Total
18638 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-38765 | 1 Churchcrm | 1 Churchcrm | 2024-11-21 | 7.5 High |
| SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the membermonth parameter within the /QueryView.php. | ||||
| CVE-2023-38764 | 1 Churchcrm | 1 Churchcrm | 2024-11-21 | 7.5 High |
| SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the birthmonth and percls parameters within the /QueryView.php. | ||||
| CVE-2023-38763 | 1 Churchcrm | 1 Churchcrm | 2024-11-21 | 6.5 Medium |
| SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the FundRaiserID parameter within the /FundRaiserEditor.php endpoint. | ||||
| CVE-2023-38762 | 1 Churchcrm | 1 Churchcrm | 2024-11-21 | 7.5 High |
| SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the friendmonths parameter within the /QueryView.php. | ||||
| CVE-2023-38760 | 1 Churchcrm | 1 Churchcrm | 2024-11-21 | 7.5 High |
| SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the role and gender parameters within the /QueryView.php component. | ||||
| CVE-2023-38519 | 1 Mainwp | 1 Mainwp Dashboard | 2024-11-21 | 7.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in MainWP MainWP Dashboard – WordPress Manager for Multiple Websites Maintenance.This issue affects MainWP Dashboard – WordPress Manager for Multiple Websites Maintenance: from n/a through 4.4.3.3. | ||||
| CVE-2023-38391 | 1 Themesgrove | 1 Onepage Builder | 2024-11-21 | 7.2 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themesgrove Onepage Builder allows SQL Injection.This issue affects Onepage Builder: from n/a through 2.4.1. | ||||
| CVE-2023-38382 | 1 Subscribe To Category Project | 1 Subscribe To Category | 2024-11-21 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Daniel Söderström / Sidney van de Stouwe Subscribe to Category allows SQL Injection.This issue affects Subscribe to Category: from n/a through 2.7.4. | ||||
| CVE-2023-38190 | 1 Superwebmailer | 1 Superwebmailer | 2024-11-21 | 8.8 High |
| An issue was discovered in SuperWebMailer 9.00.0.01710. It allows Export SQL Injection via the size parameter. | ||||
| CVE-2023-38044 | 1 Hikashop | 1 Hikashop | 2024-11-21 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability allows SQL Injection. | ||||
| CVE-2023-37966 | 1 Solwininfotech | 1 User Activity Log | 2024-11-21 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Solwin Infotech User Activity Log user-activity-log allows SQL Injection.This issue affects User Activity Log: from n/a through 1.6.2. | ||||
| CVE-2023-37924 | 1 Apache | 1 Submarine | 2024-11-21 | 9.8 Critical |
| Apache Software Foundation Apache Submarine has an SQL injection vulnerability when a user logs in. This issue can result in unauthorized login. Now we have fixed this issue and now user must have the correct login to access workbench. This issue affects Apache Submarine: from 0.7.0 before 0.8.0. We recommend that all submarine users with 0.7.0 upgrade to 0.8.0, which not only fixes the issue, supports the oidc authentication mode, but also removes the case of unauthenticated logins. If using the version lower than 0.8.0 and not want to upgrade, you can try cherry-pick PR https://github.com/apache/submarine/pull/1037 https://github.com/apache/submarine/pull/1054 and rebuild the submarine-server image to fix this. | ||||
| CVE-2023-37824 | 1 Sitolog | 1 Sitolog Application Connect | 2024-11-21 | 9.8 Critical |
| Sitolog sitologapplicationconnect v7.8.a and before was discovered to contain a SQL injection vulnerability via the component /activate_hook.php. | ||||
| CVE-2023-37772 | 1 Phpgurukul | 1 Online Shopping Portal | 2024-11-21 | 8.8 High |
| Online Shopping Portal Project v3.1 was discovered to contain a SQL injection vulnerability via the Email parameter at /shopping/login.php. | ||||
| CVE-2023-37771 | 1 Phpgurukul | 1 Art Gallery Management System | 2024-11-21 | 9.8 Critical |
| Art Gallery Management System v1.0 contains a SQL injection vulnerability via the cid parameter at /agms/product.php. | ||||
| CVE-2023-37687 | 1 Phpgurukul | 1 Online Nurse Hiring System | 2024-11-21 | 7.2 High |
| Online Nurse Hiring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the View Request of Nurse Page in the Admin portal. | ||||
| CVE-2023-37682 | 1 Judging Management System Project | 1 Judging Management System | 2024-11-21 | 9.8 Critical |
| Judging Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /php-jms/deductScores.php. | ||||
| CVE-2023-37647 | 1 Sem-cms | 1 Semcms | 2024-11-21 | 9.8 Critical |
| SEMCMS v1.5 was discovered to contain a SQL injection vulnerability via the id parameter at /Ant_Suxin.php. | ||||
| CVE-2023-37628 | 1 Simple Online Piggery Management System Project | 1 Simple Online Piggery Management System | 2024-11-21 | 9.8 Critical |
| Online Piggery Management System 1.0 is vulnerable to SQL Injection. | ||||
| CVE-2023-37627 | 1 Code-projects | 1 Online Restaurant Management System | 2024-11-21 | 9.8 Critical |
| Code-projects Online Restaurant Management System 1.0 is vulnerable to SQL Injection. Through SQL injection, an attacker can bypass the admin panel and view order records, add items, delete items etc. | ||||