Total
16884 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-35065 | 1 Osoft | 1 Dyeing - Printing - Finishing Production Management | 2024-11-21 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Osoft Paint Production Management allows SQL Injection.This issue affects Paint Production Management: before 2.1. | |||||
| CVE-2023-35064 | 1 Satos | 1 Satos Mobile | 2024-11-21 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Satos Satos Mobile allows SQL Injection through SOAP Parameter Tampering.This issue affects Satos Mobile: before 20230607. | |||||
| CVE-2023-34991 | 1 Fortinet | 1 Fortiwlm | 2024-11-21 | N/A | 9.8 CRITICAL |
| A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 and 8.4.0 through 8.4.2 and 8.3.0 through 8.3.2 and 8.2.2 allows attacker to execute unauthorized code or commands via a crafted http request. | |||||
| CVE-2023-34976 | 1 Qnap | 1 Video Station | 2024-11-21 | N/A | 4.3 MEDIUM |
| A SQL injection vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: Video Station 5.7.0 ( 2023/07/27 ) and later | |||||
| CVE-2023-34975 | 1 Qnap | 1 Video Station | 2024-11-21 | N/A | 6.6 MEDIUM |
| An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. QuTScloud c5.1.x is not affected. We have already fixed the vulnerability in the following versions: QuTS hero h4.5.4.2626 build 20231225 and later QTS 4.5.4.2627 build 20231225 and later | |||||
| CVE-2023-34735 | 1 Property Cloud Platform Management Center Project | 1 Property Cloud Platform Management Center | 2024-11-21 | N/A | 9.8 CRITICAL |
| Property Cloud Platform Management Center 1.0 is vulnerable to error-based SQL injection. | |||||
| CVE-2023-34659 | 1 Jeecg | 1 Jeecg Boot | 2024-11-21 | N/A | 9.8 CRITICAL |
| jeecg-boot 3.5.0 and 3.5.1 have a SQL injection vulnerability the id parameter of the /jeecg-boot/jmreport/show interface. | |||||
| CVE-2023-34635 | 1 Wifi-soft | 1 Unibox Administration | 2024-11-21 | N/A | 9.8 CRITICAL |
| Wifi Soft Unibox Administration 3.0 and 3.1 is vulnerable to SQL Injection. The vulnerability occurs because of not validating or sanitizing the user input in the username field of the login page. | |||||
| CVE-2023-34626 | 1 Piwigo | 1 Piwigo | 2024-11-21 | N/A | 4.3 MEDIUM |
| Piwigo 13.7.0 is vulnerable to SQL Injection via the "Users" function. | |||||
| CVE-2023-34601 | 1 Jeesite | 1 Jeesite | 2024-11-21 | N/A | 9.8 CRITICAL |
| Jeesite before commit 10742d3 was discovered to contain a SQL injection vulnerability via the component ${businessTable} at /act/ActDao.xml. | |||||
| CVE-2023-34581 | 1 Oretnom23 | 1 Service Provider Management System | 2024-11-21 | N/A | 9.8 CRITICAL |
| Sourcecodester Service Provider Management System v1.0 is vulnerable to SQL Injection via the ID parameter in /php-spms/?page=services/view&id=2 | |||||
| CVE-2023-34577 | 1 Planned Popup Project | 1 Planned Popup | 2024-11-21 | N/A | 9.8 CRITICAL |
| SQL injection vulnerability in Prestashop opartplannedpopup 1.4.11 and earlier allows remote attackers to run arbitrary SQL commands via OpartPlannedPopupModuleFrontController::prepareHook() method. | |||||
| CVE-2023-34576 | 1 Opartfaq Project | 1 Opartfaq | 2024-11-21 | N/A | 9.8 CRITICAL |
| SQL injection vulnerability in updatepos.php in PrestaShop opartfaq through 1.0.3 allows remote attackers to run arbitrary SQL commands via unspedified vector. | |||||
| CVE-2023-34575 | 1 Op\'art Save Cart Project | 1 Op\'art Save Cart | 2024-11-21 | N/A | 9.8 CRITICAL |
| SQL injection vulnerability in PrestaShop opartsavecart through 2.0.7 allows remote attackers to run arbitrary SQL commands via OpartSaveCartDefaultModuleFrontController::initContent() and OpartSaveCartDefaultModuleFrontController::displayAjaxSendCartByEmail() methods. | |||||
| CVE-2023-34545 | 1 Cskaza | 1 Cszcms | 2024-11-21 | N/A | 9.8 CRITICAL |
| A SQL injection vulnerability in CSZCMS 1.3.0 allows remote attackers to run arbitrary SQL commands via p parameter or the search URL. | |||||
| CVE-2023-34487 | 1 Online Hotel Management System Project | 1 Online Hotel Management System | 2024-11-21 | N/A | 9.8 CRITICAL |
| itsourcecode Online Hotel Management System Project In PHP v1.0.0 is vulnerable to SQL Injection. SQL injection points exist in the login password input box. This vulnerability can be exploited through time-based blind injection. | |||||
| CVE-2023-34477 | 1 Braincert | 1 Virtual Classroom | 2024-11-21 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability allows SQL Injection. | |||||
| CVE-2023-34476 | 1 Mooj | 1 Proforms | 2024-11-21 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability allows SQL Injection. | |||||
| CVE-2023-34418 | 1 Lenovo | 1 Xclarity Administrator | 2024-11-21 | N/A | 8.1 HIGH |
| A valid, authenticated LXCA user may be able to gain unauthorized access to events and other data stored in LXCA due to a SQL injection vulnerability in a specific web API. | |||||
| CVE-2023-34383 | 1 Wedevs | 1 Wp Project Manager | 2024-11-21 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in weDevs WP Project Manager wedevs-project-manager allows SQL Injection.This issue affects WP Project Manager: from n/a through 2.6.0. | |||||