Export limit exceeded: 19366 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (19366 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-36293 | 1 Wmanager | 1 Wmanager | 2024-11-21 | 7.5 High |
| SQL injection vulnerability in wmanager v.1.0.7 and before allows a remote attacker to obtain sensitive information via a crafted script to the company.php component. | ||||
| CVE-2023-36213 | 1 Motocms | 1 Motocms | 2024-11-21 | 9.8 Critical |
| SQL injection vulnerability in MotoCMS v.3.4.3 allows a remote attacker to gain privileges via the keyword parameter of the search function. | ||||
| CVE-2023-36189 | 1 Langchain | 1 Langchain | 2024-11-21 | 7.5 High |
| SQL injection vulnerability in langchain before v0.0.247 allows a remote attacker to obtain sensitive information via the SQLDatabaseChain component. | ||||
| CVE-2023-36076 | 1 Pocketmanga | 1 Smanga | 2024-11-21 | 9.8 Critical |
| SQL Injection vulnerability in smanga version 3.1.9 and earlier, allows remote attackers to execute arbitrary code and gain sensitive information via mediaId, mangaId, and userId parameters in php/history/add.php. | ||||
| CVE-2023-35924 | 1 Glpi-project | 1 Glpi | 2024-11-21 | 8.6 High |
| GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.8, GLPI inventory endpoint can be used to drive a SQL injection attack. By default, GLPI inventory endpoint requires no authentication. Version 10.0.8 has a patch for this issue. As a workaround, one may disable native inventory. | ||||
| CVE-2023-35851 | 1 Sun.net | 1 Wmpro | 2024-11-21 | 7.5 High |
| SUNNET WMPro portal's FAQ function has insufficient validation for user input. An unauthenticated remote attacker can inject arbitrary SQL commands to obtain sensitive information via a database. | ||||
| CVE-2023-35683 | 1 Google | 1 Android | 2024-11-21 | 5.5 Medium |
| In bindSelection of DatabaseUtils.java, there is a possible way to access files from other applications due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2023-35132 | 1 Moodle | 1 Moodle | 2024-11-21 | 6.3 Medium |
| A limited SQL injection risk was identified on the Mnet SSO access control page. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8, 3.11 to 3.11.14, 3.9 to 3.9.21 and earlier unsupported versions. | ||||
| CVE-2023-34635 | 1 Wifi-soft | 1 Unibox Administration | 2024-11-21 | 9.8 Critical |
| Wifi Soft Unibox Administration 3.0 and 3.1 is vulnerable to SQL Injection. The vulnerability occurs because of not validating or sanitizing the user input in the username field of the login page. | ||||
| CVE-2023-34577 | 1 Planned Popup Project | 1 Planned Popup | 2024-11-21 | 9.8 Critical |
| SQL injection vulnerability in Prestashop opartplannedpopup 1.4.11 and earlier allows remote attackers to run arbitrary SQL commands via OpartPlannedPopupModuleFrontController::prepareHook() method. | ||||
| CVE-2023-34545 | 1 Cskaza | 1 Cszcms | 2024-11-21 | 9.8 Critical |
| A SQL injection vulnerability in CSZCMS 1.3.0 allows remote attackers to run arbitrary SQL commands via p parameter or the search URL. | ||||
| CVE-2023-34477 | 1 Braincert | 1 Virtual Classroom | 2024-11-21 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability allows SQL Injection. | ||||
| CVE-2023-34476 | 1 Mooj | 1 Proforms | 2024-11-21 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability allows SQL Injection. | ||||
| CVE-2023-34210 | 1 Easyuse | 1 Mailhunter Ultimate | 2024-11-21 | 7.7 High |
| SQL Injection in create customer group function in EasyUse MailHunter Ultimate 2023 and earlier allow remote authenticated users to execute arbitrary SQL commands via the ctl00$ContentPlaceHolder1$txtCustSQL parameter. | ||||
| CVE-2023-33993 | 1 Sap | 1 Business One | 2024-11-21 | 7.1 High |
| B1i module of SAP Business One - version 10.0, application allows an authenticated user with deep knowledge to send crafted queries over the network to read or modify the SQL data. On successful exploitation, the attacker can cause high impact on confidentiality, integrity and availability of the application. | ||||
| CVE-2023-33852 | 1 Ibm | 1 Security Guardium | 2024-11-21 | 7.6 High |
| IBM Security Guardium 11.4 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 257614. | ||||
| CVE-2023-33666 | 1 Ai-dev | 1 Aioptimizedcombinations | 2024-11-21 | 9.8 Critical |
| ai-dev aioptimizedcombinations before v0.1.3 was discovered to contain a SQL injection vulnerability via the component /includes/ajax.php. | ||||
| CVE-2023-33665 | 1 Ai-dev | 1 Ai-table | 2024-11-21 | 9.8 Critical |
| ai-dev aitable before v0.2.2 was discovered to contain a SQL injection vulnerability via the component /includes/ajax.php. | ||||
| CVE-2023-33664 | 1 Ai-dev | 1 Declinaisons A La Volee | 2024-11-21 | 8.8 High |
| ai-dev aicombinationsonfly before v0.3.1 was discovered to contain a SQL injection vulnerability via the component /includes/ajax.php. | ||||
| CVE-2023-33663 | 1 Ai-dev | 1 Aicustomfee | 2024-11-21 | 9.8 Critical |
| In the module “Customization fields fee for your store” (aicustomfee) from ai-dev module for PrestaShop, an attacker can perform SQL injection up to 0.2.0. Release 0.2.1 fixed this security issue. | ||||