ReportizFlow
Filtered by vendor
Subscriptions
Total
16485 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-42405 | 1 Fit2cloud | 1 Rackshift | 2024-11-21 | 9.8 Critical |
| SQL injection vulnerability in FIT2CLOUD RackShift v1.7.1 allows attackers to execute arbitrary code via the `sort` parameter to taskService.list(), bareMetalService.list(), and switchService.list(). | ||||
| CVE-2023-42359 | 1 Exam Form Submission In Php With Source Code Project | 1 Exam Form Submission In Php With Source Code | 2024-11-21 | 9.8 Critical |
| SQL injection vulnerability in Exam Form Submission in PHP with Source Code v.1.0 allows a remote attacker to escalate privileges via the val-username parameter in /index.php. | ||||
| CVE-2023-42284 | 1 Tyk | 1 Tyk | 2024-11-21 | 9.8 Critical |
| Blind SQL injection in api_version parameter in Tyk Gateway version 5.0.3 allows attacker to access and dump the database via a crafted SQL query. | ||||
| CVE-2023-42283 | 1 Tyk | 1 Tyk | 2024-11-21 | 9.8 Critical |
| Blind SQL injection in api_id parameter in Tyk Gateway version 5.0.3 allows attacker to access and dump the database via a crafted SQL query. | ||||
| CVE-2023-42279 | 1 Iteachyou | 1 Dreamer Cms | 2024-11-21 | 9.8 Critical |
| Dreamer CMS v4.1.3 was discovered to contain a SQL injection vulnerability via the model-form-management-field form. | ||||
| CVE-2023-42268 | 1 Jeecg | 1 Jeecg Boot | 2024-11-21 | 9.8 Critical |
| Jeecg boot up to v3.5.3 was discovered to contain a SQL injection vulnerability via the component /jeecg-boot/jmreport/show. | ||||
| CVE-2023-42178 | 1 Lenosp | 1 Lenosp | 2024-11-21 | 6.5 Medium |
| Lenosp 1.0.0-1.2.0 is vulnerable to SQL Injection via the log query module. | ||||
| CVE-2023-41891 | 1 Flyte | 1 Flyteadmin | 2024-11-21 | 3.5 Low |
| FlyteAdmin is the control plane for Flyte responsible for managing entities and administering workflow executions. Prior to version 1.1.124, list endpoints on FlyteAdmin have a SQL vulnerability where a malicious user can send a REST request with custom SQL statements as list filters. The attacker needs to have access to the FlyteAdmin installation, typically either behind a VPN or authentication. Version 1.1.124 contains a patch for this issue. | ||||
| CVE-2023-41887 | 1 Openrefine | 1 Openrefine | 2024-11-21 | 9.8 Critical |
| OpenRefine is a powerful free, open source tool for working with messy data. Prior to version 3.7.5, a remote code execution vulnerability allows any unauthenticated user to execute code on the server. Version 3.7.5 has a patch for this issue. | ||||
| CVE-2023-41886 | 1 Openrefine | 1 Openrefine | 2024-11-21 | 7.5 High |
| OpenRefine is a powerful free, open source tool for working with messy data. Prior to version 3.7.5, an arbitrary file read vulnerability allows any unauthenticated user to read a file on a server. Version 3.7.5 fixes this issue. | ||||
| CVE-2023-41685 | 1 Ilghera | 1 Woocommerce Support System | 2024-11-21 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ilGhera Woocommerce Support System allows SQL Injection.This issue affects Woocommerce Support System: from n/a through 1.2.1. | ||||
| CVE-2023-41652 | 1 Carrcommunications | 1 Rsvpmaker | 2024-11-21 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David F. Carr RSVPMaker rsvpmaker allows SQL Injection.This issue affects RSVPMaker: from n/a through 10.6.6. | ||||
| CVE-2023-41640 | 1 Grupposcai | 1 Realgimm | 2024-11-21 | 8.8 High |
| An improper error handling vulnerability in the component ErroreNonGestito.aspx of GruppoSCAI RealGimm 1.1.37p38 allows attackers to obtain sensitive technical information via a crafted SQL query. | ||||
| CVE-2023-41636 | 1 Grupposcai | 1 Realgimm | 2024-11-21 | 9.8 Critical |
| A SQL injection vulnerability in the Data Richiesta dal parameter of GruppoSCAI RealGimm v1.1.37p38 allows attackers to access the database and execute arbitrary commands via a crafted SQL query. | ||||
| CVE-2023-41623 | 1 Emlog | 1 Emlog | 2024-11-21 | 7.2 High |
| Emlog version pro2.1.14 was discovered to contain a SQL injection vulnerability via the uid parameter at /admin/media.php. | ||||
| CVE-2023-41615 | 1 Phpgurukul | 1 Zoo Management System | 2024-11-21 | 9.8 Critical |
| Zoo Management System v1.0 was discovered to contain multiple SQL injection vulnerabilities in the Admin sign-in page via the username and password fields. | ||||
| CVE-2023-41594 | 1 Phpgurukul | 1 Dairy Farm Shop Management System | 2024-11-21 | 7.5 High |
| Dairy Farm Shop Management System Using PHP and MySQL v1.1 was discovered to contain multiple SQL injection vulnerabilities in the Login function via the Username and Password parameters. | ||||
| CVE-2023-41543 | 1 Jeecg | 1 Jeecg Boot | 2024-11-21 | 9.8 Critical |
| SQL injection vulnerability in jeecg-boot v3.5.3, allows remote attackers to escalate privileges and obtain sensitive information via the component /sys/replicate/check. | ||||
| CVE-2023-41542 | 1 Jeecg | 1 Jeecg Boot | 2024-11-21 | 9.8 Critical |
| SQL injection vulnerability in jeecg-boot version 3.5.3, allows remote attackers to escalate privileges and obtain sensitive information via the jmreport/qurestSql component. | ||||
| CVE-2023-41539 | 1 Phpjabbers | 1 Business Directory Script | 2024-11-21 | 7.5 High |
| phpjabbers Business Directory Script 3.2 is vulnerable to SQL Injection via the column parameter. | ||||