Total
16313 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-27207 | 1 Online Pizza Ordering System Project | 1 Online Pizza Ordering System | 2024-11-21 | N/A | 9.8 CRITICAL |
| Online Pizza Ordering System 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/manage_user.php. | |||||
| CVE-2023-27205 | 1 Best Pos Management System Project | 1 Best Pos Management System | 2024-11-21 | N/A | 9.8 CRITICAL |
| Best POS Management System 1.0 was discovered to contain a SQL injection vulnerability via the month parameter at /kruxton/sales_report.php. | |||||
| CVE-2023-27204 | 1 Best Pos Management System Project | 1 Best Pos Management System | 2024-11-21 | N/A | 9.8 CRITICAL |
| Best POS Management System 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /kruxton/manage_user.php. | |||||
| CVE-2023-27074 | 1 Phpgurukul | 1 Bp Monitoring Management System | 2024-11-21 | N/A | 9.8 CRITICAL |
| BP Monitoring Management System v1.0 was discovered to contain a SQL injection vulnerability via the emailid parameter in the login page. | |||||
| CVE-2023-27037 | 1 Qibosoft | 1 Qibocms | 2024-11-21 | N/A | 8.8 HIGH |
| Qibosoft QiboCMS v7 was discovered to contain a remote code execution (RCE) vulnerability via the Get_Title function at label_set_rs.php | |||||
| CVE-2023-27034 | 1 Joommasters | 1 Jms Blog | 2024-11-21 | N/A | 9.8 CRITICAL |
| PrestaShop jmsblog 2.5.5 was discovered to contain a SQL injection vulnerability. | |||||
| CVE-2023-26959 | 1 Phpgurukul | 1 Park Ticketing Management System | 2024-11-21 | N/A | 9.8 CRITICAL |
| Phpgurukul Park Ticketing Management System 1.0 is vulnerable to SQL Injection via the User Name parameter. | |||||
| CVE-2023-26861 | 1 Vivawallet | 1 Viva Wallet | 2024-11-21 | N/A | 9.8 CRITICAL |
| SQL injection vulnerability found in PrestaShop vivawallet v.1.7.10 and before allows a remote attacker to gain privileges via the vivawallet() module. | |||||
| CVE-2023-26859 | 1 Brevo | 1 Brevo | 2024-11-21 | N/A | 9.8 CRITICAL |
| SQL injection vulnerability found in PrestaShop sendinblue v.4.0.15 and before allow a remote attacker to gain privileges via the ajaxOrderTracking.php component. | |||||
| CVE-2023-26784 | 1 Tosec | 1 Kirin Fortress Machine | 2024-11-21 | N/A | 9.8 CRITICAL |
| SQL Injection vulnerability found in Kirin Fortress Machine v.1.7-2020-0610 allows attackers to execute arbitrary code via the /admin.php?controller=admin_commonuser parameter. | |||||
| CVE-2023-26780 | 1 Yf-exam Project | 1 Yf-exam | 2024-11-21 | N/A | 9.8 CRITICAL |
| CleverStupidDog yf-exam v 1.8.0 is vulnerable to SQL Injection. | |||||
| CVE-2023-26584 | 1 Idattend | 1 Idweb | 2024-11-21 | N/A | 9.8 CRITICAL |
| Unauthenticated SQL injection in the GetStudentInconsistencies method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. | |||||
| CVE-2023-26583 | 1 Idattend | 1 Idweb | 2024-11-21 | N/A | 9.8 CRITICAL |
| Unauthenticated SQL injection in the GetCurrentPeriod method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. | |||||
| CVE-2023-26582 | 1 Idattend | 1 Idweb | 2024-11-21 | N/A | 9.8 CRITICAL |
| Unauthenticated SQL injection in the GetExcursionDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. | |||||
| CVE-2023-26581 | 1 Idattend | 1 Idweb | 2024-11-21 | N/A | 9.8 CRITICAL |
| Unauthenticated SQL injection in the GetVisitors method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. | |||||
| CVE-2023-26572 | 1 Idattend | 1 Idweb | 2024-11-21 | N/A | 9.8 CRITICAL |
| Unauthenticated SQL injection in the GetExcursionList method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. | |||||
| CVE-2023-26569 | 1 Idattend | 1 Idweb | 2024-11-21 | N/A | 9.8 CRITICAL |
| Unauthenticated SQL injection in the StudentPopupDetails_Timetable method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. | |||||
| CVE-2023-26568 | 1 Idattend | 1 Idweb | 2024-11-21 | N/A | 9.8 CRITICAL |
| Unauthenticated SQL injection in the GetStudentGroupStudents method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. | |||||
| CVE-2023-26525 | 1 Wedevs | 1 Dokan | 2024-11-21 | N/A | 7.1 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in weDevs Dokan – Best WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy.This issue affects Dokan – Best WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy: from n/a through 3.7.12. | |||||
| CVE-2023-26454 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-11-21 | N/A | 7.6 HIGH |
| Requests to fetch image metadata could be abused to include SQL queries that would be executed unchecked. Exploiting this vulnerability requires at least access to adjacent networks of the imageconverter service, which is not exposed to public networks by default. Arbitrary SQL statements could be executed in the context of the services database user account. API requests are now properly checked for valid content and attempts to circumvent this check are being logged as error. No publicly available exploits are known. | |||||