Total
16419 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-46789 | 1 Projectworlds | 1 Online Matrimonial Project | 2024-11-21 | 9.8 Critical |
| Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'filename' attribute of the 'pic1' multipart parameter of the functions.php resource does not validate the characters received and they are sent unfiltered to the database. | ||||
| CVE-2023-46788 | 1 Projectworlds | 1 Online Matrimonial Project | 2024-11-21 | 9.8 Critical |
| Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'id' parameter in the 'uploadphoto()' function of the functions.php resource does not validate the characters received and they are sent unfiltered to the database. | ||||
| CVE-2023-46787 | 1 Projectworlds | 1 Online Matrimonial Project | 2024-11-21 | 9.8 Critical |
| Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the auth/auth.php resource does not validate the characters received and they are sent unfiltered to the database. | ||||
| CVE-2023-46785 | 1 Projectworlds | 1 Online Matrimonial Project | 2024-11-21 | 9.8 Critical |
| Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'id' parameter of the partner_preference.php resource does not validate the characters received and they are sent unfiltered to the database. | ||||
| CVE-2023-46727 | 1 Glpi-project | 1 Glpi | 2024-11-21 | 8.6 High |
| GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.11, GLPI inventory endpoint can be used to drive a SQL injection attack. Version 10.0.11 contains a patch for the issue. As a workaround, disable native inventory. | ||||
| CVE-2023-46700 | 1 Luxsoft | 1 Luxcal Web Calendar | 2024-11-21 | 9.8 Critical |
| SQL injection vulnerability in LuxCal Web Calendar prior to 5.2.4M (MySQL version) and LuxCal Web Calendar prior to 5.2.4L (SQLite version) allows a remote unauthenticated attacker to execute an arbitrary SQL command by sending a crafted request, and obtain or alter information stored in the database. | ||||
| CVE-2023-46679 | 1 Projectworlds | 1 Online Job Portal | 2024-11-21 | 9.8 Critical |
| Online Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'txt_uname_email' parameter of the index.php resource does not validate the characters received and they are sent unfiltered to the database. | ||||
| CVE-2023-46677 | 1 Projectworlds | 1 Online Job Portal | 2024-11-21 | 9.8 Critical |
| Online Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'txt_uname' parameter of the sign-up.php resource does not validate the characters received and they are sent unfiltered to the database. | ||||
| CVE-2023-46584 | 1 Phpgurukul | 1 Nipah Virus Testing Management System | 2024-11-21 | 9.8 Critical |
| SQL Injection vulnerability in PHPGurukul Nipah virus (NiV) " Testing Management System v.1.0 allows a remote attacker to escalate privileges via a crafted request to the new-user-testing.php endpoint. | ||||
| CVE-2023-46582 | 1 Code-projects | 1 Inventory Management | 2024-11-21 | 7.8 High |
| SQL injection vulnerability in Inventory Management v.1.0 allows a local attacker to execute arbitrary SQL commands via the id paramter in the deleteProduct.php component. | ||||
| CVE-2023-46581 | 1 Code-projects | 1 Inventory Management | 2024-11-21 | 5.5 Medium |
| SQL injection vulnerability in Inventory Management v.1.0 allows a local attacker to execute arbitrary code via the name, uname and email parameters in the registration.php component. | ||||
| CVE-2023-46575 | 1 Layer5 | 1 Meshery | 2024-11-21 | 9.8 Critical |
| A SQL injection vulnerability exists in Meshery prior to version v0.6.179, enabling a remote attacker to retrieve sensitive information and execute arbitrary code through the “order” parameter | ||||
| CVE-2023-46490 | 1 Cacti | 1 Cacti | 2024-11-21 | 6.5 Medium |
| SQL Injection vulnerability in Cacti v1.2.25 allows a remote attacker to obtain sensitive information via the form_actions() function in the managers.php function. | ||||
| CVE-2023-46482 | 1 Wuzhicms | 1 Wuzhicms | 2024-11-21 | 9.8 Critical |
| SQL injection vulnerability in wuzhicms v.4.1.0 allows a remote attacker to execute arbitrary code via the Database Backup Functionality in the coreframe/app/database/admin/index.php component. | ||||
| CVE-2023-46435 | 1 Oretnom23 | 1 Packers And Movers Management System | 2024-11-21 | 9.8 Critical |
| Sourcecodester Packers and Movers Management System v1.0 is vulnerable to SQL Injection via mpms/?p=services/view_service&id. | ||||
| CVE-2023-46358 | 1 Snegurka | 1 Referralbyphone | 2024-11-21 | 9.8 Critical |
| In the module "Referral and Affiliation Program" (referralbyphone) version 3.5.1 and before from Snegurka for PrestaShop, a guest can perform SQL injection. Method `ReferralByPhoneDefaultModuleFrontController::ajaxProcessCartRuleValidate` has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection. | ||||
| CVE-2023-46357 | 1 Myprestamodules | 1 Cross Selling In Modal Cart | 2024-11-21 | 9.8 Critical |
| In the module "Cross Selling in Modal Cart" (motivationsale) < 3.5.0 from MyPrestaModules for PrestaShop, a guest can perform SQL injection. The method `motivationsaleDataModel::getProductsByIds()` has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection. | ||||
| CVE-2023-46356 | 1 Blmodules | 1 Csv Feeds Pro | 2024-11-21 | 9.8 Critical |
| In the module "CSV Feeds PRO" (csvfeeds) before 2.6.1 from Bl Modules for PrestaShop, a guest can perform SQL injection. The method `SearchApiCsv::getProducts()` has sensitive SQL call that can be executed with a trivial http call and exploited to forge a SQL injection. | ||||
| CVE-2023-46348 | 1 Sunnytoo | 1 Sturls | 2024-11-21 | 9.8 Critical |
| SQL njection vulnerability in SunnyToo sturls before version 1.1.13, allows attackers to escalate privileges and obtain sensitive information via StUrls::hookActionDispatcher and StUrls::getInstanceId methods. | ||||
| CVE-2023-46347 | 1 Ndkdesign | 1 Ndk Steppingpack | 2024-11-21 | 9.8 Critical |
| In the module "Step by Step products Pack" (ndk_steppingpack) version 1.5.6 and before from NDK Design for PrestaShop, a guest can perform SQL injection. The method `NdkSpack::getPacks()` has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection. | ||||