Total
9311 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-0883 | 1 Online Pizza Ordering System Project | 1 Online Pizza Ordering System | 2023-02-27 | N/A | 9.8 CRITICAL |
| A vulnerability has been found in SourceCodester Online Pizza Ordering System 1.0 and classified as critical. This vulnerability affects unknown code of the file /php-opos/index.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-221350 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-40347 | 1 Intern Record System Project | 1 Intern Record System | 2023-02-27 | N/A | 9.8 CRITICAL |
| SQL Injection vulnerability in Intern Record System version 1.0 in /intern/controller.php in 'phone', 'email', 'deptType' and 'name' parameters, allows attackers to execute arbitrary code and gain sensitive information. | |||||
| CVE-2022-40032 | 1 Simple Task Managing System Project | 1 Simple Task Managing System | 2023-02-24 | N/A | 9.8 CRITICAL |
| SQL Injection vulnerability in Simple Task Managing System version 1.0 in login.php in 'username' and 'password' parameters, allows attackers to execute arbitrary code and gain sensitive information. | |||||
| CVE-2023-24221 | 1 Luckyframe | 1 Luckyframeweb | 2023-02-24 | N/A | 9.8 CRITICAL |
| LuckyframeWEB v3.5 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /system/DeptMapper.xml. | |||||
| CVE-2023-24220 | 1 Luckyframe | 1 Luckyframeweb | 2023-02-24 | N/A | 9.8 CRITICAL |
| LuckyframeWEB v3.5 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /system/RoleMapper.xml. | |||||
| CVE-2023-24219 | 1 Luckyframe | 1 Luckyframeweb | 2023-02-24 | N/A | 9.8 CRITICAL |
| LuckyframeWEB v3.5 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /system/UserMapper.xml. | |||||
| CVE-2019-14695 | 1 Sygnoos | 1 Popup Builder | 2023-02-24 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL injection vulnerability exists in the Sygnoos Popup Builder plugin before 3.45 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via com/libs/Table.php because Subscribers Table ordering is mishandled. | |||||
| CVE-2019-13572 | 1 Adenion | 1 Blog2social | 2023-02-24 | 7.5 HIGH | 9.8 CRITICAL |
| The Adenion Blog2Social plugin through 5.5.0 for WordPress allows SQL Injection. | |||||
| CVE-2015-9333 | 1 Cformsii Project | 1 Cformsii | 2023-02-24 | 7.5 HIGH | 9.8 CRITICAL |
| The cforms2 plugin before 14.6.10 for WordPress has SQL injection. | |||||
| CVE-2019-12239 | 1 Wpbookingsystem | 1 Wp Booking System | 2023-02-24 | 6.5 MEDIUM | 7.2 HIGH |
| The WP Booking System plugin 1.5.1 for WordPress has no CSRF protection, which allows attackers to reach certain SQL injection issues that require administrative access. | |||||
| CVE-2023-23459 | 2 Microsoft, Priority-software | 2 Windows, Priority | 2023-02-24 | N/A | 9.8 CRITICAL |
| Priority Windows may allow Command Execution via SQL Injection using an unspecified method. | |||||
| CVE-2020-23685 | 1 Vtimecn | 1 188jianzhan | 2023-02-24 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection vulnerability in 188Jianzhan v2.1.0, allows attackers to execute arbitrary code and gain escalated privileges, via the username parameter to login.php. | |||||
| CVE-2022-23305 | 5 Apache, Broadcom, Netapp and 2 more | 28 Log4j, Brocade Sannav, Snapmanager and 25 more | 2023-02-24 | 6.8 MEDIUM | 9.8 CRITICAL |
| By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. The message converter, %m, is likely to always be included. This allows attackers to manipulate the SQL by entering crafted strings into input fields or headers of an application that are logged allowing unintended SQL queries to be executed. Note this issue only affects Log4j 1.x when specifically configured to use the JDBCAppender, which is not the default. Beginning in version 2.0-beta8, the JDBCAppender was re-introduced with proper support for parameterized SQL queries and further customization over the columns written to in logs. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions. | |||||
| CVE-2022-47770 | 1 Serinf | 1 Fast Checkin | 2023-02-23 | N/A | 9.8 CRITICAL |
| Serenissima Informatica Fast Checkin version v1.0 is vulnerable to Unauthenticated SQL Injection. | |||||
| CVE-2022-4445 | 1 Fl3r Feelbox Project | 1 Fl3r Feelbox | 2023-02-22 | N/A | 9.8 CRITICAL |
| The FL3R FeelBox WordPress plugin through 8.1 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection. | |||||
| CVE-2022-38868 | 1 Ehoney Project | 1 Ehoney | 2023-02-22 | N/A | 7.2 HIGH |
| SQL Injection vulnerability in Ehoney version 2.0.0 in models/protocol.go and models/images.go, allows attackers to execute arbitrary code. | |||||
| CVE-2021-38239 | 1 Dataease | 1 Dataease | 2023-02-22 | N/A | 7.5 HIGH |
| SQL Injection vulnerability in dataease before 1.2.0, allows attackers to gain sensitive information via the orders parameter to /api/sys_msg/list/1/10. | |||||
| CVE-2021-33925 | 1 Cms-corephp Project | 1 Cms-corephp | 2023-02-22 | N/A | 9.8 CRITICAL |
| SQL Injection vulnerability in nitinparashar30 cms-corephp through commit bdabe52ef282846823bda102728a35506d0ec8f9 (May 19, 2021) allows unauthenticated attackers to gain escilated privledges via a crafted login. | |||||
| CVE-2020-21120 | 1 Uqcms | 1 Uqcms | 2023-02-22 | N/A | 9.8 CRITICAL |
| SQL Injection vulnerability in file home\controls\cart.class.php in UQCMS 2.1.3, allows attackers execute arbitrary commands via the cookie_cart parameter to /index.php/cart/num. | |||||
| CVE-2022-38867 | 1 Rttys Project | 1 Rttys | 2023-02-22 | N/A | 8.8 HIGH |
| SQL Injection vulnerability in rttys versions 4.0.0, 4.0.1, and 4.0.2 in api.go, allows attackers to execute arbitrary code. | |||||