Total
16419 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-38771 | 1 Churchcrm | 1 Churchcrm | 2024-11-21 | 7.5 High |
| SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the volopp parameter within the /QueryView.php. | ||||
| CVE-2023-38770 | 1 Churchcrm | 1 Churchcrm | 2024-11-21 | 7.5 High |
| SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the group parameter within the /QueryView.php. | ||||
| CVE-2023-38769 | 1 Churchcrm | 1 Churchcrm | 2024-11-21 | 7.5 High |
| SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the searchstring and searchwhat parameters within the /QueryView.php. | ||||
| CVE-2023-38768 | 1 Churchcrm | 1 Churchcrm | 2024-11-21 | 7.5 High |
| SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the PropertyID parameter within the /QueryView.php. | ||||
| CVE-2023-38767 | 1 Churchcrm | 1 Churchcrm | 2024-11-21 | 7.5 High |
| SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the 'value' and 'custom' parameters within the /QueryView.php. | ||||
| CVE-2023-38765 | 1 Churchcrm | 1 Churchcrm | 2024-11-21 | 7.5 High |
| SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the membermonth parameter within the /QueryView.php. | ||||
| CVE-2023-38764 | 1 Churchcrm | 1 Churchcrm | 2024-11-21 | 7.5 High |
| SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the birthmonth and percls parameters within the /QueryView.php. | ||||
| CVE-2023-38763 | 1 Churchcrm | 1 Churchcrm | 2024-11-21 | 6.5 Medium |
| SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the FundRaiserID parameter within the /FundRaiserEditor.php endpoint. | ||||
| CVE-2023-38762 | 1 Churchcrm | 1 Churchcrm | 2024-11-21 | 7.5 High |
| SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the friendmonths parameter within the /QueryView.php. | ||||
| CVE-2023-38760 | 1 Churchcrm | 1 Churchcrm | 2024-11-21 | 7.5 High |
| SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the role and gender parameters within the /QueryView.php component. | ||||
| CVE-2023-38519 | 1 Mainwp | 1 Mainwp Dashboard | 2024-11-21 | 7.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in MainWP MainWP Dashboard – WordPress Manager for Multiple Websites Maintenance.This issue affects MainWP Dashboard – WordPress Manager for Multiple Websites Maintenance: from n/a through 4.4.3.3. | ||||
| CVE-2023-38391 | 1 Themesgrove | 1 Onepage Builder | 2024-11-21 | 7.2 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themesgrove Onepage Builder allows SQL Injection.This issue affects Onepage Builder: from n/a through 2.4.1. | ||||
| CVE-2023-38382 | 1 Subscribe To Category Project | 1 Subscribe To Category | 2024-11-21 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Daniel Söderström / Sidney van de Stouwe Subscribe to Category allows SQL Injection.This issue affects Subscribe to Category: from n/a through 2.7.4. | ||||
| CVE-2023-38190 | 1 Superwebmailer | 1 Superwebmailer | 2024-11-21 | 8.8 High |
| An issue was discovered in SuperWebMailer 9.00.0.01710. It allows Export SQL Injection via the size parameter. | ||||
| CVE-2023-38044 | 1 Hikashop | 1 Hikashop | 2024-11-21 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability allows SQL Injection. | ||||
| CVE-2023-37966 | 1 Solwininfotech | 1 User Activity Log | 2024-11-21 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Solwin Infotech User Activity Log user-activity-log allows SQL Injection.This issue affects User Activity Log: from n/a through 1.6.2. | ||||
| CVE-2023-37924 | 1 Apache | 1 Submarine | 2024-11-21 | 9.8 Critical |
| Apache Software Foundation Apache Submarine has an SQL injection vulnerability when a user logs in. This issue can result in unauthorized login. Now we have fixed this issue and now user must have the correct login to access workbench. This issue affects Apache Submarine: from 0.7.0 before 0.8.0. We recommend that all submarine users with 0.7.0 upgrade to 0.8.0, which not only fixes the issue, supports the oidc authentication mode, but also removes the case of unauthenticated logins. If using the version lower than 0.8.0 and not want to upgrade, you can try cherry-pick PR https://github.com/apache/submarine/pull/1037 https://github.com/apache/submarine/pull/1054 and rebuild the submarine-server image to fix this. | ||||
| CVE-2023-37824 | 1 Sitolog | 1 Sitolog Application Connect | 2024-11-21 | 9.8 Critical |
| Sitolog sitologapplicationconnect v7.8.a and before was discovered to contain a SQL injection vulnerability via the component /activate_hook.php. | ||||
| CVE-2023-37772 | 1 Phpgurukul | 1 Online Shopping Portal | 2024-11-21 | 8.8 High |
| Online Shopping Portal Project v3.1 was discovered to contain a SQL injection vulnerability via the Email parameter at /shopping/login.php. | ||||
| CVE-2023-37771 | 1 Phpgurukul | 1 Art Gallery Management System | 2024-11-21 | 9.8 Critical |
| Art Gallery Management System v1.0 contains a SQL injection vulnerability via the cid parameter at /agms/product.php. | ||||