Total
18452 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-25330 | 1 Mybatis | 1 Mybatis | 2024-11-21 | 9.8 Critical |
| A SQL injection vulnerability in Mybatis plus below 3.5.3.1 allows remote attackers to execute arbitrary SQL commands via the tenant ID valuer. NOTE: the vendor's position is that this can only occur in a misconfigured application; the documentation discusses how to develop applications that avoid SQL injection. | ||||
| CVE-2023-25197 | 1 Apache | 1 Fineract | 2024-11-21 | 6.3 Medium |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Software Foundation apache fineract. Authorized users may be able to exploit this for limited impact on components. This issue affects apache fineract: from 1.4 through 1.8.2. | ||||
| CVE-2023-25196 | 1 Apache | 1 Fineract | 2024-11-21 | 4.3 Medium |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Software Foundation Apache Fineract. Authorized users may be able to change or add data in certain components. This issue affects Apache Fineract: from 1.4 through 1.8.2. | ||||
| CVE-2023-25047 | 1 Carrcommunications | 1 Rsvpmaker | 2024-11-21 | 7.2 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David F. Carr RSVPMaker rsvpmaker allows SQL Injection.This issue affects RSVPMaker: from n/a through 9.9.3. | ||||
| CVE-2023-25045 | 1 Carrcommunications | 1 Rsvpmaker | 2024-11-21 | 6.7 Medium |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David F. Carr RSVPMaker allows SQL Injection.This issue affects RSVPMaker: from n/a through 9.9.3. | ||||
| CVE-2023-24726 | 1 Phpgurukul | 1 Art Gallery Management System | 2024-11-21 | 9.8 Critical |
| Art Gallery Management System v1.0 was discovered to contain a SQL injection vulnerability via the viewid parameter on the enquiry page. | ||||
| CVE-2023-24000 | 1 Gamipress | 1 Gamipress | 2024-11-21 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in GamiPress gamipress allows SQL Injection.This issue affects GamiPress: from n/a through 2.5.7. | ||||
| CVE-2023-23991 | 2024-11-21 | 7.6 High | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPdevelop / Oplugins Booking Calendar allows SQL Injection.This issue affects Booking Calendar: from n/a through 9.4.3. | ||||
| CVE-2023-23758 | 1 Creative-solutions | 1 Creative Gallery | 2024-11-21 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability allows SQL Injection. | ||||
| CVE-2023-23757 | 1 Bestaddon | 1 Bestaddon Gallery | 2024-11-21 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability allows SQL Injection. | ||||
| CVE-2023-23737 | 1 Managewp | 1 Broken Link Checker | 2024-11-21 | 9.3 Critical |
| Unauth. SQL Injection (SQLi) vulnerability in MainWP MainWP Broken Links Checker Extension plugin <= 4.0 versions. | ||||
| CVE-2023-23660 | 1 Mainwp | 1 Mainwp Maintenance Extension | 2024-11-21 | 8.5 High |
| Auth. (subscriber+) SQL Injection (SQLi) vulnerability in MainWP MainWP Maintenance Extension plugin <= 4.1.1 versions. | ||||
| CVE-2023-23651 | 1 Mainwp | 1 Mainwp Google Analytics Extension | 2024-11-21 | 8.5 High |
| Auth. (subscriber+) SQL Injection (SQLi) vulnerability in MainWP Google Analytics Extension plugin <= 4.0.4 versions. | ||||
| CVE-2023-23634 | 1 Documize | 1 Documize | 2024-11-21 | 9.8 Critical |
| SQL Injection vulnerability in Documize version 5.4.2, allows remote attackers to execute arbitrary code via the user parameter of the /api/dashboard/activity endpoint. | ||||
| CVE-2023-23563 | 1 Geomatika | 1 Isigeo Web | 2024-11-21 | 6.5 Medium |
| An issue was discovered in Geomatika IsiGeo Web 6.0. It allows remote authenticated users to obtain sensitive database content via SQL Injection. | ||||
| CVE-2023-23162 | 1 Phpgurukul | 1 Art Gallery Management System | 2024-11-21 | 9.8 Critical |
| Art Gallery Management System Project v1.0 was discovered to contain a SQL injection vulnerability via the cid parameter at product.php. | ||||
| CVE-2023-23156 | 1 Phpgurukul | 1 Art Gallery Management System | 2024-11-21 | 9.8 Critical |
| Art Gallery Management System Project in PHP 1.0 was discovered to contain a SQL injection vulnerability via the pid parameter in the single-product page. | ||||
| CVE-2023-23155 | 1 Phpgurukul | 1 Art Gallery Management System | 2024-11-21 | 9.8 Critical |
| Art Gallery Management System Project in PHP 1.0 was discovered to contain a SQL injection vulnerability via the username parameter in the Admin Login. | ||||
| CVE-2023-22794 | 2 Activerecord Project, Redhat | 2 Activerecord, Satellite | 2024-11-21 | 8.8 High |
| A vulnerability in ActiveRecord <6.0.6.1, v6.1.7.1 and v7.0.4.1 related to the sanitization of comments. If malicious user input is passed to either the `annotate` query method, the `optimizer_hints` query method, or through the QueryLogs interface which automatically adds annotations, it may be sent to the database withinsufficient sanitization and be able to inject SQL outside of the comment. | ||||
| CVE-2023-22378 | 1 Nozominetworks | 2 Cmc, Guardian | 2024-11-21 | 8.8 High |
| A blind SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in the sorting parameter, allows an authenticated attacker to execute arbitrary SQL statements on the DBMS used by the web application. Authenticated users may be able to extract arbitrary information from the DBMS in an uncontrolled way, alter its structure and data, and/or affect its availability. | ||||