Total
9311 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-10019 | 1 Oclc | 1 Oaicat | 2023-02-28 | N/A | 9.8 CRITICAL |
| A vulnerability was found in OCLC-Research OAICat 1.5.61. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to sql injection. The attack may be initiated remotely. Upgrading to version 1.5.62 is able to address this issue. The name of the patch is 6cc65501869fa663bcd24a70b63f41f5cfe6b3e1. It is recommended to upgrade the affected component. The identifier VDB-221489 was assigned to this vulnerability. | |||||
| CVE-2022-29822 | 1 Featherjs | 1 Feathers-sequelize | 2023-02-28 | N/A | 9.8 CRITICAL |
| Due to improper parameter filtering in the Feathers js library, which may ultimately lead to SQL injection | |||||
| CVE-2022-2422 | 1 Featherjs | 1 Feathers-sequelize | 2023-02-28 | N/A | 9.8 CRITICAL |
| Due to improper input validation in the Feathers js library, it is possible to perform a SQL injection attack on the back-end database, in case the feathers-sequelize package is used. | |||||
| CVE-2023-23279 | 1 Canteen Management System Project | 1 Canteen Management System | 2023-02-28 | N/A | 9.8 CRITICAL |
| Canteen Management System 1.0 is vulnerable to SQL Injection via /php_action/getOrderReport.php. | |||||
| CVE-2021-32441 | 1 Exponentcms | 1 Exponent Cms | 2023-02-28 | N/A | 7.5 HIGH |
| SQL Injection vulnerability in Exponent-CMS v.2.6.0 fixed in 2.7.0 allows attackers to gain access to sensitive information via the selectValue function in the expConfig class. | |||||
| CVE-2023-26020 | 4 Apple, Craftercms, Linux and 1 more | 4 Macos, Crafter Cms, Linux Kernel and 1 more | 2023-02-28 | N/A | 7.2 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Crafter Studio on Linux, MacOS, Windows, x86, ARM, 64 bit allows SQL Injection.This issue affects CrafterCMS v4.0 from 4.0.0 through 4.0.1, and v3.1 from 3.1.0 through 3.1.26. | |||||
| CVE-2019-9918 | 1 Harmistechnology | 1 Je Messenger | 2023-02-28 | 6.4 MEDIUM | 9.1 CRITICAL |
| An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. Input does not get validated and queries are not written in a way to prevent SQL injection. Therefore arbitrary SQL-Statements can be executed in the database. | |||||
| CVE-2023-23007 | 1 Ecisp | 1 Espcms | 2023-02-28 | N/A | 7.2 HIGH |
| An issue was discovered in ESPCMS P8.21120101 after logging in to the background, there is a SQL injection vulnerability in the function node where members are added. | |||||
| CVE-2019-18413 | 1 Typestack Class-validator Project | 1 Typestack Class-validator | 2023-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| In TypeStack class-validator 0.10.2, validate() input validation can be bypassed because certain internal attributes can be overwritten via a conflicting name. Even though there is an optional forbidUnknownValues parameter that can be used to reduce the risk of this bypass, this option is not documented and thus most developers configure input validation in the vulnerable default manner. With this vulnerability, attackers can launch SQL Injection or XSS attacks by injecting arbitrary malicious input. NOTE: a software maintainer agrees with the "is not documented" finding but suggests that much of the responsibility for the risk lies in a different product. | |||||
| CVE-2023-1040 | 1 Online Graduate Tracer System Project | 1 Online Graduate Tracer System | 2023-02-27 | N/A | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, has been found in SourceCodester Online Graduate Tracer System 1.0. Affected by this issue is some unknown functionality of the file tracking/admin/add_acc.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-221798 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-1035 | 1 Clinics Patient Management System Project | 1 Clinics Patient Management System | 2023-02-27 | N/A | 8.8 HIGH |
| A vulnerability was found in SourceCodester Clinics Patient Management System 1.0. It has been classified as critical. Affected is an unknown function of the file update_user.php. The manipulation of the argument user_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221784. | |||||
| CVE-2023-0895 | 1 Wow-company | 1 Wp Coder | 2023-02-27 | N/A | 4.9 MEDIUM |
| The WP Coder – add custom html, css and js code plugin for WordPress is vulnerable to time-based SQL Injection via the ‘id’ parameter in versions up to, and including, 2.5.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with administrative privileges to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | |||||
| CVE-2023-0917 | 1 Simple Customer Relationship Management System Project | 1 Simple Customer Relationship Management System | 2023-02-27 | N/A | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, was found in SourceCodester Simple Customer Relationship Management System 1.0. This affects an unknown part of the file /php-scrm/login.php. The manipulation of the argument Password leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-221493 was assigned to this vulnerability. | |||||
| CVE-2023-0946 | 1 Best Pos Management System Project | 1 Best Pos Management System | 2023-02-27 | N/A | 9.8 CRITICAL |
| A vulnerability has been found in SourceCodester Best POS Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file billing/index.php?id=9. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The identifier VDB-221593 was assigned to this vulnerability. | |||||
| CVE-2023-0938 | 1 Music Gallery Site Project | 1 Music Gallery Site | 2023-02-27 | N/A | 9.8 CRITICAL |
| A vulnerability classified as critical has been found in SourceCodester Music Gallery Site 1.0. This affects an unknown part of the file music_list.php of the component GET Request Handler. The manipulation of the argument cid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-221553 was assigned to this vulnerability. | |||||
| CVE-2023-0915 | 1 Auto Dealer Management System Project | 1 Auto Dealer Management System | 2023-02-27 | N/A | 8.8 HIGH |
| A vulnerability classified as critical has been found in SourceCodester Auto Dealer Management System 1.0. Affected is an unknown function of the file /adms/admin/?page=user/manage_user. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-221490 is the identifier assigned to this vulnerability. | |||||
| CVE-2019-13575 | 1 Wpeverest | 1 Everest Forms | 2023-02-27 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL injection vulnerability exists in WPEverest Everest Forms plugin for WordPress through 1.4.9. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via includes/evf-entry-functions.php | |||||
| CVE-2023-0904 | 1 Employee Task Management System Project | 1 Employee Task Management System | 2023-02-27 | N/A | 8.8 HIGH |
| A vulnerability was found in SourceCodester Employee Task Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file task-details.php. The manipulation of the argument task_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-221453 was assigned to this vulnerability. | |||||
| CVE-2020-25905 | 1 Mobile Shop System Project | 1 Mobile Shop System | 2023-02-27 | 7.5 HIGH | 9.8 CRITICAL |
| An SQL Injection vulnerabilty exists in Sourcecodester Mobile Shop System in PHP MySQL 1.0 via the email parameter in (1) login.php or (2) LoginAsAdmin.php. | |||||
| CVE-2020-29168 | 1 Online Doctor Appointment Booking System Php And Mysql Project | 1 Online Doctor Appointment Booking System Php And Mysql | 2023-02-27 | N/A | 9.8 CRITICAL |
| SQL Injection vulnerability in Projectworlds Online Doctor Appointment Booking System, allows attackers to gain sensitive information via the q parameter to the getuser.php endpoint. | |||||