Total
9311 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-10001 | 1 Phoenixcf Project | 1 Phoenixcf | 2023-01-27 | N/A | 9.8 CRITICAL |
| A vulnerability was found in iamdroppy phoenixcf. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file content/2-Community/articles.cfm. The manipulation leads to sql injection. The name of the patch is d156faf8bc36cd49c3b10d3697ef14167ad451d8. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218491. | |||||
| CVE-2023-23492 | 1 Login With Phone Number Project | 1 Login With Phone Number | 2023-01-27 | N/A | 8.8 HIGH |
| The Login with Phone Number WordPress Plugin, version < 1.4.2, is affected by an authenticated SQL injection vulnerability in the 'ID' parameter of its 'lwp_forgot_password' action. | |||||
| CVE-2021-26644 | 2 Mangboard, Microsoft | 2 Mangboard Wp, Windows | 2023-01-27 | N/A | 9.8 CRITICAL |
| SQL-Injection vulnerability caused by the lack of verification of input values for the table name of DB used by the Mangboard bulletin board. A remote attacker can use this vulnerability to execute arbitrary code on the server where the bulletin board is running. | |||||
| CVE-2022-48152 | 1 Remoteclinic | 1 Remote Clinic | 2023-01-27 | N/A | 9.8 CRITICAL |
| SQL Injection vulnerability in RemoteClinic 2.0 allows attackers to execute arbitrary commands and gain sensitive information via the id parameter to /medicines/profile.php. | |||||
| CVE-2022-48120 | 1 Hospital Management System Project | 1 Hospital Management System | 2023-01-27 | N/A | 9.8 CRITICAL |
| SQL Injection vulnerability in kishan0725 Hospital Management System thru commit 4770d740f2512693ef8fd9aa10a8d17f79fad9bd (on March 13, 2021), allows attackers to execute arbitrary commands via the contact and doctor parameters to /search.php. | |||||
| CVE-2023-23490 | 1 Ays-pro | 1 Survey Maker | 2023-01-26 | N/A | 8.8 HIGH |
| The Survey Maker WordPress Plugin, version < 3.1.2, is affected by an authenticated SQL injection vulnerability in the 'surveys_ids' parameter of its 'ays_surveys_export_json' action. | |||||
| CVE-2023-23488 | 1 Strangerstudios | 1 Paid Memberships Pro | 2023-01-26 | N/A | 9.8 CRITICAL |
| The Paid Memberships Pro WordPress Plugin, version < 2.9.8, is affected by an unauthenticated SQL injection vulnerability in the 'code' parameter of the '/pmpro/v1/order' REST route. | |||||
| CVE-2020-21152 | 1 Inxedu | 1 Inxedu | 2023-01-26 | N/A | 9.8 CRITICAL |
| SQL Injection vulnerability in inxedu 2.0.6 allows attackers to execute arbitrary commands via the functionIds parameter to /saverolefunction. | |||||
| CVE-2020-29297 | 1 Online Food Ordering System Project | 1 Online Food Ordering System | 2023-01-26 | N/A | 9.8 CRITICAL |
| Multiple SQL Injection vulnerabilies in tourist5 Online-food-ordering-system 1.0. | |||||
| CVE-2022-47105 | 1 Jeecg | 1 Jeecg Boot | 2023-01-26 | N/A | 9.8 CRITICAL |
| Jeecg-boot v3.4.4 was discovered to contain a SQL injection vulnerability via the component /sys/dict/queryTableData. | |||||
| CVE-2022-47740 | 1 Seltmann-webdesign | 1 Content Management System | 2023-01-26 | N/A | 9.8 CRITICAL |
| Seltmann GmbH Content Management System 6 is vulnerable to SQL Injection via /index.php. | |||||
| CVE-2022-47745 | 1 Easycorp | 1 Zentao | 2023-01-26 | N/A | 8.8 HIGH |
| ZenTao 16.4 to 18.0.beta1 is vulnerable to SQL injection. After logging in with any user, you can complete SQL injection by constructing a special request and sending it to function importNotice. | |||||
| CVE-2014-125083 | 1 Anant | 1 Google-enterprise-connector-dctm | 2023-01-25 | N/A | 9.8 CRITICAL |
| A vulnerability has been found in Anant Labs google-enterprise-connector-dctm up to 3.2.3 and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation of the argument username/domain leads to sql injection. The name of the patch is 6fba04f18ab7764002a1da308e7cd9712b501cb7. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218911. | |||||
| CVE-2015-10069 | 1 Cash-machine Project | 1 Cash-machine | 2023-01-25 | N/A | 9.8 CRITICAL |
| A vulnerability was found in viakondratiuk cash-machine. It has been declared as critical. This vulnerability affects the function is_card_pin_at_session/update_failed_attempts of the file machine.py. The manipulation leads to sql injection. The name of the patch is 62a6e24efdfa195b70d7df140d8287fdc38eb66d. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-218896. | |||||
| CVE-2010-10009 | 1 Ptome Project | 1 Ptome | 2023-01-25 | N/A | 9.8 CRITICAL |
| A vulnerability was found in frioux ptome. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to sql injection. The name of the patch is 26829bba67858ca0bd4ce49ad50e7ce653914276. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218519. | |||||
| CVE-2017-20173 | 1 Contentmap Project | 1 Contentmap | 2023-01-25 | N/A | 9.8 CRITICAL |
| A vulnerability was found in AlexRed contentmap. It has been rated as critical. Affected by this issue is the function Load of the file contentmap.php. The manipulation of the argument contentid leads to sql injection. The name of the patch is dd265d23ff4abac97422835002c6a47f45ae2a66. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-218492. | |||||
| CVE-2022-46887 | 1 Nexusphp | 1 Nexusphp | 2023-01-25 | N/A | 9.8 CRITICAL |
| Multiple SQL injection vulnerabilities in NexusPHP before 1.7.33 allow remote attackers to execute arbitrary SQL commands via the conuser[] parameter in takeconfirm.php; the delcheater parameter in cheaterbox.php; or the usernw parameter in nowarn.php. | |||||
| CVE-2020-35326 | 1 Inxedu | 1 Inxedu | 2023-01-25 | N/A | 9.8 CRITICAL |
| SQL Injection vulnerability in file /inxedu/demo_inxedu_open/src/main/resources/mybatis/inxedu/website/WebsiteImagesMapper.xml in inxedu 2.0.6 via the id value. | |||||
| CVE-2017-20172 | 1 Soundslike Project | 1 Soundslike | 2023-01-25 | N/A | 9.8 CRITICAL |
| A vulnerability was found in ridhoq soundslike. It has been classified as critical. Affected is the function get_song_relations of the file app/api/songs.py. The manipulation leads to sql injection. The name of the patch is 90bb4fb667d9253d497b619b9adaac83bf0ce0f8. It is recommended to apply a patch to fix this issue. VDB-218490 is the identifier assigned to this vulnerability. | |||||
| CVE-2012-10006 | 1 Sigeprosi Project | 1 Sigeprosi | 2023-01-25 | N/A | 9.8 CRITICAL |
| A vulnerability classified as critical has been found in ale7714 sigeprosi. This affects an unknown part. The manipulation leads to sql injection. The name of the patch is 5291886f6c992316407c376145d331169c55f25b. It is recommended to apply a patch to fix this issue. The identifier VDB-218493 was assigned to this vulnerability. | |||||