Total
15957 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-46954 | 1 Relativity | 1 Relativityone | 2024-11-21 | N/A | 9.8 CRITICAL |
| SQL Injection vulnerability in Relativity ODA LLC RelativityOne v.12.1.537.3 Patch 2 and earlier allows a remote attacker to execute arbitrary code via the name parameter. | |||||
| CVE-2023-46914 | 1 Bookingcalendar Project | 1 Bookingcalendar | 2024-11-21 | N/A | 9.8 CRITICAL |
| SQL Injection vulnerability in RM bookingcalendar module for PrestaShop versions 2.7.9 and before, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via ics_export.php. | |||||
| CVE-2023-46821 | 1 Dev4press | 1 Gd Security Headers | 2024-11-21 | N/A | 7.2 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Milan Petrovic GD Security Headers allows auth. (admin+) SQL Injection.This issue affects GD Security Headers: from n/a through 1.7. | |||||
| CVE-2023-46727 | 1 Glpi-project | 1 Glpi | 2024-11-21 | N/A | 8.6 HIGH |
| GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.11, GLPI inventory endpoint can be used to drive a SQL injection attack. Version 10.0.11 contains a patch for the issue. As a workaround, disable native inventory. | |||||
| CVE-2023-46700 | 1 Luxsoft | 1 Luxcal Web Calendar | 2024-11-21 | N/A | 9.8 CRITICAL |
| SQL injection vulnerability in LuxCal Web Calendar prior to 5.2.4M (MySQL version) and LuxCal Web Calendar prior to 5.2.4L (SQLite version) allows a remote unauthenticated attacker to execute an arbitrary SQL command by sending a crafted request, and obtain or alter information stored in the database. | |||||
| CVE-2023-46584 | 1 Phpgurukul | 1 Nipah Virus Testing Management System | 2024-11-21 | N/A | 9.8 CRITICAL |
| SQL Injection vulnerability in PHPGurukul Nipah virus (NiV) " Testing Management System v.1.0 allows a remote attacker to escalate privileges via a crafted request to the new-user-testing.php endpoint. | |||||
| CVE-2023-46582 | 1 Code-projects | 1 Inventory Management | 2024-11-21 | N/A | 7.8 HIGH |
| SQL injection vulnerability in Inventory Management v.1.0 allows a local attacker to execute arbitrary SQL commands via the id paramter in the deleteProduct.php component. | |||||
| CVE-2023-46581 | 1 Code-projects | 1 Inventory Management | 2024-11-21 | N/A | 5.5 MEDIUM |
| SQL injection vulnerability in Inventory Management v.1.0 allows a local attacker to execute arbitrary code via the name, uname and email parameters in the registration.php component. | |||||
| CVE-2023-46575 | 1 Layer5 | 1 Meshery | 2024-11-21 | N/A | 9.8 CRITICAL |
| A SQL injection vulnerability exists in Meshery prior to version v0.6.179, enabling a remote attacker to retrieve sensitive information and execute arbitrary code through the “order” parameter | |||||
| CVE-2023-46490 | 1 Cacti | 1 Cacti | 2024-11-21 | N/A | 6.5 MEDIUM |
| SQL Injection vulnerability in Cacti v1.2.25 allows a remote attacker to obtain sensitive information via the form_actions() function in the managers.php function. | |||||
| CVE-2023-46482 | 1 Wuzhicms | 1 Wuzhicms | 2024-11-21 | N/A | 9.8 CRITICAL |
| SQL injection vulnerability in wuzhicms v.4.1.0 allows a remote attacker to execute arbitrary code via the Database Backup Functionality in the coreframe/app/database/admin/index.php component. | |||||
| CVE-2023-46435 | 1 Oretnom23 | 1 Packers And Movers Management System | 2024-11-21 | N/A | 9.8 CRITICAL |
| Sourcecodester Packers and Movers Management System v1.0 is vulnerable to SQL Injection via mpms/?p=services/view_service&id. | |||||
| CVE-2023-46358 | 1 Snegurka | 1 Referralbyphone | 2024-11-21 | N/A | 9.8 CRITICAL |
| In the module "Referral and Affiliation Program" (referralbyphone) version 3.5.1 and before from Snegurka for PrestaShop, a guest can perform SQL injection. Method `ReferralByPhoneDefaultModuleFrontController::ajaxProcessCartRuleValidate` has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection. | |||||
| CVE-2023-46357 | 1 Myprestamodules | 1 Cross Selling In Modal Cart | 2024-11-21 | N/A | 9.8 CRITICAL |
| In the module "Cross Selling in Modal Cart" (motivationsale) < 3.5.0 from MyPrestaModules for PrestaShop, a guest can perform SQL injection. The method `motivationsaleDataModel::getProductsByIds()` has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection. | |||||
| CVE-2023-46356 | 1 Blmodules | 1 Csv Feeds Pro | 2024-11-21 | N/A | 9.8 CRITICAL |
| In the module "CSV Feeds PRO" (csvfeeds) before 2.6.1 from Bl Modules for PrestaShop, a guest can perform SQL injection. The method `SearchApiCsv::getProducts()` has sensitive SQL call that can be executed with a trivial http call and exploited to forge a SQL injection. | |||||
| CVE-2023-46353 | 1 Mypresta | 1 Product Tag Icons Pro | 2024-11-21 | N/A | 9.8 CRITICAL |
| In the module "Product Tag Icons Pro" (ticons) before 1.8.4 from MyPresta.eu for PrestaShop, a guest can perform SQL injection. The method TiconProduct::getTiconByProductAndTicon() has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection. | |||||
| CVE-2023-46349 | 1 Myprestamodules | 1 Updateproducts | 2024-11-21 | N/A | 9.8 CRITICAL |
| In the module "Product Catalog (CSV, Excel) Export/Update" (updateproducts) < 3.8.5 from MyPrestaModules for PrestaShop, a guest can perform SQL injection. The method `productsUpdateModel::getExportIds()` has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection. | |||||
| CVE-2023-46348 | 1 Sunnytoo | 1 Sturls | 2024-11-21 | N/A | 9.8 CRITICAL |
| SQL njection vulnerability in SunnyToo sturls before version 1.1.13, allows attackers to escalate privileges and obtain sensitive information via StUrls::hookActionDispatcher and StUrls::getInstanceId methods. | |||||
| CVE-2023-46347 | 1 Ndkdesign | 1 Ndk Steppingpack | 2024-11-21 | N/A | 9.8 CRITICAL |
| In the module "Step by Step products Pack" (ndk_steppingpack) version 1.5.6 and before from NDK Design for PrestaShop, a guest can perform SQL injection. The method `NdkSpack::getPacks()` has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection. | |||||
| CVE-2023-46084 | 1 Bplugins | 1 Icons Font Loader | 2024-11-21 | N/A | 8.8 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in bPlugins LLC Icons Font Loader allows SQL Injection.This issue affects Icons Font Loader: from n/a through 1.1.2. | |||||