Total
16312 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-25615 | 1 Sap | 1 Abap Platform | 2024-11-21 | N/A | 6.8 MEDIUM |
| Due to insufficient input sanitization, SAP ABAP - versions 751, 753, 753, 754, 756, 757, 791, allows an authenticated high privileged user to alter the current session of the user by injecting the malicious database queries over the network and gain access to the unintended data. This may lead to a high impact on the confidentiality and no impact on the availability and integrity of the application. | |||||
| CVE-2023-25432 | 1 Online Reviewer Management System Project | 1 Online Reviewer Management System | 2024-11-21 | N/A | 7.2 HIGH |
| An issue was discovered in Online Reviewer Management System v1.0. There is a SQL injection that can directly issue instructions to the background database system via reviewer_0/admins/assessments/course/course-update.php. | |||||
| CVE-2023-25330 | 1 Mybatis | 1 Mybatis | 2024-11-21 | N/A | 9.8 CRITICAL |
| A SQL injection vulnerability in Mybatis plus below 3.5.3.1 allows remote attackers to execute arbitrary SQL commands via the tenant ID valuer. NOTE: the vendor's position is that this can only occur in a misconfigured application; the documentation discusses how to develop applications that avoid SQL injection. | |||||
| CVE-2023-25206 | 1 Prestashop | 1 Advanced Reviews | 2024-11-21 | N/A | 8.8 HIGH |
| PrestaShop ws_productreviews < 3.6.2 is vulnerable to SQL Injection. | |||||
| CVE-2023-25197 | 1 Apache | 1 Fineract | 2024-11-21 | N/A | 6.3 MEDIUM |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Software Foundation apache fineract. Authorized users may be able to exploit this for limited impact on components. This issue affects apache fineract: from 1.4 through 1.8.2. | |||||
| CVE-2023-25196 | 1 Apache | 1 Fineract | 2024-11-21 | N/A | 4.3 MEDIUM |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Software Foundation Apache Fineract. Authorized users may be able to change or add data in certain components. This issue affects Apache Fineract: from 1.4 through 1.8.2. | |||||
| CVE-2023-25158 | 1 Geotools | 1 Geotools | 2024-11-21 | N/A | 9.8 CRITICAL |
| GeoTools is an open source Java library that provides tools for geospatial data. GeoTools includes support for OGC Filter expression language parsing, encoding and execution against a range of datastore. SQL Injection Vulnerabilities have been found when executing OGC Filters with JDBCDataStore implementations. Users are advised to upgrade to either version 27.4 or to 28.2 to resolve this issue. Users unable to upgrade may disable `encode functions` for PostGIS DataStores or enable `prepared statements` for JDBCDataStores as a partial mitigation. | |||||
| CVE-2023-25157 | 1 Osgeo | 1 Geoserver | 2024-11-21 | N/A | 9.8 CRITICAL |
| GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. GeoServer includes support for the OGC Filter expression language and the OGC Common Query Language (CQL) as part of the Web Feature Service (WFS) and Web Map Service (WMS) protocols. CQL is also supported through the Web Coverage Service (WCS) protocol for ImageMosaic coverages. Users are advised to upgrade to either version 2.21.4, or version 2.22.2 to resolve this issue. Users unable to upgrade should disable the PostGIS Datastore *encode functions* setting to mitigate ``strEndsWith``, ``strStartsWith`` and ``PropertyIsLike `` misuse and enable the PostGIS DataStore *preparedStatements* setting to mitigate the ``FeatureId`` misuse. | |||||
| CVE-2023-25047 | 1 Carrcommunications | 1 Rsvpmaker | 2024-11-21 | N/A | 7.2 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David F. Carr RSVPMaker rsvpmaker allows SQL Injection.This issue affects RSVPMaker: from n/a through 9.9.3. | |||||
| CVE-2023-25045 | 1 Carrcommunications | 1 Rsvpmaker | 2024-11-21 | N/A | 6.7 MEDIUM |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David F. Carr RSVPMaker allows SQL Injection.This issue affects RSVPMaker: from n/a through 9.9.3. | |||||
| CVE-2023-24840 | 1 Hgiga | 1 Oaklouds Mailsherlock | 2024-11-21 | N/A | 7.2 HIGH |
| HGiga MailSherlock mail query function has vulnerability of insufficient validation for user input. An authenticated remote attacker with administrator privilege can exploit this vulnerability to inject SQL commands to read, modify, and delete the database. | |||||
| CVE-2023-24812 | 1 Misskey | 1 Misskey | 2024-11-21 | N/A | 8.8 HIGH |
| Misskey is an open source, decentralized social media platform. In versions prior to 13.3.3 SQL injection is possible due to insufficient parameter validation in the note search API by tag (notes/search-by-tag). This has been fixed in version 13.3.3. Users are advised to upgrade. Users unable to upgrade should block access to the `api/notes/search-by-tag` endpoint. | |||||
| CVE-2023-24788 | 1 Notrinos | 1 Notrinoserp | 2024-11-21 | N/A | 8.8 HIGH |
| NotrinosERP v0.7 was discovered to contain a SQL injection vulnerability via the OrderNumber parameter at /NotrinosERP/sales/customer_delivery.php. | |||||
| CVE-2023-24726 | 1 Phpgurukul | 1 Art Gallery Management System | 2024-11-21 | N/A | 9.8 CRITICAL |
| Art Gallery Management System v1.0 was discovered to contain a SQL injection vulnerability via the viewid parameter on the enquiry page. | |||||
| CVE-2023-24643 | 1 Judging Management System Project | 1 Judging Management System | 2024-11-21 | N/A | 9.8 CRITICAL |
| Judging Management System v1.0 was discovered to contain a SQL injection vulnerability via the sid parameter at /php-jms/updateBlankTxtview.php. | |||||
| CVE-2023-24258 | 1 Spip | 1 Spip | 2024-11-21 | N/A | 9.8 CRITICAL |
| SPIP v4.1.5 and earlier was discovered to contain a SQL injection vulnerability via the _oups parameter. This vulnerability allows attackers to execute arbitrary code via a crafted POST request. | |||||
| CVE-2023-24253 | 1 Domoticalabs | 1 Ikon Server | 2024-11-21 | N/A | 9.8 CRITICAL |
| Domotica Labs srl Ikon Server before v2.8.6 was discovered to contain a SQL injection vulnerability. | |||||
| CVE-2023-24206 | 1 Davinci Project | 1 Davinci | 2024-11-21 | N/A | 9.8 CRITICAL |
| Davinci v0.3.0-rc was discovered to contain a SQL injection vulnerability via the copyDisplay function. | |||||
| CVE-2023-24000 | 1 Gamipress | 1 Gamipress | 2024-11-21 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in GamiPress gamipress allows SQL Injection.This issue affects GamiPress: from n/a through 2.5.7. | |||||
| CVE-2023-23991 | 2024-11-21 | N/A | 7.6 HIGH | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPdevelop / Oplugins Booking Calendar allows SQL Injection.This issue affects Booking Calendar: from n/a through 9.4.3. | |||||