Total
15600 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-25045 | 1 Carrcommunications | 1 Rsvpmaker | 2024-11-21 | N/A | 6.7 MEDIUM |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David F. Carr RSVPMaker allows SQL Injection.This issue affects RSVPMaker: from n/a through 9.9.3. | |||||
| CVE-2023-24840 | 1 Hgiga | 1 Oaklouds Mailsherlock | 2024-11-21 | N/A | 7.2 HIGH |
| HGiga MailSherlock mail query function has vulnerability of insufficient validation for user input. An authenticated remote attacker with administrator privilege can exploit this vulnerability to inject SQL commands to read, modify, and delete the database. | |||||
| CVE-2023-24812 | 1 Misskey | 1 Misskey | 2024-11-21 | N/A | 8.8 HIGH |
| Misskey is an open source, decentralized social media platform. In versions prior to 13.3.3 SQL injection is possible due to insufficient parameter validation in the note search API by tag (notes/search-by-tag). This has been fixed in version 13.3.3. Users are advised to upgrade. Users unable to upgrade should block access to the `api/notes/search-by-tag` endpoint. | |||||
| CVE-2023-24788 | 1 Notrinos | 1 Notrinoserp | 2024-11-21 | N/A | 8.8 HIGH |
| NotrinosERP v0.7 was discovered to contain a SQL injection vulnerability via the OrderNumber parameter at /NotrinosERP/sales/customer_delivery.php. | |||||
| CVE-2023-24726 | 1 Phpgurukul | 1 Art Gallery Management System | 2024-11-21 | N/A | 9.8 CRITICAL |
| Art Gallery Management System v1.0 was discovered to contain a SQL injection vulnerability via the viewid parameter on the enquiry page. | |||||
| CVE-2023-24643 | 1 Judging Management System Project | 1 Judging Management System | 2024-11-21 | N/A | 9.8 CRITICAL |
| Judging Management System v1.0 was discovered to contain a SQL injection vulnerability via the sid parameter at /php-jms/updateBlankTxtview.php. | |||||
| CVE-2023-24258 | 1 Spip | 1 Spip | 2024-11-21 | N/A | 9.8 CRITICAL |
| SPIP v4.1.5 and earlier was discovered to contain a SQL injection vulnerability via the _oups parameter. This vulnerability allows attackers to execute arbitrary code via a crafted POST request. | |||||
| CVE-2023-24253 | 1 Domoticalabs | 1 Ikon Server | 2024-11-21 | N/A | 9.8 CRITICAL |
| Domotica Labs srl Ikon Server before v2.8.6 was discovered to contain a SQL injection vulnerability. | |||||
| CVE-2023-24206 | 1 Davinci Project | 1 Davinci | 2024-11-21 | N/A | 9.8 CRITICAL |
| Davinci v0.3.0-rc was discovered to contain a SQL injection vulnerability via the copyDisplay function. | |||||
| CVE-2023-24000 | 1 Gamipress | 1 Gamipress | 2024-11-21 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in GamiPress gamipress allows SQL Injection.This issue affects GamiPress: from n/a through 2.5.7. | |||||
| CVE-2023-23991 | 2024-11-21 | N/A | 7.6 HIGH | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPdevelop / Oplugins Booking Calendar allows SQL Injection.This issue affects Booking Calendar: from n/a through 9.4.3. | |||||
| CVE-2023-23824 | 1 Wp Topbar Project | 1 Wp Topbar | 2024-11-21 | N/A | 6.7 MEDIUM |
| Auth. SQL Injection (SQLi) vulnerability in WP-TopBar <= 5.36 versions. | |||||
| CVE-2023-23758 | 1 Creative-solutions | 1 Creative Gallery | 2024-11-21 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability allows SQL Injection. | |||||
| CVE-2023-23757 | 1 Bestaddon | 1 Bestaddon Gallery | 2024-11-21 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability allows SQL Injection. | |||||
| CVE-2023-23737 | 1 Managewp | 1 Broken Link Checker | 2024-11-21 | N/A | 9.3 CRITICAL |
| Unauth. SQL Injection (SQLi) vulnerability in MainWP MainWP Broken Links Checker Extension plugin <= 4.0 versions. | |||||
| CVE-2023-23660 | 1 Mainwp | 1 Mainwp Maintenance Extension | 2024-11-21 | N/A | 8.5 HIGH |
| Auth. (subscriber+) SQL Injection (SQLi) vulnerability in MainWP MainWP Maintenance Extension plugin <= 4.1.1 versions. | |||||
| CVE-2023-23651 | 1 Mainwp | 1 Mainwp Google Analytics Extension | 2024-11-21 | N/A | 8.5 HIGH |
| Auth. (subscriber+) SQL Injection (SQLi) vulnerability in MainWP Google Analytics Extension plugin <= 4.0.4 versions. | |||||
| CVE-2023-23634 | 1 Documize | 1 Documize | 2024-11-21 | N/A | 9.8 CRITICAL |
| SQL Injection vulnerability in Documize version 5.4.2, allows remote attackers to execute arbitrary code via the user parameter of the /api/dashboard/activity endpoint. | |||||
| CVE-2023-23563 | 1 Geomatika | 1 Isigeo Web | 2024-11-21 | N/A | 6.5 MEDIUM |
| An issue was discovered in Geomatika IsiGeo Web 6.0. It allows remote authenticated users to obtain sensitive database content via SQL Injection. | |||||
| CVE-2023-23315 | 1 Stripe | 1 Stripe Payment Pro | 2024-11-21 | N/A | 9.8 CRITICAL |
| The PrestaShop e-commerce platform module stripejs contains a Blind SQL injection vulnerability up to version 4.5.5. The method `stripejsValidationModuleFrontController::initContent()` has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection. | |||||