student/between-date-reprtsdetails.php. | |||||
| CVE-2023-27213 | 1 Online Student Management System Project | 1 Online Student Management System | 2024-11-21 | N/A | 9.8 CRITICAL |
| Online Student Management System v1.0 was discovered to contain a SQL injection vulnerability via the searchdata parameter at /eduauth/student/search.php. | |||||
| CVE-2023-27210 | 1 Online Pizza Ordering System Project | 1 Online Pizza Ordering System | 2024-11-21 | N/A | 9.8 CRITICAL |
| Online Pizza Ordering System 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/view_order.php. | |||||