Total
9311 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-10007 | 1 Click-reminder Project | 1 Click-reminder | 2023-01-25 | N/A | 9.8 CRITICAL |
| ** UNSUPPPORTED WHEN ASSIGNED **** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in lierdakil click-reminder. It has been rated as critical. This issue affects the function db_query of the file src/backend/include/BaseAction.php. The manipulation leads to sql injection. The name of the patch is 41213b660e8eb01b22c8074f06208f59a73ca8dc. It is recommended to apply a patch to fix this issue. The identifier VDB-218465 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2015-10068 | 1 Movify-j Project | 1 Movify-j | 2023-01-25 | N/A | 9.8 CRITICAL |
| A vulnerability classified as critical was found in danynab movify-j. This vulnerability affects the function getByMovieId of the file app/business/impl/ReviewServiceImpl.java. The manipulation of the argument movieId/username leads to sql injection. The name of the patch is c3085e01936a4d7eff1eda3093f25d56cc4d2ec5. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-218476. | |||||
| CVE-2015-10020 | 1 Cis450project Project | 1 Cis450project | 2023-01-25 | N/A | 9.8 CRITICAL |
| A vulnerability has been found in ssn2013 cis450Project and classified as critical. This vulnerability affects the function addUser of the file HeatMapServer/src/com/datformers/servlet/AddAppUser.java. The manipulation leads to sql injection. The name of the patch is 39b495011437a105c7670e17e071f99195b4922e. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-218380. | |||||
| CVE-2023-0305 | 1 Online Food Ordering System V2 Project | 1 Online Food Ordering System V2 | 2023-01-25 | N/A | 7.5 HIGH |
| A vulnerability classified as critical was found in SourceCodester Online Food Ordering System. This vulnerability affects unknown code of the file admin_class.php of the component Login Module. The manipulation of the argument username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-218386 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-0303 | 1 Online Food Ordering System V2 Project | 1 Online Food Ordering System V2 | 2023-01-25 | N/A | 7.5 HIGH |
| A vulnerability was found in SourceCodester Online Food Ordering System. It has been rated as critical. Affected by this issue is some unknown functionality of the file view_prod.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-218384. | |||||
| CVE-2023-0304 | 1 Online Food Ordering System V2 Project | 1 Online Food Ordering System V2 | 2023-01-25 | N/A | 7.5 HIGH |
| A vulnerability classified as critical has been found in SourceCodester Online Food Ordering System. This affects an unknown part of the file admin_class.php of the component Signup Module. The manipulation of the argument email leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-218385 was assigned to this vulnerability. | |||||
| CVE-2015-10066 | 1 Wuersch Project | 1 Wuersch | 2023-01-24 | N/A | 9.8 CRITICAL |
| A vulnerability was found in tynx wuersch and classified as critical. Affected by this issue is the function packValue/getByCustomQuery of the file backend/base/Store.class.php. The manipulation leads to sql injection. The name of the patch is 66d4718750a741d1053d327a79e285fd50372519. It is recommended to apply a patch to fix this issue. VDB-218462 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-22727 | 1 Cakephp | 1 Cakephp | 2023-01-24 | N/A | 9.8 CRITICAL |
| CakePHP is a development framework for PHP web apps. In affected versions the `Cake\Database\Query::limit()` and `Cake\Database\Query::offset()` methods are vulnerable to SQL injection if passed un-sanitized user request data. This issue has been fixed in 4.2.12, 4.3.11, 4.4.10. Users are advised to upgrade. Users unable to upgrade may mitigate this issue by using CakePHP's Pagination library. Manually validating or casting parameters to these methods will also mitigate the issue. | |||||
| CVE-2015-10056 | 1 Vinylmaps Project | 1 Vinylmaps | 2023-01-24 | N/A | 9.8 CRITICAL |
| A vulnerability was found in 2071174A vinylmap. It has been classified as critical. Affected is the function contact of the file recordstoreapp/views.py. The manipulation leads to sql injection. The name of the patch is b07b79a1e92cc62574ba0492cce000ef4a7bd25f. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-218400. | |||||
