Total
9311 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-28438 | 2023-03-22 | N/A | N/A | ||
| Pimcore is an open source data and experience management platform. Prior to version 10.5.19, since a user with 'report' permission can already write arbitrary SQL queries and given the fact that this endpoint is using the GET method (no CSRF protection), an attacker can inject an arbitrary query by manipulating a user to click on a link. Users should upgrade to version 10.5.19 to receive a patch or, as a workaround, may apply the patch manually. | |||||
| CVE-2023-25615 | 1 Sap | 1 Abap Platform | 2023-03-22 | N/A | 4.9 MEDIUM |
| Due to insufficient input sanitization, SAP ABAP - versions 751, 753, 753, 754, 756, 757, 791, allows an authenticated high privileged user to alter the current session of the user by injecting the malicious database queries over the network and gain access to the unintended data. This may lead to a high impact on the confidentiality and no impact on the availability and integrity of the application. | |||||
| CVE-2023-27041 | 1 School Registration And Fee System Project | 1 School Registration And Fee System | 2023-03-22 | N/A | 9.8 CRITICAL |
| School Registration and Fee System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at/bilal final/edit_user.php. | |||||
| CVE-2023-28108 | 1 Pimcore | 1 Pimcore | 2023-03-22 | N/A | 7.8 HIGH |
| Pimcore is an open source data and experience management platform. Prior to version 10.5.19, quoting is not done properly in UUID DAO model. There is the theoretical possibility to inject custom SQL if the developer is using this methods with input data and not doing proper input validation in advance and so relies on the auto-quoting being done by the DAO class. Users should update to version 10.5.19 to receive a patch or, as a workaround, apply the patch manually. | |||||
| CVE-2023-1578 | 2023-03-22 | N/A | N/A | ||
| SQL Injection in GitHub repository pimcore/pimcore prior to 10.5.19. | |||||
| CVE-2023-26784 | 1 Tosec | 1 Kirin Fortress Machine | 2023-03-22 | N/A | 9.8 CRITICAL |
| SQL Injection vulnerability found in Kirin Fortress Machine v.1.7-2020-0610 allows attackers to execute arbitrary code via the /admin.php?controller=admin_commonuser parameter. | |||||
| CVE-2023-1563 | 2023-03-22 | N/A | N/A | ||
| A vulnerability has been found in SourceCodester Student Study Center Desk Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/assign/assign.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223555. | |||||
| CVE-2023-1571 | 2023-03-22 | N/A | N/A | ||
| A vulnerability, which was classified as critical, was found in DataGear up to 4.5.0. This affects an unknown part of the file /analysisProject/pagingQueryData. The manipulation of the argument queryOrder leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.5.1 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-223563. | |||||
| CVE-2023-1564 | 2023-03-22 | N/A | N/A | ||
| A vulnerability was found in SourceCodester Air Cargo Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file admin/transactions/update_status.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-223556. | |||||
| CVE-2023-1566 | 2023-03-22 | N/A | N/A | ||
| A vulnerability was found in SourceCodester Medical Certificate Generator App 1.0. It has been declared as critical. This vulnerability affects unknown code of the file action.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-223558 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-1556 | 2023-03-22 | N/A | N/A | ||
| A vulnerability was found in SourceCodester Judging Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file summary_results.php. The manipulation of the argument main_event_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-223549 was assigned to this vulnerability. | |||||
| CVE-2023-27709 | 1 Dedecms | 1 Dedecms | 2023-03-21 | N/A | 7.2 HIGH |
| SQL injection vulnerability found in DedeCMS v.5.7.106 allows a remote attacker to execute arbitrary code via the rank_* parameter in the /dedestory_catalog.php endpoint. | |||||
| CVE-2023-27707 | 1 Dedecms | 1 Dedecms | 2023-03-21 | N/A | 7.2 HIGH |
| SQL injection vulnerability found in DedeCMS v.5.7.106 allows a remote attacker to execute arbitrary code via the rank_* parameter in the /dede/group_store.php endpoint. | |||||
| CVE-2023-27037 | 1 Qibosoft | 1 Qibocms | 2023-03-21 | N/A | 8.8 HIGH |
| Qibosoft QiboCMS v7 was discovered to contain a remote code execution (RCE) vulnerability via the Get_Title function at label_set_rs.php | |||||
| CVE-2023-27250 | 1 Online Book Store Project Project | 1 Online Book Store Project | 2023-03-21 | N/A | 9.8 CRITICAL |
| Online Book Store Project v1.0 is vulnerable to SQL Injection via /bookstore/bookPerPub.php. | |||||
| CVE-2023-25684 | 2023-03-21 | N/A | N/A | ||
| IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 247597. | |||||
| CVE-2022-4371 | 1 Mohanjith | 1 Web Invoice | 2023-03-21 | N/A | 7.2 HIGH |
| The Web Invoice WordPress plugin through 2.1.3 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL Injection exploitable by high privilege users such as admin by default. However, depending on the plugin configuration, other users, such as subscriber could exploit this as well | |||||
| CVE-2022-46763 | 2 Microsoft, Trueconf | 2 Windows, Server | 2023-03-21 | N/A | 8.8 HIGH |
| A SQL injection issue in a database stored function in TrueConf Server 5.2.0.10225 allows a low-privileged database user to execute arbitrary SQL commands as the database administrator, resulting in execution of arbitrary code. | |||||
| CVE-2012-10009 | 2023-03-21 | N/A | N/A | ||
| A vulnerability was found in 404like Plugin up to 1.0.2. It has been classified as critical. Affected is the function checkPage of the file 404Like.php. The manipulation of the argument searchWord leads to sql injection. It is possible to launch the attack remotely. Upgrading to version 1.0.2 is able to address this issue. The name of the patch is 2c4b589d27554910ab1fd104ddbec9331b540f7f. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-223404. | |||||
| CVE-2023-0630 | 2023-03-21 | N/A | N/A | ||
| The Slimstat Analytics WordPress plugin before 4.9.3.3 does not prevent subscribers from rendering shortcodes that concatenates attributes directly into an SQL query. | |||||