ReportizFlow
Filtered by vendor
Subscriptions
Total
16485 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-40933 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 8.8 High |
| A SQL injection vulnerability in Nagios XI v5.11.1 and below allows authenticated attackers with announcement banner configuration privileges to execute arbitrary SQL commands via the ID parameter sent to the update_banner_message() function. | ||||
| CVE-2023-40931 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 6.5 Medium |
| A SQL injection vulnerability in Nagios XI from version 5.11.0 up to and including 5.11.1 allows authenticated attackers to execute arbitrary SQL commands via the ID parameter in the POST request to /nagiosxi/admin/banner_message-ajaxhelper.php | ||||
| CVE-2023-40923 | 1 Myprestamodules | 1 Orders \(csv\, Excel\) Export | 2024-11-21 | 8.8 High |
| MyPrestaModules ordersexport before v5.0 was discovered to contain multiple SQL injection vulnerabilities at send.php via the key and save_setting parameters. | ||||
| CVE-2023-40922 | 1 Kerawen | 1 Kerawen | 2024-11-21 | 9.8 Critical |
| kerawen before v2.5.1 was discovered to contain a SQL injection vulnerability via the ocs_id_cart parameter at KerawenDeliveryModuleFrontController::initContent(). | ||||
| CVE-2023-40921 | 1 Common-services | 1 Soliberte | 2024-11-21 | 9.8 Critical |
| SQL Injection vulnerability in functions/point_list.php in Common Services soliberte before v4.3.03 allows attackers to obtain sensitive information via the lat and lng parameters. | ||||
| CVE-2023-40920 | 1 Prixan | 1 Prixanconnect | 2024-11-21 | 9.8 Critical |
| Prixan prixanconnect up to v1.62 was discovered to contain a SQL injection vulnerability via the component CartsGuruCatalogModuleFrontController::importProducts(). | ||||
| CVE-2023-40852 | 1 User Registration \& Login And User Management System With Admin Panel Project | 1 User Registration \& Login And User Management System With Admin Panel | 2024-11-21 | 9.8 Critical |
| SQL Injection vulnerability in Phpgurukul User Registration & Login and User Management System With admin panel 3.0 allows attackers to obtain sensitive information via crafted string in the admin user name field on the admin log in page. | ||||
| CVE-2023-40787 | 1 Bladex | 1 Springblade | 2024-11-21 | 9.8 Critical |
| In SpringBlade V3.6.0 when executing SQL query, the parameters submitted by the user are not wrapped in quotation marks, which leads to SQL injection. | ||||
| CVE-2023-40771 | 1 Dataease | 1 Dataease | 2024-11-21 | 7.5 High |
| SQL injection vulnerability in DataEase v.1.18.9 allows a remote attacker to obtain sensitive information via a crafted string outside of the blacklist function. | ||||
| CVE-2023-40749 | 1 Phpjabbers | 1 Food Delivery Script | 2024-11-21 | 9.8 Critical |
| PHPJabbers Food Delivery Script v3.0 is vulnerable to SQL Injection in the "column" parameter of index.php. | ||||
| CVE-2023-40748 | 1 Phpjabbers | 1 Food Delivery Script | 2024-11-21 | 9.8 Critical |
| PHPJabbers Food Delivery Script 3.0 has a SQL injection (SQLi) vulnerability in the "q" parameter of index.php. | ||||
| CVE-2023-40629 | 1 King-products | 1 Lms King Lite | 2024-11-21 | 9.8 Critical |
| SQLi vulnerability in LMS Lite component for Joomla. | ||||
| CVE-2023-40609 | 1 Rocklobster | 1 Contact Form 7 Custom Validation | 2024-11-21 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Aiyaz, maheshpatel Contact form 7 Custom validation allows SQL Injection.This issue affects Contact form 7 Custom validation: from n/a through 1.1.3. | ||||
| CVE-2023-40254 | 1 Genians | 2 Genian Nac, Genian Ztna | 2024-11-21 | 7.5 High |
| Download of Code Without Integrity Check vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Malicious Software Update.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15. | ||||
| CVE-2023-40215 | 1 Superwhite | 1 Demon Image Annotation | 2024-11-21 | 7.2 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Demonisblack demon image annotation allows SQL Injection.This issue affects demon image annotation: from n/a through 5.1. | ||||
| CVE-2023-40207 | 1 Rednao | 1 Donations Made Easy - Smart Donations | 2024-11-21 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RedNao Donations Made Easy – Smart Donations allows SQL Injection.This issue affects Donations Made Easy – Smart Donations: from n/a through 4.0.12. | ||||
| CVE-2023-40056 | 1 Solarwinds | 1 Solarwinds Platform | 2024-11-21 | 8 High |
| SQL Injection Remote Code Vulnerability was found in the SolarWinds Platform. This vulnerability can be exploited with a low privileged account. | ||||
| CVE-2023-40046 | 1 Progress | 1 Ws Ftp Server | 2024-11-21 | 8.2 High |
| In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a SQL injection vulnerability exists in the WS_FTP Server manager interface. An attacker may be able to infer information about the structure and contents of the database and execute SQL statements that alter or delete database elements. | ||||
| CVE-2023-3985 | 1 Online Jewelry Store Project | 1 Online Jewelry Store | 2024-11-21 | 7.3 High |
| A vulnerability has been found in SourceCodester Online Jewelry Store 1.0 and classified as critical. This vulnerability affects unknown code of the file login.php. The manipulation of the argument username/password leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-235606 is the identifier assigned to this vulnerability. | ||||
| CVE-2023-3983 | 1 Advantech | 1 Iview | 2024-11-21 | 8.8 High |
| An authenticated SQL injection vulnerability exists in Advantech iView versions prior to v5.7.4 build 6752. An authenticated remote attacker can bypass checks in com.imc.iview.utils.CUtils.checkSQLInjection() to perform blind SQL injection. | ||||