ReportizFlow
Filtered by vendor
Subscriptions
Total
18413 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-46358 | 1 Snegurka | 1 Referralbyphone | 2024-11-21 | 9.8 Critical |
| In the module "Referral and Affiliation Program" (referralbyphone) version 3.5.1 and before from Snegurka for PrestaShop, a guest can perform SQL injection. Method `ReferralByPhoneDefaultModuleFrontController::ajaxProcessCartRuleValidate` has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection. | ||||
| CVE-2023-46357 | 1 Myprestamodules | 1 Cross Selling In Modal Cart | 2024-11-21 | 9.8 Critical |
| In the module "Cross Selling in Modal Cart" (motivationsale) < 3.5.0 from MyPrestaModules for PrestaShop, a guest can perform SQL injection. The method `motivationsaleDataModel::getProductsByIds()` has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection. | ||||
| CVE-2023-46356 | 1 Blmodules | 1 Csv Feeds Pro | 2024-11-21 | 9.8 Critical |
| In the module "CSV Feeds PRO" (csvfeeds) before 2.6.1 from Bl Modules for PrestaShop, a guest can perform SQL injection. The method `SearchApiCsv::getProducts()` has sensitive SQL call that can be executed with a trivial http call and exploited to forge a SQL injection. | ||||
| CVE-2023-46348 | 1 Sunnytoo | 1 Sturls | 2024-11-21 | 9.8 Critical |
| SQL njection vulnerability in SunnyToo sturls before version 1.1.13, allows attackers to escalate privileges and obtain sensitive information via StUrls::hookActionDispatcher and StUrls::getInstanceId methods. | ||||
| CVE-2023-46347 | 1 Ndkdesign | 1 Ndk Steppingpack | 2024-11-21 | 9.8 Critical |
| In the module "Step by Step products Pack" (ndk_steppingpack) version 1.5.6 and before from NDK Design for PrestaShop, a guest can perform SQL injection. The method `NdkSpack::getPacks()` has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection. | ||||
| CVE-2023-46084 | 1 Bplugins | 1 Icons Font Loader | 2024-11-21 | 8.8 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in bPlugins LLC Icons Font Loader allows SQL Injection.This issue affects Icons Font Loader: from n/a through 1.1.2. | ||||
| CVE-2023-46025 | 1 Phpgurukul | 1 Teacher Subject Allocation Management System | 2024-11-21 | 4.9 Medium |
| SQL Injection vulnerability in teacher-info.php in phpgurukul Teacher Subject Allocation Management System 1.0 allows attackers to obtain sensitive information via the 'editid' parameter. | ||||
| CVE-2023-46024 | 1 Phpgurukul | 1 Teacher Subject Allocation Management System | 2024-11-21 | 7.5 High |
| SQL Injection vulnerability in index.php in phpgurukul Teacher Subject Allocation Management System 1.0 allows attackers to run arbitrary SQL commands and obtain sensitive information via the 'searchdata' parameter. | ||||
| CVE-2023-46023 | 1 Code-projects | 1 Simple Task List | 2024-11-21 | 6.5 Medium |
| SQL injection vulnerability in addTask.php in Code-Projects Simple Task List 1.0 allows attackers to obtain sensitive information via the 'status' parameter. | ||||
| CVE-2023-46022 | 1 Code-projects | 1 Blood Bank | 2024-11-21 | 7.8 High |
| SQL Injection vulnerability in delete.php in Code-Projects Blood Bank 1.0 allows attackers to run arbitrary SQL commands via the 'bid' parameter. | ||||
| CVE-2023-46021 | 1 Code-projects | 1 Blood Bank | 2024-11-21 | 5.5 Medium |
| SQL Injection vulnerability in cancel.php in Code-Projects Blood Bank 1.0 allows attackers to run arbitrary commands via the 'reqid' parameter. | ||||
| CVE-2023-46018 | 1 Code-projects | 1 Blood Bank | 2024-11-21 | 5.5 Medium |
| SQL injection vulnerability in receiverReg.php in Code-Projects Blood Bank 1.0 \allows attackers to run arbitrary SQL commands via 'remail' parameter. | ||||
| CVE-2023-46017 | 1 Code-projects | 1 Blood Bank | 2024-11-21 | 5.5 Medium |
| SQL Injection vulnerability in receiverLogin.php in Code-Projects Blood Bank 1.0 allows attackers to run arbitrary SQL commands via 'remail' and 'rpassword' parameters. | ||||
| CVE-2023-46014 | 1 Code-projects | 1 Blood Bank | 2024-11-21 | 5.5 Medium |
| SQL Injection vulnerability in hospitalLogin.php in Code-Projects Blood Bank 1.0 allows attackers to run arbitrary SQL commands via 'hemail' and 'hpassword' parameters. | ||||
| CVE-2023-46007 | 1 Mayurik | 1 Best Courier Management System | 2024-11-21 | 9.8 Critical |
| Sourcecodester Best Courier Management System 1.0 is vulnerable to SQL Injection via the parameter id in /edit_staff.php. | ||||
| CVE-2023-46006 | 1 Mayurik | 1 Best Courier Management System | 2024-11-21 | 9.8 Critical |
| Sourcecodester Best Courier Management System 1.0 is vulnerable to SQL Injection via the parameter id in /edit_user.php. | ||||
| CVE-2023-46005 | 1 Mayurik | 1 Best Courier Management System | 2024-11-21 | 9.8 Critical |
| Sourcecodester Best Courier Management System 1.0 is vulnerable to SQL Injection via the parameter id in /edit_branch.php. | ||||
| CVE-2023-45996 | 1 Slims | 2 Senayan Library Management System, Senayan Library Management System Bulian | 2024-11-21 | 8.8 High |
| SQL injection vulnerability in Senayan Library Management Systems Slims v.9 and Bulian v.9.6.1 allows a remote attacker to obtain sensitive information and execute arbitrary code via a crafted script to the reborrowLimit parameter in the member_type.php. | ||||
| CVE-2023-45951 | 1 Lylme | 1 Lylme Spage | 2024-11-21 | 9.8 Critical |
| lylme_spage v1.7.0 was discovered to contain a SQL injection vulnerability via the $userip parameter at function.php. | ||||
| CVE-2023-45830 | 1 Adaplugin | 1 Accessibility Suite By Online Ada | 2024-11-21 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Online ADA Accessibility Suite by Online ADA allows SQL Injection.This issue affects Accessibility Suite by Online ADA: from n/a through 4.12. | ||||