Total
18738 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-31624 | 1 Openlinksw | 1 Virtuoso | 2025-01-23 | 7.5 High |
| An issue in the sinv_check_exp component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | ||||
| CVE-2023-31623 | 1 Openlinksw | 1 Virtuoso | 2025-01-23 | 7.5 High |
| An issue in the mp_box_copy component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | ||||
| CVE-2023-32306 | 1 Anuko | 1 Time Tracker | 2025-01-23 | 8.8 High |
| Time Tracker is an open source time tracking system. A time-based blind injection vulnerability existed in Time Tracker reports in versions prior to 1.22.13.5792. This was happening because the `reports.php` page was not validating all parameters in POST requests. Because some parameters were not checked, it was possible to craft POST requests with malicious SQL for Time Tracker database. This issue is fixed in version 1.22.13.5792. As a workaround, use the fixed code in `ttReportHelper.class.php` from version 1.22.13.5792. | ||||
| CVE-2023-31843 | 1 Faculty Evaluation System Project | 1 Faculty Evaluation System | 2025-01-23 | 7.2 High |
| Sourcecodester Faculty Evaluation System v1.0 is vulnerable to SQL Injection via /eval/admin/view_faculty.php?id=. | ||||
| CVE-2023-31842 | 1 Faculty Evaluation System Project | 1 Faculty Evaluation System | 2025-01-23 | 7.2 High |
| Sourcecodester Faculty Evaluation System v1.0 is vulnerable to SQL Injection via /eval/index.php?page=edit_faculty&id=. | ||||
| CVE-2023-31631 | 1 Openlinksw | 1 Virtuoso | 2025-01-23 | 7.5 High |
| An issue in the sqlo_preds_contradiction component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | ||||
| CVE-2023-31630 | 1 Openlinksw | 1 Virtuoso | 2025-01-23 | 7.5 High |
| An issue in the sqlo_query_spec component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | ||||
| CVE-2023-31629 | 1 Openlinksw | 1 Virtuoso | 2025-01-23 | 7.5 High |
| An issue in the sqlo_union_scope component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | ||||
| CVE-2023-31628 | 1 Openlinksw | 1 Virtuoso | 2025-01-23 | 7.5 High |
| An issue in the stricmp component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | ||||
| CVE-2023-31627 | 1 Openlinksw | 1 Virtuoso | 2025-01-23 | 7.5 High |
| An issue in the strhash component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | ||||
| CVE-2023-31626 | 1 Openlinksw | 1 Virtuoso | 2025-01-23 | 7.5 High |
| An issue in the gpf_notice component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | ||||
| CVE-2023-31616 | 1 Openlinksw | 1 Virtuoso | 2025-01-23 | 7.5 High |
| An issue in the bif_mod component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | ||||
| CVE-2024-26262 | 1 Ebmtech | 1 Uniweb\/solipacs Webserver | 2025-01-23 | 8.8 High |
| EBM Technologies Uniweb/SoliPACS WebServer's query functionality lacks proper restrictions of user input, allowing remote attackers authenticated as regular user to inject SQL commands for reading, modifying, and deleting database records, as well as executing system commands. Attackers may even leverage the dbo privilege in the database for privilege escalation, elevating their privileges to administrator . | ||||
| CVE-2024-1523 | 1 E-web | 1 Fs-ezviewer | 2025-01-23 | 8.8 High |
| EC-WEB FS-EZViewer(Web)'s query functionality lacks proper restrictions of user input, allowing remote attackers authenticated as regular user to inject SQL commands for reading, modifying, and deleting database records, as well as executing system commands. Attackers may even leverage the dbo privilege in the database for privilege escalation, elevating their privileges to administrator. | ||||
| CVE-2024-2480 | 2 Mha Sistemas, Mhasistemas | 2 Armhazena, Armhazena | 2025-01-23 | 6.3 Medium |
| A vulnerability classified as critical was found in MHA Sistemas arMHAzena 9.6.0.0. This vulnerability affects unknown code of the component Executa Page. The manipulation of the argument Companhia/Planta/Agente de/Agente até leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256888. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-2478 | 1 Bradwenqiang | 1 Hr | 2025-01-23 | 6.3 Medium |
| A vulnerability was found in BradWenqiang HR 2.0. It has been rated as critical. Affected by this issue is the function selectAll of the file /bishe/register of the component Background Management. The manipulation of the argument userName leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-256886 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-31608 | 1 Openlinksw | 1 Virtuoso | 2025-01-23 | 7.5 High |
| An issue in the artm_div_int component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | ||||
| CVE-2023-31607 | 1 Openlinksw | 1 Virtuoso | 2025-01-23 | 7.5 High |
| An issue in the __libc_malloc component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | ||||
| CVE-2023-30245 | 1 Judging Management System Project | 1 Judging Management System | 2025-01-23 | 9.8 Critical |
| SQL injection vulnerability found in Judging Management System v.1.0 allows a remote attacker to execute arbitrary code via the crit_id parameter of the edit_criteria.php file. | ||||
| CVE-2023-31519 | 1 Pharmacy Management System Project | 1 Pharmacy Management System | 2025-01-23 | 9.8 Critical |
| Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the email parameter at login_core.php. | ||||