Export limit exceeded: 347241 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (18849 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-48987 | 1 Cusg | 1 Content Management System | 2024-11-21 | 7.5 High |
| Blind SQL Injection vulnerability in CU Solutions Group (CUSG) Content Management System (CMS) before v.7.75 allows a remote attacker to execute arbitrary code, escalate privileges, and obtain sensitive information via a crafted script to the pages.php component. | ||||
| CVE-2023-48925 | 1 Buy-addons | 1 Bavideotab | 2024-11-21 | 9.8 Critical |
| SQL injection vulnerability in Buy Addons bavideotab before version 1.0.6, allows attackers to escalate privileges and obtain sensitive information via the component BaVideoTabSaveVideoModuleFrontController::run(). | ||||
| CVE-2023-48893 | 1 Slims | 1 Senayan Library Management System Bulian | 2024-11-21 | 8.8 High |
| SLiMS (aka SENAYAN Library Management System) through 9.6.1 allows admin/modules/reporting/customs/staff_act.php SQL Injection via startDate or untilDate. | ||||
| CVE-2023-48823 | 1 Mayurik | 1 Courier Management System | 2024-11-21 | 9.8 Critical |
| A Blind SQL injection issue in ajax.php in GaatiTrack Courier Management System 1.0 allows an unauthenticated attacker to inject a payload via the email parameter during login. | ||||
| CVE-2023-48813 | 1 Slims | 1 Senayan Library Management System Bulian | 2024-11-21 | 8.8 High |
| Senayan Library Management Systems (Slims) 9 Bulian v9.6.1 is vulnerable to SQL Injection via admin/modules/reporting/customs/fines_report.php. | ||||
| CVE-2023-48722 | 1 Phpgurukul | 1 Student Result Management System | 2024-11-21 | 9.8 Critical |
| Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'class_name' parameter of the add_results.php resource does not validate the characters received and they are sent unfiltered to the database. | ||||
| CVE-2023-48720 | 1 Phpgurukul | 1 Student Result Management System | 2024-11-21 | 9.8 Critical |
| Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'password' parameter of the login.php resource does not validate the characters received and they are sent unfiltered to the database. | ||||
| CVE-2023-48716 | 1 Projectworlds | 1 Student Result Management System | 2024-11-21 | 9.8 Critical |
| Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'class_id' parameter of the add_classes.php resource does not validate the characters received and they are sent unfiltered to the database. | ||||
| CVE-2023-48687 | 1 Projectworlds | 1 Railway Reservation System | 2024-11-21 | 9.8 Critical |
| Railway Reservation System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'from' parameter of the reservation.php resource does not validate the characters received and they are sent unfiltered to the database. | ||||
| CVE-2023-48685 | 1 Projectworlds | 1 Railway Reservation System | 2024-11-21 | 9.8 Critical |
| Railway Reservation System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'psd' parameter of the login.php resource does not validate the characters received and they are sent unfiltered to the database. | ||||
| CVE-2023-48434 | 1 Projectworlds | 1 Online Voting System Project | 2024-11-21 | 9.8 Critical |
| Online Voting System Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the reg_action.php resource does not validate the characters received and they are sent unfiltered to the database. | ||||
| CVE-2023-48433 | 1 Projectworlds | 1 Online Voting System Project | 2024-11-21 | 9.8 Critical |
| Online Voting System Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the login_action.php resource does not validate the characters received and they are sent unfiltered to the database. | ||||
| CVE-2023-48384 | 1 Armorxgt | 1 Spamtrap | 2024-11-21 | 9.8 Critical |
| ArmorX Global Technology Corporation ArmorX Spam has insufficient validation for user input within a special function. An unauthenticated remote attacker can exploit this vulnerability to inject arbitrary SQL commands to access, modify and delete database. | ||||
| CVE-2023-48372 | 1 Itpison | 1 Omicard Edm | 2024-11-21 | 9.8 Critical |
| ITPison OMICARD EDM 's SMS-related function has insufficient validation for user input. An unauthenticated remote attacker can exploit this vulnerability to inject arbitrary SQL commands to access, modify and delete database. | ||||
| CVE-2023-48188 | 1 Store-opart | 1 Op\'art Devis | 2024-11-21 | 9.8 Critical |
| SQL injection vulnerability in PrestaShop opartdevis v.4.5.18 thru v.4.6.12 allows a remote attacker to execute arbitrary code via a crafted script to the getModuleTranslation function. | ||||
| CVE-2023-48084 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 9.8 Critical |
| Nagios XI before version 5.11.3 was discovered to contain a SQL injection vulnerability via the bulk modification tool. | ||||
| CVE-2023-48078 | 1 Code-projects | 1 Simple Crud Functionality | 2024-11-21 | 9.8 Critical |
| SQL Injection vulnerability in add.php in Simple CRUD Functionality v1.0 allows attackers to run arbitrary SQL commands via the 'title' parameter. | ||||
| CVE-2023-48050 | 2 Camsbiometrics, Odoo | 2 Zkteco\, Essl\, Cams Biometrics Integration Module, Biometric Attendance | 2024-11-21 | 9.8 Critical |
| SQL injection vulnerability in Cams Biometrics Zkteco, eSSL, Cams Biometrics Integration Module with HR Attendance (aka odoo-biometric-attendance) v. 13.0 through 16.0.1 allows a remote attacker to execute arbitrary code and to gain privileges via the db parameter in the controllers/controllers.py component. | ||||
| CVE-2023-48049 | 1 Cybrosys | 1 Website Blog Search | 2024-11-21 | 9.8 Critical |
| A SQL injection vulnerability in Cybrosys Techno Solutions Website Blog Search (aka website_search_blog) v. 13.0 through 13.0.1.0.1 allows a remote attacker to execute arbitrary code and to gain privileges via the name parameter in controllers/main.py component. | ||||
| CVE-2023-48016 | 1 Phpgurukul | 1 Restaurant Table Booking System | 2024-11-21 | 7.5 High |
| Restaurant Table Booking System V1.0 is vulnerable to SQL Injection in rtbs/admin/index.php via the username parameter. | ||||