Total
17507 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-38912 | 1 Superstorefinder | 1 Php Script | 2024-11-21 | 9.8 Critical |
| SQL injection vulnerability in Super Store Finder PHP Script v.3.6 allows a remote attacker to execute arbitrary code via a crafted payload to the username parameter. | ||||
| CVE-2023-38905 | 1 Jeecg | 1 Jeecg Boot | 2024-11-21 | 5.5 Medium |
| SQL injection vulnerability in Jeecg-boot v.3.5.0 and before allows a local attacker to cause a denial of service via the Benchmark, PG_Sleep, DBMS_Lock.Sleep, Waitfor, DECODE, and DBMS_PIPE.RECEIVE_MESSAGE functions. | ||||
| CVE-2023-38899 | 1 Berkaygediz | 1 O Blog | 2024-11-21 | 7.8 High |
| SQL injection vulnerability in berkaygediz O_Blog v.1.0 allows a local attacker to escalate privileges via the secure_file_priv component. | ||||
| CVE-2023-38891 | 1 Vtiger | 1 Vtiger Crm | 2024-11-21 | 8.8 High |
| SQL injection vulnerability in Vtiger CRM v.7.5.0 allows a remote authenticated attacker to escalate privileges via the getQueryColumnsList function in ReportRun.php. | ||||
| CVE-2023-38870 | 1 Economizzer | 1 Economizzer | 2024-11-21 | 9.8 Critical |
| A SQL injection vulnerability exists in gugoan Economizzer commit 3730880 (April 2023) and v.0.9-beta1. The cash book has a feature to list accomplishments by category, and the 'category_id' parameter is vulnerable to SQL Injection. | ||||
| CVE-2023-38839 | 1 Kidus | 1 Minimati | 2024-11-21 | 7.5 High |
| SQL injection vulnerability in Kidus Minimati v.1.0.0 allows a remote attacker to obtain sensitive information via theID parameter in the fulldelete.php component. | ||||
| CVE-2023-38838 | 1 Kiduswb | 1 Minimati | 2024-11-21 | 7.5 High |
| SQL injection vulnerability in Kidus Minimati v.1.0.0 allows a remote attacker to obtain sensitive information via the edit.php component. | ||||
| CVE-2023-38825 | 2024-11-21 | 9.8 Critical | ||
| SQL injection vulnerability in Vanderbilt REDCap before v.13.8.0 allows a remote attacker to obtain sensitive information via the password reset mechanism in MyCapMobileApp/update.php. | ||||
| CVE-2023-38773 | 1 Churchcrm | 1 Churchcrm | 2024-11-21 | 7.5 High |
| SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the volopp1 and volopp2 parameters within the /QueryView.php. | ||||
| CVE-2023-38771 | 1 Churchcrm | 1 Churchcrm | 2024-11-21 | 7.5 High |
| SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the volopp parameter within the /QueryView.php. | ||||
| CVE-2023-38770 | 1 Churchcrm | 1 Churchcrm | 2024-11-21 | 7.5 High |
| SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the group parameter within the /QueryView.php. | ||||
| CVE-2023-38769 | 1 Churchcrm | 1 Churchcrm | 2024-11-21 | 7.5 High |
| SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the searchstring and searchwhat parameters within the /QueryView.php. | ||||
| CVE-2023-38768 | 1 Churchcrm | 1 Churchcrm | 2024-11-21 | 7.5 High |
| SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the PropertyID parameter within the /QueryView.php. | ||||
| CVE-2023-38767 | 1 Churchcrm | 1 Churchcrm | 2024-11-21 | 7.5 High |
| SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the 'value' and 'custom' parameters within the /QueryView.php. | ||||
| CVE-2023-38765 | 1 Churchcrm | 1 Churchcrm | 2024-11-21 | 7.5 High |
| SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the membermonth parameter within the /QueryView.php. | ||||
| CVE-2023-38764 | 1 Churchcrm | 1 Churchcrm | 2024-11-21 | 7.5 High |
| SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the birthmonth and percls parameters within the /QueryView.php. | ||||
| CVE-2023-38763 | 1 Churchcrm | 1 Churchcrm | 2024-11-21 | 6.5 Medium |
| SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the FundRaiserID parameter within the /FundRaiserEditor.php endpoint. | ||||
| CVE-2023-38762 | 1 Churchcrm | 1 Churchcrm | 2024-11-21 | 7.5 High |
| SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the friendmonths parameter within the /QueryView.php. | ||||
| CVE-2023-38760 | 1 Churchcrm | 1 Churchcrm | 2024-11-21 | 7.5 High |
| SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the role and gender parameters within the /QueryView.php component. | ||||
| CVE-2023-38519 | 1 Mainwp | 1 Mainwp Dashboard | 2024-11-21 | 7.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in MainWP MainWP Dashboard – WordPress Manager for Multiple Websites Maintenance.This issue affects MainWP Dashboard – WordPress Manager for Multiple Websites Maintenance: from n/a through 4.4.3.3. | ||||