Export limit exceeded: 18871 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (18871 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-2046 | 1 Yontemizleme | 1 Vehicle Tracking System | 2024-11-21 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Yontem Informatics Vehicle Tracking System allows SQL Injection.This issue affects Vehicle Tracking System: before 8. | ||||
| CVE-2023-2043 | 1 Assaabloy | 1 Control Id Rhid | 2024-11-21 | 6.3 Medium |
| A vulnerability, which was classified as problematic, was found in Control iD RHiD 23.3.19.0. This affects an unknown part of the file /v2/customerdb/operator.svc/a of the component Edit Handler. The manipulation of the argument email leads to sql injection. It is possible to initiate the attack remotely. The identifier VDB-225921 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-2040 | 1 Xxyopen | 1 Novel-plus | 2024-11-21 | 6.3 Medium |
| A vulnerability classified as critical has been found in novel-plus 3.6.2. Affected is an unknown function of the file /news/list?limit=10&offset=0&order=desc. The manipulation of the argument sort leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-225918 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-2038 | 1 Campcodes Video Sharing Website Project | 1 Campcodes Video Sharing Website | 2024-11-21 | 6.3 Medium |
| A vulnerability was found in Campcodes Video Sharing Website 1.0. It has been declared as critical. This vulnerability affects unknown code of the file admin_class.php. The manipulation of the argument email leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-225916. | ||||
| CVE-2023-2036 | 1 Campcodes Video Sharing Website Project | 1 Campcodes Video Sharing Website | 2024-11-21 | 6.3 Medium |
| A vulnerability was found in Campcodes Video Sharing Website 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file upload.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-225914 is the identifier assigned to this vulnerability. | ||||
| CVE-2023-2035 | 1 Campcodes Video Sharing Website Project | 1 Campcodes Video Sharing Website | 2024-11-21 | 6.3 Medium |
| A vulnerability has been found in Campcodes Video Sharing Website 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file signup.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-225913 was assigned to this vulnerability. | ||||
| CVE-2023-29597 | 1 Bloofox | 1 Bloofoxcms | 2024-11-21 | 8.8 High |
| bloofox v0.5.2 was discovered to contain a SQL injection vulnerability via the component /index.php?mode=content&page=pages&action=edit&eid=1. | ||||
| CVE-2023-29095 | 1 Carrcommunications | 1 Rsvpmaker | 2024-11-21 | 7.6 High |
| Auth. (admin+) SQL Injection (SQLi) vulnerability in David F. Carr RSVPMaker plugin < 10.5.5 versions. | ||||
| CVE-2023-28329 | 1 Moodle | 1 Moodle | 2024-11-21 | 6.3 Medium |
| Insufficient validation of profile field availability condition resulted in an SQL injection risk (by default only available to teachers and managers). | ||||
| CVE-2023-28019 | 1 Hcltech | 1 Bigfix Webui | 2024-11-21 | 5.5 Medium |
| Insufficient validation in Bigfix WebUI API App site version < 14 allows an authenticated WebUI user to issue SQL queries via an unparameterized SQL query. | ||||
| CVE-2023-27846 | 1 Themevolty | 1 Theme Volty Cms Blog | 2024-11-21 | 9.8 Critical |
| SQL injection vulnerability found in PrestaShop themevolty v.4.0.8 and before allow a remote attacker to gain privileges via the tvcmsblog, tvcmsvideotab, tvcmswishlist, tvcmsbrandlist, tvcmscategorychainslider, tvcmscategoryproduct, tvcmscategoryslider, tvcmspaymenticon, tvcmstestimonial components. | ||||
| CVE-2023-27845 | 1 Kerawen | 1 Omnichannel Stocks | 2024-11-21 | 9.8 Critical |
| SQL injection vulnerability found in PrestaShop lekerawen_ocs before v.1.4.1 allow a remote attacker to gain privileges via the KerawenHelper::setCartOperationInfo, and KerawenHelper::resetCheckoutSessionData components. | ||||
| CVE-2023-27262 | 1 Idattend | 1 Idweb | 2024-11-21 | 9.8 Critical |
| Unauthenticated SQL injection in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. | ||||
| CVE-2023-27260 | 1 Idattend | 1 Idweb | 2024-11-21 | 9.8 Critical |
| Unauthenticated SQL injection in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. | ||||
| CVE-2023-27255 | 1 Idattend | 1 Idweb | 2024-11-21 | 9.8 Critical |
| Unauthenticated SQL injection in the DeleteRoomChanges method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. | ||||
| CVE-2023-27254 | 1 Idattend | 1 Idweb | 2024-11-21 | 9.8 Critical |
| Unauthenticated SQL injection in the GetRoomChanges method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. | ||||
| CVE-2023-27074 | 1 Phpgurukul | 1 Bp Monitoring Management System | 2024-11-21 | 9.8 Critical |
| BP Monitoring Management System v1.0 was discovered to contain a SQL injection vulnerability via the emailid parameter in the login page. | ||||
| CVE-2023-26959 | 1 Phpgurukul | 1 Park Ticketing Management System | 2024-11-21 | 9.8 Critical |
| Phpgurukul Park Ticketing Management System 1.0 is vulnerable to SQL Injection via the User Name parameter. | ||||
| CVE-2023-26861 | 1 Vivawallet | 1 Viva Wallet | 2024-11-21 | 9.8 Critical |
| SQL injection vulnerability found in PrestaShop vivawallet v.1.7.10 and before allows a remote attacker to gain privileges via the vivawallet() module. | ||||
| CVE-2023-26859 | 1 Brevo | 1 Brevo | 2024-11-21 | 9.8 Critical |
| SQL injection vulnerability found in PrestaShop sendinblue v.4.0.15 and before allow a remote attacker to gain privileges via the ajaxOrderTracking.php component. | ||||