| CVE-2022-4447 | 1 Fontsy Project | 1 Fontsy | 2023-01-24 | N/A | 9.8 CRITICAL |
| The Fontsy WordPress plugin through 1.8.6 does not properly sanitize and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection. | |||||
| CVE-2015-10064 | 1 Pokemon-database-php Project | 1 Pokemon-database-php | 2023-01-24 | N/A | 9.8 CRITICAL |
| A vulnerability was found in VictorFerraresi pokemon-database-php. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to sql injection. The name of the patch is dd0e1e6cdf648d6a3deff441f515bcb1d7573d68. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218455. | |||||
| CVE-2014-125082 | 1 Redports Project | 1 Redports | 2023-01-24 | N/A | 9.8 CRITICAL |
| A vulnerability was found in nivit redports. It has been declared as critical. This vulnerability affects unknown code of the file redports-trac/redports/model.py. The manipulation leads to sql injection. The name of the patch is fc2c1ea1b8d795094abb15ac73cab90830534e04. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-218464. | |||||
| CVE-2015-10055 | 1 Picturethiswebserver Project | 1 Picturethiswebserver | 2023-01-24 | N/A | 9.8 CRITICAL |
| A vulnerability was found in PictureThisWebServer and classified as critical. This issue affects the function router.post of the file routes/user.js. The manipulation of the argument username/password leads to sql injection. The name of the patch is 68b9dc346e88b494df00d88c7d058e96820e1479. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218399. | |||||
| CVE-2017-20171 | 1 Apersistence Project | 1 Apersistence | 2023-01-24 | N/A | 9.8 CRITICAL |
| A vulnerability classified as critical has been found in PrivateSky apersistence. This affects an unknown part of the file db/sql/mysqlUtils.js. The manipulation leads to sql injection. The name of the patch is 954425f61634b556fe644837a592a5b8fcfca068. It is recommended to apply a patch to fix this issue. The identifier VDB-218457 was assigned to this vulnerability. | |||||
| CVE-2014-125081 | 1 Debutsav Project | 1 Debutsav | 2023-01-24 | N/A | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, has been found in risheesh debutsav. This issue affects some unknown processing. The manipulation leads to sql injection. The name of the patch is 7a8430df79277c613449262201cc792db894fc76. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218459. | |||||
| CVE-2015-10054 | 1 P2manage Project | 1 P2manage | 2023-01-24 | N/A | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, was found in githuis P2Manage. This affects the function Execute of the file PTwoManage/Database.cs. The manipulation of the argument sql leads to sql injection. The name of the patch is 717380aba80002414f82d93c770035198b7858cc. It is recommended to apply a patch to fix this issue. The identifier VDB-218397 was assigned to this vulnerability. | |||||
| CVE-2022-4547 | 1 Thedotstore | 1 Conditional Payment Methods For Woocommerce | 2023-01-24 | N/A | 7.2 HIGH |
| The Conditional Payment Methods for WooCommerce WordPress plugin through 1.0 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by [high privilege users such as admin|users with a role as low as admin. | |||||
| CVE-2023-0332 | 1 Online Food Ordering System Project | 1 Online Food Ordering System | 2023-01-24 | N/A | 9.8 CRITICAL |
| A vulnerability was found in SourceCodester Online Food Ordering System 2.0. It has been classified as critical. Affected is an unknown function of the file admin/manage_user.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-218472. | |||||
| CVE-2022-43462 | 1 Ip Blacklist Cloud Project | 1 Ip Blacklist Cloud | 2023-01-24 | N/A | 7.2 HIGH |
| Auth. SQL Injection (SQLi) vulnerability in Adeel Ahmed's IP Blacklist Cloud plugin <= 5.00 versions. | |||||
| CVE-2015-10060 | 1 Mnbikeways Database Project | 1 Mnbikeways Database | 2023-01-24 | N/A | 9.8 CRITICAL |
| A vulnerability was found in MNBikeways database and classified as critical. This issue affects some unknown processing of the file Data/views.py. The manipulation of the argument id1/id2 leads to sql injection. The name of the patch is 829a027aca7c17f5a7ec1addca8dd5d5542f86ac. It is recommended to apply a patch to fix this issue. The identifier VDB-218417 was assigned to this vulnerability. | |||||