Total
9311 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-27213 | 1 Online Student Management System Project | 1 Online Student Management System | 2023-03-12 | N/A | 9.8 CRITICAL |
| Online Student Management System v1.0 was discovered to contain a SQL injection vulnerability via the searchdata parameter at /eduauth/student/search.php. | |||||
| CVE-2023-27214 | 1 Online Student Management System Project | 1 Online Student Management System | 2023-03-12 | N/A | 9.8 CRITICAL |
| Online Student Management System v1.0 was discovered to contain multiple SQL injection vulnerabilities via the fromdate and todate parameters at /eduauth/student/between-date-reprtsdetails.php. | |||||
| CVE-2023-27205 | 1 Best Pos Management System Project | 1 Best Pos Management System | 2023-03-12 | N/A | 9.8 CRITICAL |
| Best POS Management System 1.0 was discovered to contain a SQL injection vulnerability via the month parameter at /kruxton/sales_report.php. | |||||
| CVE-2023-27207 | 1 Online Pizza Ordering System Project | 1 Online Pizza Ordering System | 2023-03-12 | N/A | 9.8 CRITICAL |
| Online Pizza Ordering System 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/manage_user.php. | |||||
| CVE-2023-27204 | 1 Best Pos Management System Project | 1 Best Pos Management System | 2023-03-12 | N/A | 9.8 CRITICAL |
| Best POS Management System 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /kruxton/manage_user.php. | |||||
| CVE-2023-27203 | 1 Best Pos Management System Project | 1 Best Pos Management System | 2023-03-12 | N/A | 9.8 CRITICAL |
| Best POS Management System 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /billing/home.php. | |||||
| CVE-2023-27202 | 1 Best Pos Management System Project | 1 Best Pos Management System | 2023-03-12 | N/A | 9.8 CRITICAL |
| Best POS Management System 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /kruxton/receipt.php. | |||||
| CVE-2023-24763 | 1 Prestashop | 1 Xen Forum | 2023-03-10 | N/A | 8.8 HIGH |
| In the module "Xen Forum" (xenforum) for PrestaShop, an authenticated user can perform SQL injection in versions up to 2.13.0. | |||||
| CVE-2023-24789 | 1 Jeecg | 1 Jeecg | 2023-03-10 | N/A | 8.8 HIGH |
| jeecg-boot v3.4.4 was discovered to contain an authenticated SQL injection vulnerability via the building block report component. | |||||
| CVE-2023-1211 | 1 Phpipam | 1 Phpipam | 2023-03-10 | N/A | 7.2 HIGH |
| SQL Injection in GitHub repository phpipam/phpipam prior to v1.5.2. | |||||
| CVE-2023-1165 | 1 Crmeb | 1 Crmeb | 2023-03-10 | N/A | 7.2 HIGH |
| A vulnerability was found in Zhong Bang CRMEB Java 1.3.4. It has been classified as critical. This affects an unknown part of the file /api/admin/system/store/order/list. The manipulation of the argument keywords leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-222261 was assigned to this vulnerability. | |||||
| CVE-2022-46501 | 1 Accruent | 1 Maintenance Connection | 2023-03-10 | N/A | 9.8 CRITICAL |
| Accruent LLC Maintenance Connection 2021 (all) & 2022.2 was discovered to contain a SQL injection vulnerability via the E-Mail to Work Order function. | |||||
| CVE-2023-1130 | 1 Computer Parts Sales And Inventory System Project | 1 Computer Parts Sales And Inventory System | 2023-03-10 | N/A | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, was found in SourceCodester Computer Parts Sales and Inventory System 1.0. This affects an unknown part of the file processlogin. The manipulation of the argument user leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-222105 was assigned to this vulnerability. | |||||
| CVE-2023-1151 | 1 Electronic Medical Records System Project | 1 Electronic Medical Records System | 2023-03-10 | N/A | 9.8 CRITICAL |
| A vulnerability was found in SourceCodester Electronic Medical Records System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file administrator.php of the component Cookie Handler. The manipulation of the argument userid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222163. | |||||
| CVE-2023-0953 | 1 Devolutions | 1 Devolutions Server | 2023-03-10 | N/A | 8.8 HIGH |
| Insufficient input sanitization in the documentation feature of Devolutions Server 2022.3.12 and earlier allows an authenticated attacker to perform an SQL Injection, potentially resulting in unauthorized access to system resources. | |||||
| CVE-2023-26780 | 1 Yf-exam Project | 1 Yf-exam | 2023-03-09 | N/A | 9.8 CRITICAL |
| CleverStupidDog yf-exam v 1.8.0 is vulnerable to SQL Injection. | |||||
| CVE-2021-3854 | 1 Glox | 1 Useroam Hotspot | 2023-03-09 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Glox Technology Useroam Hotspot allows SQL Injection. This issue affects Useroam Hotspot: before 5.1.0.15. | |||||
| CVE-2023-23315 | 1 Stripe | 1 Stripe Payment Pro | 2023-03-09 | N/A | 9.8 CRITICAL |
| The PrestaShop e-commerce platform module stripejs contains a Blind SQL injection vulnerability up to version 4.5.5. The method `stripejsValidationModuleFrontController::initContent()` has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection. | |||||
| CVE-2023-24642 | 1 Judging Management System Project | 1 Judging Management System | 2023-03-09 | N/A | 9.8 CRITICAL |
| Judging Management System v1.0 was discovered to contain a SQL injection vulnerability via the sid parameter at /php-jms/updateTxtview.php. | |||||
| CVE-2023-24641 | 1 Judging Management System Project | 1 Judging Management System | 2023-03-09 | N/A | 9.8 CRITICAL |
| Judging Management System v1.0 was discovered to contain a SQL injection vulnerability via the sid parameter at /php-jms/updateview.php. | |||||