Export limit exceeded: 35533 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (19368 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-4092 | 1 Fujitsu | 1 Arconte Aurea | 2024-11-21 | 8.8 High |
| SQL injection vulnerability in Arconte Áurea, in its 1.5.0.0 version. The exploitation of this vulnerability could allow an attacker to read sensitive data from the database, modify data (insert/update/delete), perform database administration operations and, in some cases, execute commands on the operating system. | ||||
| CVE-2023-4037 | 1 Setelsa-security | 1 Conacwin | 2024-11-21 | 9.9 Critical |
| Blind SQL injection vulnerability in the Conacwin 3.7.1.2 web interface, the exploitation of which could allow a local attacker to obtain sensitive data stored in the database by sending a specially crafted SQL query to the xml parameter. | ||||
| CVE-2023-49708 | 1 Joomstar | 1 Starshop | 2024-11-21 | 9.8 Critical |
| SQLi vulnerability in Starshop component for Joomla. | ||||
| CVE-2023-49707 | 1 Joomlart | 1 S5 Register | 2024-11-21 | 9.8 Critical |
| SQLi vulnerability in S5 Register module for Joomla. | ||||
| CVE-2023-49689 | 1 Kashipara | 1 Job Portal | 2024-11-21 | 9.8 Critical |
| Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'JobId' parameter of the Employer/DeleteJob.php resource does not validate the characters received and they are sent unfiltered to the database. | ||||
| CVE-2023-49688 | 1 Kashipara | 1 Job Portal | 2024-11-21 | 9.8 Critical |
| Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'txtUser' parameter of the login.php resource does not validate the characters received and they are sent unfiltered to the database. | ||||
| CVE-2023-49681 | 1 Kashipara | 1 Job Portal | 2024-11-21 | 9.8 Critical |
| Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'cmbQual' parameter of the Employer/InsertWalkin.php resource does not validate the characters received and they are sent unfiltered to the database. | ||||
| CVE-2023-49677 | 1 Kashipara | 1 Job Portal | 2024-11-21 | 9.8 Critical |
| Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'cmbQual' parameter of the Employer/InsertJob.php resource does not validate the characters received and they are sent unfiltered to the database. | ||||
| CVE-2023-49581 | 1 Sap | 1 Netweaver Application Server Abap | 2024-11-21 | 4.1 Medium |
| SAP GUI for Windows and SAP GUI for Java allow an unauthenticated attacker to access information which would otherwise be restricted and confidential. In addition, this vulnerability allows the unauthenticated attacker to write data to a database table. By doing so the attacker could increase response times of the AS ABAP, leading to mild impact on availability. | ||||
| CVE-2023-49429 | 1 Tenda | 2 Ax9, Ax9 Firmware | 2024-11-21 | 9.8 Critical |
| Tenda AX9 V22.03.01.46 was discovered to contain a SQL command injection vulnerability in the 'setDeviceInfo' feature through the 'mac' parameter at /goform/setModules. | ||||
| CVE-2023-49371 | 1 Ruoyi | 1 Ruoyi | 2024-11-21 | 9.8 Critical |
| RuoYi up to v4.6 was discovered to contain a SQL injection vulnerability via /system/dept/edit. | ||||
| CVE-2023-49363 | 1 Rockoa | 1 Rockoa | 2024-11-21 | 9.8 Critical |
| Rockoa <2.3.3 is vulnerable to SQL Injection. The problem exists in the indexAction method in reimpAction.php. | ||||
| CVE-2023-49030 | 1 32ns | 1 Klive | 2024-11-21 | 7.5 High |
| SQL Injection vulnerability in32ns KLive v.2019-1-19 and before allows a remote attacker to obtain sensitive information via a crafted script to the web/user.php component. | ||||
| CVE-2023-48987 | 1 Cusg | 1 Content Management System | 2024-11-21 | 7.5 High |
| Blind SQL Injection vulnerability in CU Solutions Group (CUSG) Content Management System (CMS) before v.7.75 allows a remote attacker to execute arbitrary code, escalate privileges, and obtain sensitive information via a crafted script to the pages.php component. | ||||
| CVE-2023-48925 | 1 Buy-addons | 1 Bavideotab | 2024-11-21 | 9.8 Critical |
| SQL injection vulnerability in Buy Addons bavideotab before version 1.0.6, allows attackers to escalate privileges and obtain sensitive information via the component BaVideoTabSaveVideoModuleFrontController::run(). | ||||
| CVE-2023-48893 | 1 Slims | 1 Senayan Library Management System Bulian | 2024-11-21 | 8.8 High |
| SLiMS (aka SENAYAN Library Management System) through 9.6.1 allows admin/modules/reporting/customs/staff_act.php SQL Injection via startDate or untilDate. | ||||
| CVE-2023-48823 | 1 Mayurik | 1 Courier Management System | 2024-11-21 | 9.8 Critical |
| A Blind SQL injection issue in ajax.php in GaatiTrack Courier Management System 1.0 allows an unauthenticated attacker to inject a payload via the email parameter during login. | ||||
| CVE-2023-48813 | 1 Slims | 1 Senayan Library Management System Bulian | 2024-11-21 | 8.8 High |
| Senayan Library Management Systems (Slims) 9 Bulian v9.6.1 is vulnerable to SQL Injection via admin/modules/reporting/customs/fines_report.php. | ||||
| CVE-2023-48722 | 1 Phpgurukul | 1 Student Result Management System | 2024-11-21 | 9.8 Critical |
| Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'class_name' parameter of the add_results.php resource does not validate the characters received and they are sent unfiltered to the database. | ||||
| CVE-2023-48720 | 1 Phpgurukul | 1 Student Result Management System | 2024-11-21 | 9.8 Critical |
| Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'password' parameter of the login.php resource does not validate the characters received and they are sent unfiltered to the database. | ||||