Export limit exceeded: 357829 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 19368 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (19368 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-46981 | 1 Xxyopen | 1 Novel-plus | 2024-11-21 | 9.8 Critical |
| SQL injection vulnerability in Novel-Plus v.4.2.0 allows a remote attacker to execute arbitrary code via a crafted script to the sort parameter in /common/log/list. | ||||
| CVE-2023-46956 | 1 Oretnom23 | 1 Packers And Movers Management System | 2024-11-21 | 7.2 High |
| SQL injection vulnerability in Packers and Movers Management System v.1.0 allows a remote attacker to execute arbitrary code via crafted payload to the /mpms/admin/?page=user/manage_user&id file. | ||||
| CVE-2023-46954 | 1 Relativity | 1 Relativityone | 2024-11-21 | 9.8 Critical |
| SQL Injection vulnerability in Relativity ODA LLC RelativityOne v.12.1.537.3 Patch 2 and earlier allows a remote attacker to execute arbitrary code via the name parameter. | ||||
| CVE-2023-46914 | 1 Bookingcalendar Project | 1 Bookingcalendar | 2024-11-21 | 9.8 Critical |
| SQL Injection vulnerability in RM bookingcalendar module for PrestaShop versions 2.7.9 and before, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via ics_export.php. | ||||
| CVE-2023-46800 | 1 Projectworlds | 1 Online Matrimonial Project | 2024-11-21 | 9.8 Critical |
| Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'id' parameter of the view_profile.php resource does not validate the characters received and they are sent unfiltered to the database. | ||||
| CVE-2023-46793 | 1 Projectworlds | 1 Online Matrimonial Project | 2024-11-21 | 9.8 Critical |
| Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'day' parameter in the 'register()' function of the functions.php resource does not validate the characters received and they are sent unfiltered to the database. | ||||
| CVE-2023-46789 | 1 Projectworlds | 1 Online Matrimonial Project | 2024-11-21 | 9.8 Critical |
| Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'filename' attribute of the 'pic1' multipart parameter of the functions.php resource does not validate the characters received and they are sent unfiltered to the database. | ||||
| CVE-2023-46788 | 1 Projectworlds | 1 Online Matrimonial Project | 2024-11-21 | 9.8 Critical |
| Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'id' parameter in the 'uploadphoto()' function of the functions.php resource does not validate the characters received and they are sent unfiltered to the database. | ||||
| CVE-2023-46787 | 1 Projectworlds | 1 Online Matrimonial Project | 2024-11-21 | 9.8 Critical |
| Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the auth/auth.php resource does not validate the characters received and they are sent unfiltered to the database. | ||||
| CVE-2023-46785 | 1 Projectworlds | 1 Online Matrimonial Project | 2024-11-21 | 9.8 Critical |
| Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'id' parameter of the partner_preference.php resource does not validate the characters received and they are sent unfiltered to the database. | ||||
| CVE-2023-46727 | 1 Glpi-project | 1 Glpi | 2024-11-21 | 8.6 High |
| GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.11, GLPI inventory endpoint can be used to drive a SQL injection attack. Version 10.0.11 contains a patch for the issue. As a workaround, disable native inventory. | ||||
| CVE-2023-46700 | 1 Luxsoft | 1 Luxcal Web Calendar | 2024-11-21 | 9.8 Critical |
| SQL injection vulnerability in LuxCal Web Calendar prior to 5.2.4M (MySQL version) and LuxCal Web Calendar prior to 5.2.4L (SQLite version) allows a remote unauthenticated attacker to execute an arbitrary SQL command by sending a crafted request, and obtain or alter information stored in the database. | ||||
| CVE-2023-46679 | 1 Projectworlds | 1 Online Job Portal | 2024-11-21 | 9.8 Critical |
| Online Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'txt_uname_email' parameter of the index.php resource does not validate the characters received and they are sent unfiltered to the database. | ||||
| CVE-2023-46677 | 1 Projectworlds | 1 Online Job Portal | 2024-11-21 | 9.8 Critical |
| Online Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'txt_uname' parameter of the sign-up.php resource does not validate the characters received and they are sent unfiltered to the database. | ||||
| CVE-2023-46584 | 1 Phpgurukul | 1 Nipah Virus Testing Management System | 2024-11-21 | 9.8 Critical |
| SQL Injection vulnerability in PHPGurukul Nipah virus (NiV) " Testing Management System v.1.0 allows a remote attacker to escalate privileges via a crafted request to the new-user-testing.php endpoint. | ||||
| CVE-2023-46582 | 1 Code-projects | 1 Inventory Management | 2024-11-21 | 7.8 High |
| SQL injection vulnerability in Inventory Management v.1.0 allows a local attacker to execute arbitrary SQL commands via the id paramter in the deleteProduct.php component. | ||||
| CVE-2023-46581 | 1 Code-projects | 1 Inventory Management | 2024-11-21 | 5.5 Medium |
| SQL injection vulnerability in Inventory Management v.1.0 allows a local attacker to execute arbitrary code via the name, uname and email parameters in the registration.php component. | ||||
| CVE-2023-46575 | 1 Layer5 | 1 Meshery | 2024-11-21 | 9.8 Critical |
| A SQL injection vulnerability exists in Meshery prior to version v0.6.179, enabling a remote attacker to retrieve sensitive information and execute arbitrary code through the “order” parameter | ||||
| CVE-2023-46490 | 1 Cacti | 1 Cacti | 2024-11-21 | 6.5 Medium |
| SQL Injection vulnerability in Cacti v1.2.25 allows a remote attacker to obtain sensitive information via the form_actions() function in the managers.php function. | ||||
| CVE-2023-46482 | 1 Wuzhicms | 1 Wuzhicms | 2024-11-21 | 9.8 Critical |
| SQL injection vulnerability in wuzhicms v.4.1.0 allows a remote attacker to execute arbitrary code via the Database Backup Functionality in the coreframe/app/database/admin/index.php component. | ||||