Total
15771 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-33924 | 1 Felixwelberg | 1 Sis Handball | 2024-11-21 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Felix Welberg SIS Handball allows SQL Injection.This issue affects SIS Handball: from n/a through 1.0.45. | |||||
| CVE-2023-33852 | 1 Ibm | 1 Security Guardium | 2024-11-21 | N/A | 7.6 HIGH |
| IBM Security Guardium 11.4 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 257614. | |||||
| CVE-2023-33817 | 1 Digitaldruid | 1 Hoteldruid | 2024-11-21 | N/A | 8.8 HIGH |
| hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability. | |||||
| CVE-2023-33666 | 1 Ai-dev | 1 Aioptimizedcombinations | 2024-11-21 | N/A | 9.8 CRITICAL |
| ai-dev aioptimizedcombinations before v0.1.3 was discovered to contain a SQL injection vulnerability via the component /includes/ajax.php. | |||||
| CVE-2023-33665 | 1 Ai-dev | 1 Ai-table | 2024-11-21 | N/A | 9.8 CRITICAL |
| ai-dev aitable before v0.2.2 was discovered to contain a SQL injection vulnerability via the component /includes/ajax.php. | |||||
| CVE-2023-33664 | 1 Ai-dev | 1 Declinaisons A La Volee | 2024-11-21 | N/A | 8.8 HIGH |
| ai-dev aicombinationsonfly before v0.3.1 was discovered to contain a SQL injection vulnerability via the component /includes/ajax.php. | |||||
| CVE-2023-33663 | 1 Ai-dev | 1 Aicustomfee | 2024-11-21 | N/A | 9.8 CRITICAL |
| In the module “Customization fields fee for your store” (aicustomfee) from ai-dev module for PrestaShop, an attacker can perform SQL injection up to 0.2.0. Release 0.2.1 fixed this security issue. | |||||
| CVE-2023-33592 | 1 Oretnom23 | 1 Lost And Found Information System | 2024-11-21 | N/A | 9.8 CRITICAL |
| Lost and Found Information System v1.0 was discovered to contain a SQL injection vulnerability via the component /php-lfis/admin/?page=system_info/contact_information. | |||||
| CVE-2023-33584 | 1 Enrollment System Project | 1 Enrollment System | 2024-11-21 | N/A | 9.8 CRITICAL |
| Sourcecodester Enrollment System Project V1.0 is vulnerable to SQL Injection (SQLI) attacks, which allow an attacker to manipulate the SQL queries executed by the application. The application fails to properly validate user-supplied input in the username and password fields during the login process, enabling an attacker to inject malicious SQL code. | |||||
| CVE-2023-33481 | 1 Remoteclinic | 1 Remote Clinic | 2024-11-21 | N/A | 9.8 CRITICAL |
| RemoteClinic 2.0 is vulnerable to a time-based blind SQL injection attack in the 'start' GET parameter of patients/index.php. | |||||
| CVE-2023-33479 | 1 Remoteclinic | 1 Remote Clinic | 2024-11-21 | N/A | 9.8 CRITICAL |
| RemoteClinic version 2.0 contains a SQL injection vulnerability in the /staff/edit.php file. | |||||
| CVE-2023-33478 | 1 Remoteclinic | 1 Remote Clinic | 2024-11-21 | N/A | 9.8 CRITICAL |
| RemoteClinic 2.0 has a SQL injection vulnerability in the ID parameter of /medicines/stocks.php. | |||||
| CVE-2023-33367 | 1 Assaabloy | 1 Control Id Idsecure | 2024-11-21 | N/A | 9.8 CRITICAL |
| A SQL injection vulnerability exists in Control ID IDSecure 4.7.26.0 and prior, allowing unauthenticated attackers to write PHP files on the server's root directory, resulting in remote code execution. | |||||
| CVE-2023-33366 | 1 Supremainc | 1 Biostar 2 | 2024-11-21 | N/A | 8.8 HIGH |
| A SQL injection vulnerability exists in Suprema BioStar 2 before 2.9.1, which allows authenticated users to inject arbitrary SQL directives into an SQL statement and execute arbitrary SQL commands. | |||||
| CVE-2023-33331 | 1 Woo | 1 Product Vendors | 2024-11-21 | N/A | 8.5 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WooCommerce Product Vendors allows SQL Injection.This issue affects Product Vendors: from n/a through 2.1.76. | |||||
| CVE-2023-33330 | 1 Woocommerce | 1 Automatewoo | 2024-11-21 | N/A | 8.5 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WooCommerce AutomateWoo.This issue affects AutomateWoo: from n/a through 4.9.50. | |||||
| CVE-2023-33209 | 1 Crawlspider | 1 Seo Change Monitor | 2024-11-21 | N/A | 8.5 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CrawlSpider SEO Change Monitor – Track Website Changes.This issue affects SEO Change Monitor – Track Website Changes: from n/a through 1.2. | |||||
| CVE-2023-33180 | 1 Xibosignage | 1 Xibo | 2024-11-21 | N/A | 6.5 MEDIUM |
| Xibo is a content management system (CMS). An SQL injection vulnerability was discovered starting in version 3.2.0 and prior to version 3.3.2 in the `/display/map` API route inside the CMS. This allows an authenticated user to exfiltrate data from the Xibo database by injecting specially crafted values in to the `bounds` parameter. Users should upgrade to version 3.3.5, which fixes this issue. There are no known workarounds aside from upgrading. | |||||
| CVE-2023-33179 | 1 Xibosignage | 1 Xibo | 2024-11-21 | N/A | 6.5 MEDIUM |
| Xibo is a content management system (CMS). An SQL injection vulnerability was discovered starting in version 3.2.0 and prior to version 3.3.5 in the `nameFilter` function used throughout the CMS. This allows an authenticated user to exfiltrate data from the Xibo database by injecting specially crafted values for logical operators. Users should upgrade to version 3.3.5 which fixes this issue. There are no known workarounds aside from upgrading. | |||||
| CVE-2023-33178 | 1 Xibosignage | 1 Xibo | 2024-11-21 | N/A | 6.5 MEDIUM |
| Xibo is a content management system (CMS). An SQL injection vulnerability was discovered in the `/dataset/data/{id}` API route inside the CMS starting in version 1.4.0 and prior to versions 2.3.17 and 3.3.5. This allows an authenticated user to exfiltrate data from the Xibo database by injecting specially crafted values in to the `filter` parameter. Values allowed in the filter parameter are checked against a deny list of commands that should not be allowed, however this checking was done in a case sensitive manor and so it is possible to bypass these checks by using unusual case combinations. Users should upgrade to version 2.3.17 or 3.3.5, which fix this issue. There are no workarounds aside from upgrading. | |||||