Total
9311 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-22630 | 1 Izybat | 1 Orange Casiers | 2023-02-02 | N/A | 4.3 MEDIUM |
| IzyBat Orange casiers before 20221102_1 allows SQL Injection via a getCasier.php?taille= URI. | |||||
| CVE-2018-3882 | 1 Erpnext | 1 Erpnext | 2023-02-02 | 6.5 MEDIUM | 8.8 HIGH |
| An exploitable SQL injection vulnerability exists in the authenticated part of ERPNext v10.1.6. Specially crafted web requests can cause SQL injections resulting in data compromise. The searchfield parameter can be used to perform an SQL injection attack. An attacker can use a browser to trigger these vulnerabilities, and no special tools are required. | |||||
| CVE-2018-3883 | 1 Erpnext | 1 Erpnext | 2023-02-02 | 6.5 MEDIUM | 8.8 HIGH |
| An exploitable SQL injection vulnerability exists in the authenticated part of ERPNext v10.1.6. Specially crafted web requests can cause SQL injections resulting in data compromise. The employee and sort_order parameter can be used to perform an SQL injection attack. An attacker can use a browser to trigger these vulnerabilities, and no special tools are required. | |||||
| CVE-2019-19649 | 1 Zohocorp | 1 Manageengine Applications Manager | 2023-02-01 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine Applications Manager before 13620 allows a remote unauthenticated SQL injection via the SyncEventServlet eventid parameter to the SyncEventServlet.java doGet function. | |||||
| CVE-2020-22452 | 1 Phpmyadmin | 1 Phpmyadmin | 2023-02-01 | N/A | 9.8 CRITICAL |
| SQL Injection vulnerability in function getTableCreationQuery in CreateAddField.php in phpMyAdmin 5.x before 5.2.0 via the tbl_storage_engine or tbl_collation parameters to tbl_create.php. | |||||
| CVE-2014-4984 | 1 Dejavuprotech | 1 Crescendo - Sales Crm | 2023-02-01 | 7.5 HIGH | 9.8 CRITICAL |
| Déjà Vu Crescendo Sales CRM has remote SQL Injection | |||||
| CVE-2023-0515 | 1 Online Tours \& Travels Management System Project | 1 Online Tours \& Travels Management System | 2023-02-01 | N/A | 7.2 HIGH |
| A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0 and classified as critical. This issue affects some unknown processing of the file admin/forget_password.php of the component Parameter Handler. The manipulation of the argument email leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-219335. | |||||
| CVE-2023-0516 | 1 Online Tours \& Travels Management System Project | 1 Online Tours \& Travels Management System | 2023-02-01 | N/A | 7.2 HIGH |
| A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0. It has been classified as critical. Affected is an unknown function of the file user/forget_password.php of the component Parameter Handler. The manipulation of the argument email leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-219336. | |||||
| CVE-2022-44297 | 1 Sscms | 1 Siteserver Cms | 2023-02-01 | N/A | 9.8 CRITICAL |
| SiteServer CMS 7.1.3 has a SQL injection vulnerability the background. | |||||
| CVE-2022-3710 | 1 Sophos | 2 Xg Firewall, Xg Firewall Firmware | 2023-02-01 | N/A | 2.7 LOW |
| A post-auth read-only SQL injection vulnerability allows API clients to read non-sensitive configuration database contents in the API controller of Sophos Firewall releases older than version 19.5 GA. | |||||
| CVE-2022-45820 | 1 Thimpress | 1 Learnpress | 2023-02-01 | N/A | 8.8 HIGH |
| SQL Injection (SQLi) vulnerability in LearnPress – WordPress LMS Plugin <= 4.1.7.3.2 versions. | |||||
| CVE-2022-45808 | 1 Thimpress | 1 Learnpress | 2023-02-01 | N/A | 9.8 CRITICAL |
| SQL Injection vulnerability in LearnPress – WordPress LMS Plugin <= 4.1.7.3.2 versions. | |||||
| CVE-2022-46999 | 1 Tuzicms | 1 Tuzicms | 2023-02-01 | N/A | 9.8 CRITICAL |
| Tuzicms v2.0.6 was discovered to contain a SQL injection vulnerability via the component \App\Manage\Controller\UserController.class.php. | |||||
| CVE-2023-23824 | 1 Wp Topbar Project | 1 Wp Topbar | 2023-02-01 | N/A | 8.8 HIGH |
| Auth. SQL Injection (SQLi) vulnerability in WP-TopBar <= 5.36 versions. | |||||
| CVE-2023-23331 | 1 Amano | 1 Xoffice | 2023-02-01 | N/A | 9.8 CRITICAL |
| Amano Xoffice parking solutions 7.1.3879 is vulnerable to SQL Injection. | |||||
| CVE-2023-20010 | 1 Cisco | 1 Unified Communications Manager | 2023-01-31 | N/A | 8.8 HIGH |
| A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability exists because the web-based management interface inadequately validates user input. An attacker could exploit this vulnerability by authenticating to the application as a low-privileged user and sending crafted SQL queries to an affected system. A successful exploit could allow the attacker to read or modify any data on the underlying database or elevate their privileges. | |||||
| CVE-2020-26935 | 4 Debian, Fedoraproject, Opensuse and 1 more | 5 Debian Linux, Fedora, Backports Sle and 2 more | 2023-01-31 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in SearchController in phpMyAdmin before 4.9.6 and 5.x before 5.0.3. A SQL injection vulnerability was discovered in how phpMyAdmin processes SQL statements in the search feature. An attacker could use this flaw to inject malicious SQL in to a query. | |||||
| CVE-2019-20361 | 1 Icegram | 1 Email Subscribers \& Newsletters | 2023-01-31 | 7.5 HIGH | 9.8 CRITICAL |
| There was a flaw in the WordPress plugin, Email Subscribers & Newsletters before 4.3.1, that allowed SQL statements to be passed to the database in the hash parameter (a blind SQL injection vulnerability). | |||||
| CVE-2014-5109 | 1 Netfortris | 1 Trixbox | 2023-01-31 | 7.5 HIGH | N/A |
| SQL injection vulnerability in maint/modules/endpointcfg/endpoint_generic.php in Fonality trixbox allows remote attackers to execute arbitrary SQL commands via the mac parameter in a Submit action. | |||||
| CVE-2010-0702 | 1 Netfortris | 1 Trixbox | 2023-01-31 | 7.5 HIGH | N/A |
| SQL injection vulnerability in cisco/services/PhonecDirectory.php in Fonality Trixbox 2.2.4 allows remote attackers to execute arbitrary SQL commands via the ID parameter. | |||||