ReportizFlow
Filtered by vendor
Subscriptions
Total
16484 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-38905 | 1 Jeecg | 1 Jeecg Boot | 2024-11-21 | 5.5 Medium |
| SQL injection vulnerability in Jeecg-boot v.3.5.0 and before allows a local attacker to cause a denial of service via the Benchmark, PG_Sleep, DBMS_Lock.Sleep, Waitfor, DECODE, and DBMS_PIPE.RECEIVE_MESSAGE functions. | ||||
| CVE-2023-38899 | 1 Berkaygediz | 1 O Blog | 2024-11-21 | 7.8 High |
| SQL injection vulnerability in berkaygediz O_Blog v.1.0 allows a local attacker to escalate privileges via the secure_file_priv component. | ||||
| CVE-2023-38891 | 1 Vtiger | 1 Vtiger Crm | 2024-11-21 | 8.8 High |
| SQL injection vulnerability in Vtiger CRM v.7.5.0 allows a remote authenticated attacker to escalate privileges via the getQueryColumnsList function in ReportRun.php. | ||||
| CVE-2023-38890 | 1 Phpgurukul | 1 Online Shopping Portal | 2024-11-21 | 8.8 High |
| Online Shopping Portal Project 3.1 allows remote attackers to execute arbitrary SQL commands/queries via the login form, leading to unauthorized access and potential data manipulation. This vulnerability arises due to insufficient validation of user-supplied input in the username field, enabling SQL Injection attacks. | ||||
| CVE-2023-38870 | 1 Economizzer | 1 Economizzer | 2024-11-21 | 9.8 Critical |
| A SQL injection vulnerability exists in gugoan Economizzer commit 3730880 (April 2023) and v.0.9-beta1. The cash book has a feature to list accomplishments by category, and the 'category_id' parameter is vulnerable to SQL Injection. | ||||
| CVE-2023-38839 | 1 Kidus | 1 Minimati | 2024-11-21 | 7.5 High |
| SQL injection vulnerability in Kidus Minimati v.1.0.0 allows a remote attacker to obtain sensitive information via theID parameter in the fulldelete.php component. | ||||
| CVE-2023-38838 | 1 Kiduswb | 1 Minimati | 2024-11-21 | 7.5 High |
| SQL injection vulnerability in Kidus Minimati v.1.0.0 allows a remote attacker to obtain sensitive information via the edit.php component. | ||||
| CVE-2023-38825 | 2024-11-21 | 9.8 Critical | ||
| SQL injection vulnerability in Vanderbilt REDCap before v.13.8.0 allows a remote attacker to obtain sensitive information via the password reset mechanism in MyCapMobileApp/update.php. | ||||
| CVE-2023-38773 | 1 Churchcrm | 1 Churchcrm | 2024-11-21 | 7.5 High |
| SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the volopp1 and volopp2 parameters within the /QueryView.php. | ||||
| CVE-2023-38771 | 1 Churchcrm | 1 Churchcrm | 2024-11-21 | 7.5 High |
| SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the volopp parameter within the /QueryView.php. | ||||
| CVE-2023-38770 | 1 Churchcrm | 1 Churchcrm | 2024-11-21 | 7.5 High |
| SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the group parameter within the /QueryView.php. | ||||
| CVE-2023-38769 | 1 Churchcrm | 1 Churchcrm | 2024-11-21 | 7.5 High |
| SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the searchstring and searchwhat parameters within the /QueryView.php. | ||||
| CVE-2023-38768 | 1 Churchcrm | 1 Churchcrm | 2024-11-21 | 7.5 High |
| SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the PropertyID parameter within the /QueryView.php. | ||||
| CVE-2023-38767 | 1 Churchcrm | 1 Churchcrm | 2024-11-21 | 7.5 High |
| SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the 'value' and 'custom' parameters within the /QueryView.php. | ||||
| CVE-2023-38765 | 1 Churchcrm | 1 Churchcrm | 2024-11-21 | 7.5 High |
| SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the membermonth parameter within the /QueryView.php. | ||||
| CVE-2023-38764 | 1 Churchcrm | 1 Churchcrm | 2024-11-21 | 7.5 High |
| SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the birthmonth and percls parameters within the /QueryView.php. | ||||
| CVE-2023-38763 | 1 Churchcrm | 1 Churchcrm | 2024-11-21 | 6.5 Medium |
| SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the FundRaiserID parameter within the /FundRaiserEditor.php endpoint. | ||||
| CVE-2023-38762 | 1 Churchcrm | 1 Churchcrm | 2024-11-21 | 7.5 High |
| SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the friendmonths parameter within the /QueryView.php. | ||||
| CVE-2023-38760 | 1 Churchcrm | 1 Churchcrm | 2024-11-21 | 7.5 High |
| SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the role and gender parameters within the /QueryView.php component. | ||||
| CVE-2023-38519 | 1 Mainwp | 1 Mainwp Dashboard | 2024-11-21 | 7.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in MainWP MainWP Dashboard – WordPress Manager for Multiple Websites Maintenance.This issue affects MainWP Dashboard – WordPress Manager for Multiple Websites Maintenance: from n/a through 4.4.3.3. | ||||