Export limit exceeded: 345239 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 18749 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (18749 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-27707 | 1 Dedecms | 1 Dedecms | 2025-02-26 | 7.2 High |
| SQL injection vulnerability found in DedeCMS v.5.7.106 allows a remote attacker to execute arbitrary code via the rank_* parameter in the /dede/group_store.php endpoint. | ||||
| CVE-2023-27569 | 1 Prestashop | 1 Eo Tags | 2025-02-26 | 9.8 Critical |
| The eo_tags package before 1.3.0 for PrestaShop allows SQL injection via an HTTP User-Agent or Referer header. | ||||
| CVE-2023-27250 | 1 Online Book Store Project Project | 1 Online Book Store Project | 2025-02-26 | 9.8 Critical |
| Online Book Store Project v1.0 is vulnerable to SQL Injection via /bookstore/bookPerPub.php. | ||||
| CVE-2023-1474 | 1 Automatic Question Paper Generator System Project | 1 Automatic Question Paper Generator System | 2025-02-26 | 6.3 Medium |
| A vulnerability classified as critical was found in SourceCodester Automatic Question Paper Generator System 1.0. This vulnerability affects unknown code of the file users/question_papers/manage_question_paper.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-223336. | ||||
| CVE-2024-3418 | 2 Argie, Sourcecodester | 2 Online Courseware, Online Courseware | 2025-02-26 | 6.3 Medium |
| A vulnerability, which was classified as critical, was found in SourceCodester Online Courseware 1.0. Affected is an unknown function of the file admin/deactivateteach.php. The manipulation of the argument selector leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-259590 is the identifier assigned to this vulnerability. | ||||
| CVE-2023-1545 | 1 Teampass | 1 Teampass | 2025-02-26 | 7.5 High |
| SQL Injection in GitHub repository nilsteampassnet/teampass prior to 3.0.0.23. | ||||
| CVE-2023-27570 | 1 Prestashop | 1 Eo Tags | 2025-02-26 | 9.8 Critical |
| The eo_tags package before 1.4.19 for PrestaShop allows SQL injection via a crafted _ga cookie. | ||||
| CVE-2023-1466 | 1 Oretnom23 | 1 Student Study Center Desk Management System | 2025-02-26 | 6.3 Medium |
| A vulnerability was found in SourceCodester Student Study Center Desk Management System 1.0. It has been rated as critical. This issue affects the function view_student of the file admin/?page=students/view_student. The manipulation of the argument id with the input 3' AND (SELECT 2100 FROM (SELECT(SLEEP(5)))FWlC) AND 'butz'='butz leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-223325 was assigned to this vulnerability. | ||||
| CVE-2023-1495 | 1 Ruifang-tech | 1 Rebuild | 2025-02-26 | 6.3 Medium |
| A vulnerability classified as critical was found in Rebuild up to 3.2.3. Affected by this vulnerability is the function queryListOfConfig of the file /admin/robot/approval/list. The manipulation of the argument q leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is c9474f84e5f376dd2ade2078e3039961a9425da7. It is recommended to apply a patch to fix this issue. The identifier VDB-223381 was assigned to this vulnerability. | ||||
| CVE-2023-1152 | 1 Utarit | 1 Persolus | 2025-02-26 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Utarit Information Technologies Persolus allows SQL Injection. This issue affects Persolus: before 2.03.93. | ||||
| CVE-2023-25684 | 1 Ibm | 1 Security Key Lifecycle Manager | 2025-02-26 | 6.5 Medium |
| IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 247597. | ||||
| CVE-2023-26784 | 1 Tosec | 1 Kirin Fortress Machine | 2025-02-26 | 9.8 Critical |
| SQL Injection vulnerability found in Kirin Fortress Machine v.1.7-2020-0610 allows attackers to execute arbitrary code via the /admin.php?controller=admin_commonuser parameter. | ||||
| CVE-2023-27037 | 1 Qibosoft | 1 Qibocms | 2025-02-26 | 8.8 High |
| Qibosoft QiboCMS v7 was discovered to contain a remote code execution (RCE) vulnerability via the Get_Title function at label_set_rs.php | ||||
| CVE-2023-27638 | 1 Tshirtecommerce | 1 Custom Product Designer | 2025-02-26 | 9.8 Critical |
| An issue was discovered in the tshirtecommerce (aka Custom Product Designer) component 2.1.4 for PrestaShop. An HTTP request can be forged with a compromised tshirtecommerce_design_cart_id GET parameter in order to exploit an insecure parameter in the functions hookActionCartSave and updateCustomizationTable, which could lead to a SQL injection. This is exploited in the wild in March 2023. | ||||
| CVE-2023-27637 | 1 Tshirtecommerce | 1 Custom Product Designer | 2025-02-26 | 9.8 Critical |
| An issue was discovered in the tshirtecommerce (aka Custom Product Designer) component 2.1.4 for PrestaShop. An HTTP request can be forged with a compromised product_id GET parameter in order to exploit an insecure parameter in the front controller file designer.php, which could lead to a SQL injection. This is exploited in the wild in March 2023. | ||||
| CVE-2023-0631 | 1 Strangerstudios | 1 Paid Memberships Pro | 2025-02-26 | 8.8 High |
| The Paid Memberships Pro WordPress plugin before 2.9.12 does not prevent subscribers from rendering shortcodes that concatenate attributes directly into an SQL query. | ||||
| CVE-2023-0630 | 1 Wp-slimstat | 1 Slimstat Analytics | 2025-02-26 | 8.8 High |
| The Slimstat Analytics WordPress plugin before 4.9.3.3 does not prevent subscribers from rendering shortcodes that concatenates attributes directly into an SQL query. | ||||
| CVE-2024-1301 | 1 Badgermeter | 1 Monitool | 2025-02-26 | 9.8 Critical |
| SQL injection vulnerability in Badger Meter Monitool affecting versions 4.6.3 and earlier. A remote attacker could send a specially crafted SQL query to the server via the j_username parameter and retrieve the information stored in the database. | ||||
| CVE-2024-2333 | 1 Codeastro | 1 Membership Management System | 2025-02-26 | 6.3 Medium |
| A vulnerability classified as critical has been found in CodeAstro Membership Management System 1.0. Affected is an unknown function of the file /add_members.php. The manipulation of the argument fullname leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256284. | ||||
| CVE-2023-7081 | 1 Postahsil | 1 Online Payment System | 2025-02-26 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in POSTAHSİL Online Payment System allows SQL Injection.This issue affects Online Payment System: before 14.02.2024. | ||||