Total
9311 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-24812 | 1 Misskey | 1 Misskey | 2023-03-02 | N/A | 9.8 CRITICAL |
Misskey is an open source, decentralized social media platform. In versions prior to 13.3.3 SQL injection is possible due to insufficient parameter validation in the note search API by tag (notes/search-by-tag). This has been fixed in version 13.3.3. Users are advised to upgrade. Users unable to upgrade should block access to the `api/notes/search-by-tag` endpoint. | |||||
CVE-2022-48149 | 1 Online Student Admission System Project | 1 Online Student Admission System | 2023-03-02 | N/A | 9.8 CRITICAL |
Online Student Admission System in PHP Free Source Code 1.0 was discovered to contain a SQL injection vulnerability via the username parameter. | |||||
CVE-2023-25813 | 1 Sequelizejs | 1 Sequelize | 2023-03-02 | N/A | 9.8 CRITICAL |
Sequelize is a Node.js ORM tool. In versions prior to 6.19.1 a SQL injection exploit exists related to replacements. Parameters which are passed through replacements are not properly escaped which can lead to arbitrary SQL injection depending on the specific queries in use. The issue has been fixed in Sequelize 6.19.1. Users are advised to upgrade. Users unable to upgrade should not use the `replacements` and the `where` option in the same query. | |||||
CVE-2023-25158 | 1 Geotools | 1 Geotools | 2023-03-02 | N/A | 9.8 CRITICAL |
GeoTools is an open source Java library that provides tools for geospatial data. GeoTools includes support for OGC Filter expression language parsing, encoding and execution against a range of datastore. SQL Injection Vulnerabilities have been found when executing OGC Filters with JDBCDataStore implementations. Users are advised to upgrade to either version 27.4 or to 28.2 to resolve this issue. Users unable to upgrade may disable `encode functions` for PostGIS DataStores or enable `prepared statements` for JDBCDataStores as a partial mitigation. | |||||
CVE-2023-0980 | 1 Yoga Class Registration System Project | 1 Yoga Class Registration System | 2023-03-02 | N/A | 9.8 CRITICAL |
A vulnerability was found in SourceCodester Yoga Class Registration System 1.0 and classified as critical. This issue affects some unknown processing of the file admin/registrations/update_status.php of the component Status Update Handler. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-221675. | |||||
CVE-2023-0981 | 1 Yoga Class Registration System Project | 1 Yoga Class Registration System | 2023-03-02 | N/A | 9.8 CRITICAL |
A vulnerability was found in SourceCodester Yoga Class Registration System 1.0. It has been classified as critical. Affected is an unknown function of the component Delete User. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-221676. | |||||
CVE-2023-0982 | 1 Yoga Class Registration System Project | 1 Yoga Class Registration System | 2023-03-02 | N/A | 9.8 CRITICAL |
A vulnerability was found in SourceCodester Yoga Class Registration System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Add Class Entry. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The identifier VDB-221677 was assigned to this vulnerability. | |||||
CVE-2023-0997 | 1 Moosikay E-commerce System Project | 1 Moosikay E-commerce System | 2023-03-02 | N/A | 8.8 HIGH |
A vulnerability was found in SourceCodester Moosikay E-Commerce System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /Moosikay/order.php of the component POST Parameter Handler. The manipulation of the argument username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221732. | |||||
CVE-2023-0986 | 1 Sales Tracker Management System Project | 1 Sales Tracker Management System | 2023-03-02 | N/A | 9.8 CRITICAL |
A vulnerability classified as critical has been found in SourceCodester Sales Tracker Management System 1.0. This affects an unknown part of the file admin/?page=user/manage_user of the component Edit User. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-221679. | |||||
CVE-2023-0964 | 1 Sales Tracker Management System Project | 1 Sales Tracker Management System | 2023-03-02 | N/A | 9.8 CRITICAL |
A vulnerability classified as critical has been found in SourceCodester Sales Tracker Management System 1.0. Affected is an unknown function of the file admin/products/view_product.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. VDB-221634 is the identifier assigned to this vulnerability. | |||||
CVE-2023-0962 | 1 Music Gallery Site Project | 1 Music Gallery Site | 2023-03-02 | N/A | 8.8 HIGH |
A vulnerability was found in SourceCodester Music Gallery Site 1.0. It has been declared as critical. This vulnerability affects unknown code of the file Master.php of the component GET Request Handler. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221632. | |||||
CVE-2023-0961 | 1 Music Gallery Site Project | 1 Music Gallery Site | 2023-03-02 | N/A | 9.8 CRITICAL |
A vulnerability was found in SourceCodester Music Gallery Site 1.0. It has been classified as critical. This affects an unknown part of the file view_music_details.php of the component GET Request Handler. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221631. | |||||
CVE-2015-10084 | 1 Irontec | 1 Klear-library | 2023-03-02 | N/A | 9.8 CRITICAL |
A vulnerability was found in irontec klear-library chloe and classified as critical. Affected by this issue is the function _prepareWhere of the file Controller/Rest/BaseController.php. The manipulation leads to sql injection. Upgrading to version marla is able to address this issue. The name of the patch is b25262de52fdaffde2a4434fc2a84408b304fbc5. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-221504. | |||||
CVE-2022-45677 | 1 Tuition Management System Project | 1 Tuition Management System | 2023-03-02 | N/A | 9.8 CRITICAL |
SQL Injection Vulnerability in tanujpatra228 Tution Management System (TMS) via the email parameter to processes/student_login.process.php. | |||||
CVE-2022-45564 | 1 Znfit | 1 Home Improvement Erp Management System | 2023-03-02 | N/A | 9.8 CRITICAL |
SQL Injection vulnerability in znfit Home improvement ERP management system V50_20220207,v42 allows attackers to execute arbitrary sql commands via the userCode parameter to the wechat applet. | |||||
CVE-2022-24844 | 2 Gin-vue-admin Project, Postgresql | 2 Gin-vue-admin, Postgresql | 2023-03-01 | 6.5 MEDIUM | 8.8 HIGH |
Gin-vue-admin is a backstage management system based on vue and gin, which separates the front and rear of the full stack. The problem occurs in the following code in server/service/system/sys_auto_code_pgsql.go, which means that PostgreSQL must be used as the database for this vulnerability to occur. Users must: Require JWT login? and be using PostgreSQL to be affected. This issue has been resolved in version 2.5.1. There are no known workarounds. | |||||
CVE-2020-5511 | 1 Small Crm Project | 1 Small Crm | 2023-03-01 | 6.5 MEDIUM | 8.8 HIGH |
PHPGurukul Small CRM v2.0 was found vulnerable to authentication bypass via SQL injection when logging into the administrator login page. | |||||
CVE-2023-0903 | 1 Employee Task Management System Project | 1 Employee Task Management System | 2023-03-01 | N/A | 8.8 HIGH |
A vulnerability was found in SourceCodester Employee Task Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file edit-task.php. The manipulation of the argument task_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221452. | |||||
CVE-2021-29350 | 1 Shipment 100-design Material Download System Project | 1 Shipment 100-design Material Download System | 2023-03-01 | 6.5 MEDIUM | 7.2 HIGH |
SQL injection in the getip function in conn/function.php in ??100-???????? 1.1 allows remote attackers to inject arbitrary SQL commands via the X-Forwarded-For header to admin/product_add.php. | |||||
CVE-2019-13573 | 1 Foliovision | 1 Fv Flowplayer Video Player | 2023-03-01 | 10.0 HIGH | 9.8 CRITICAL |
A SQL injection vulnerability exists in the FolioVision FV Flowplayer Video Player plugin before 7.3.19.727 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system. |