ReportizFlow
Filtered by vendor
Subscriptions
Total
16464 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-31753 | 1 Endonesia | 1 Endonesia | 2024-11-21 | 9.8 Critical |
| SQL injection vulnerability in diskusi.php in eNdonesia 8.7, allows an attacker to execute arbitrary SQL commands via the "rid=" parameter. | ||||
| CVE-2023-31719 | 1 Frangoteam | 1 Fuxa | 2024-11-21 | 9.8 Critical |
| FUXA <= 1.1.12 is vulnerable to SQL Injection via /api/signin. | ||||
| CVE-2023-31717 | 1 Frangoteam | 1 Fuxa | 2024-11-21 | 7.5 High |
| A SQL Injection attack in FUXA <= 1.1.12 allows exfiltration of confidential information from the database. | ||||
| CVE-2023-31714 | 1 Waqaskanju | 1 Chitor-cms | 2024-11-21 | 9.8 Critical |
| Chitor-CMS before v1.1.2 was discovered to contain multiple SQL injection vulnerabilities. | ||||
| CVE-2023-31212 | 1 Crmperks | 1 Database For Contact Form 7\, Wpforms\, Elementor Forms | 2024-11-21 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CRM Perks Database for Contact Form 7, WPforms, Elementor forms contact-form-entries allows SQL Injection.This issue affects Database for Contact Form 7, WPforms, Elementor forms: from n/a through 1.3.0. | ||||
| CVE-2023-31171 | 1 Selinc | 1 Sel-5030 Acselerator Quickset | 2024-11-21 | 5.9 Medium |
| An Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in the Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software could allow an attacker to embed instructions that could be executed by an authorized device operator. See Instruction Manual Appendix A and Appendix E dated 20230615 for more details. This issue affects SEL-5030 acSELerator QuickSet Software: through 7.1.3.0. | ||||
| CVE-2023-31092 | 1 Foxskav | 1 Easy Bet | 2024-11-21 | 5.5 Medium |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Foxskav Easy Bet.This issue affects Easy Bet: from n/a through 1.0.2. | ||||
| CVE-2023-31038 | 1 Apache | 1 Log4cxx | 2024-11-21 | 8.8 High |
| SQL injection in Log4cxx when using the ODBC appender to send log messages to a database. No fields sent to the database were properly escaped for SQL injection. This has been the case since at least version 0.9.0(released 2003-08-06) Note that Log4cxx is a C++ framework, so only C++ applications are affected. Before version 1.1.0, the ODBC appender was automatically part of Log4cxx if the library was found when compiling the library. As of version 1.1.0, this must be both explicitly enabled in order to be compiled in. Three preconditions must be met for this vulnerability to be possible: 1. Log4cxx compiled with ODBC support(before version 1.1.0, this was auto-detected at compile time) 2. ODBCAppender enabled for logging messages to, generally done via a config file 3. User input is logged at some point. If your application does not have user input, it is unlikely to be affected. Users are recommended to upgrade to version 1.1.0 which properly binds the parameters to the SQL statement, or migrate to the new DBAppender class which supports an ODBC connection in addition to other databases. Note that this fix does require a configuration file update, as the old configuration files will not configure properly. An example is shown below, and more information may be found in the Log4cxx documentation on the ODBCAppender. Example of old configuration snippet: <appender name="SqlODBCAppender" class="ODBCAppender"> <param name="sql" value="INSERT INTO logs (message) VALUES ('%m')" /> ... other params here ... </appender> The migrated configuration snippet with new ColumnMapping parameters: <appender name="SqlODBCAppender" class="ODBCAppender"> <param name="sql" value="INSERT INTO logs (message) VALUES (?)" /> <param name="ColumnMapping" value="message"/> ... other params here ... </appender> | ||||
| CVE-2023-30944 | 2 Fedoraproject, Moodle | 3 Extra Packages For Enterprise Linux, Fedora, Moodle | 2024-11-21 | 5.6 Medium |
| The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in external Wiki method for listing pages. A remote attacker can send a specially crafted request to the affected application and execute limited SQL commands within the application database. | ||||
| CVE-2023-30867 | 1 Apache | 1 Streampark | 2024-11-21 | 4.9 Medium |
| In the Streampark platform, when users log in to the system and use certain features, some pages provide a name-based fuzzy search, such as job names, role names, etc. The sql syntax :select * from table where jobName like '%jobName%'. However, the jobName field may receive illegal parameters, leading to SQL injection. This could potentially result in information leakage. Mitigation: Users are recommended to upgrade to version 2.1.2, which fixes the issue. | ||||
| CVE-2023-30750 | 1 Cminds | 1 Cm Popup | 2024-11-21 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CreativeMindsSolutions CM Popup Plugin for WordPress.This issue affects CM Popup Plugin for WordPress: from n/a through 1.5.10. | ||||
| CVE-2023-30495 | 1 Themefic | 1 Ultimate Addons For Contact Form 7 | 2024-11-21 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themefic Ultimate Addons for Contact Form 7.This issue affects Ultimate Addons for Contact Form 7: from n/a through 3.1.23. | ||||
| CVE-2023-30415 | 1 Oretnom23 | 1 Packers And Movers Management System | 2024-11-21 | 9.8 Critical |
| Sourcecodester Packers and Movers Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /inquiries/view_inquiry.php. | ||||
| CVE-2023-30325 | 1 Chatengine Project | 1 Chatengine | 2024-11-21 | 7.5 High |
| SQL Injection vulnerability in textMessage parameter in /src/chatbotapp/chatWindow.java in wliang6 ChatEngine v.1.0, allows attackers to gain sensitive information. | ||||
| CVE-2023-30323 | 1 Chatengine Project | 1 Chatengine | 2024-11-21 | 7.5 High |
| SQL Injection vulnerability in username field in /src/chatbotapp/chatWindow.java in Payatu ChatEngine v.1.0, allows attackers to gain sensitive information. | ||||
| CVE-2023-30154 | 1 Shoprunners | 1 Aftermail | 2024-11-21 | 9.8 Critical |
| Multiple improper neutralization of SQL parameters in module AfterMail (aftermailpresta) for PrestaShop, before version 2.2.1, allows remote attackers to perform SQL injection attacks via `id_customer`, `id_conf`, `id_product` and `token` parameters in `aftermailajax.php via the 'id_product' parameter in hooks DisplayRightColumnProduct and DisplayProductButtons. | ||||
| CVE-2023-30153 | 1 Prestashop | 1 Payplug | 2024-11-21 | 9.8 Critical |
| An SQL injection vulnerability in the Payplug (payplug) module for PrestaShop, in versions 3.6.0, 3.6.1, 3.6.2, 3.6.3, 3.7.0 and 3.7.1, allows remote attackers to execute arbitrary SQL commands via the ajax.php front controller. | ||||
| CVE-2023-30058 | 1 Xxyopen | 1 Novel-plus | 2024-11-21 | 9.8 Critical |
| novel-plus 3.6.2 is vulnerable to SQL Injection. | ||||
| CVE-2023-2963 | 1 Olivaekspertiz | 1 Oliva Ekspertiz | 2024-11-21 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Oliva Expertise Oliva Expertise EKS allows SQL Injection.This issue affects Oliva Expertise EKS: before 1.2. | ||||
| CVE-2023-2962 | 1 Faculty Evaluation System Project | 1 Faculty Evaluation System | 2024-11-21 | 4.7 Medium |
| A vulnerability, which was classified as critical, has been found in SourceCodester Faculty Evaluation System 1.0. Affected by this issue is some unknown functionality of the file index.php?page=edit_user. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-230150 is the identifier assigned to this vulnerability. | ||||