Total
11922 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-49334 | 2024-07-03 | N/A | 8.3 HIGH | ||
| Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection while exporting a full summary report. | |||||
| CVE-2023-49333 | 2024-07-03 | N/A | 8.3 HIGH | ||
| Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection in the dashboard graph feature. | |||||
| CVE-2023-49332 | 2024-07-03 | N/A | 8.3 HIGH | ||
| Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection while adding file shares. | |||||
| CVE-2023-49331 | 2024-07-03 | N/A | 8.3 HIGH | ||
| Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection in the aggregate reports search option. | |||||
| CVE-2023-49330 | 2024-07-03 | N/A | 8.3 HIGH | ||
| Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection while getting aggregate report data. | |||||
| CVE-2023-48793 | 1 Zohocorp | 1 Manageengine Adaudit Plus | 2024-07-03 | N/A | 9.8 CRITICAL |
| Zoho ManageEngine ADAudit Plus through 7250 allows SQL Injection in the aggregate report feature. | |||||
| CVE-2023-48792 | 1 Zohocorp | 1 Manageengine Adaudit Plus | 2024-07-03 | N/A | 9.8 CRITICAL |
| Zoho ManageEngine ADAudit Plus through 7250 is vulnerable to SQL Injection in the report export option. | |||||
| CVE-2023-46807 | 2024-07-03 | N/A | 6.7 MEDIUM | ||
| An SQL Injection vulnerability in web component of EPMM before 12.1.0.0 allows an authenticated user with appropriate privilege to access or modify data in the underlying database. | |||||
| CVE-2023-46806 | 2024-07-03 | N/A | 6.7 MEDIUM | ||
| An SQL Injection vulnerability in a web component of EPMM versions before 12.1.0.0 allows an authenticated user with appropriate privilege to access or modify data in the underlying database. | |||||
| CVE-2023-39852 | 1 Doctor Appointment System Project | 1 Doctor Appointment System | 2024-07-03 | N/A | 9.8 CRITICAL |
| Doctormms v1.0 was discovered to contain a SQL injection vulnerability via the $userid parameter at myAppoinment.php. NOTE: this is disputed by a third party who claims that the userid is a session variable controlled by the server, and thus cannot be used for exploitation. The original reporter counterclaims that this originates from $_SESSION["userid"]=$_POST["userid"] at line 68 in doctors\doctorlogin.php, where userid under POST is not a session variable controlled by the server. | |||||
| CVE-2023-34362 | 1 Progress | 2 Moveit Cloud, Moveit Transfer | 2024-07-03 | N/A | 9.8 CRITICAL |
| In Progress MOVEit Transfer before 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5 (14.1.5), and 2023.0.1 (15.0.1), a SQL injection vulnerability has been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain access to MOVEit Transfer's database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database, and execute SQL statements that alter or delete database elements. NOTE: this is exploited in the wild in May and June 2023; exploitation of unpatched systems can occur via HTTP or HTTPS. All versions (e.g., 2020.0 and 2019x) before the five explicitly mentioned versions are affected, including older unsupported versions. | |||||
| CVE-2023-28329 | 1 Moodle | 1 Moodle | 2024-07-03 | N/A | 8.8 HIGH |
| Insufficient validation of profile field availability condition resulted in an SQL injection risk (by default only available to teachers and managers). | |||||
| CVE-2022-46966 | 1 Revenue Collection System Project | 1 Revenue Collection System | 2024-07-03 | N/A | 9.8 CRITICAL |
| Revenue Collection System v1.0 was discovered to contain a SQL injection vulnerability at step1.php. | |||||
| CVE-2022-43279 | 1 Limesurvey | 1 Limesurvey | 2024-07-03 | N/A | 7.2 HIGH |
| LimeSurvey before v5.0.4 was discovered to contain a SQL injection vulnerability via the component /application/views/themeOptions/update.php. | |||||
| CVE-2022-40826 | 1 Codeigniter | 1 Codeigniter | 2024-07-03 | N/A | 9.8 CRITICAL |
| B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php or_having() function. Note: Multiple third parties have disputed this as not a valid vulnerability. | |||||
| CVE-2022-40824 | 1 Codeigniter | 1 Codeigniter | 2024-07-03 | N/A | 9.8 CRITICAL |
| B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php or_where() function. Note: Multiple third parties have disputed this as not a valid vulnerability. | |||||
| CVE-2017-17919 | 1 Rubyonrails | 1 Ruby On Rails | 2024-07-03 | 6.8 MEDIUM | 8.1 HIGH |
| SQL injection vulnerability in the 'order' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'id desc' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted input | |||||
| CVE-2022-25517 | 1 Baomidou | 1 Mybatis-plus | 2024-07-02 | 7.5 HIGH | 9.8 CRITICAL |
| MyBatis plus v3.4.3 was discovered to contain a SQL injection vulnerability via the Column parameter in /core/conditions/AbstractWrapper.java. NOTE: the vendor's position is that the reported execution of a SQL statement was intended behavior. | |||||
| CVE-2024-6440 | 1 Home Owners Collection Management System Project | 1 Home Owners Collection Management System | 2024-07-02 | 6.5 MEDIUM | 9.8 CRITICAL |
| A vulnerability was found in SourceCodester Home Owners Collection Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /classes/Master.php?f=delete_category. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-270168. | |||||
| CVE-2024-6438 | 1 Hitout | 1 Carsale | 2024-07-02 | 6.5 MEDIUM | 6.5 MEDIUM |
| A vulnerability has been found in Hitout Carsale 1.0 and classified as critical. This vulnerability affects unknown code of the file OrderController.java. The manipulation of the argument orderBy leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-270166 is the identifier assigned to this vulnerability. | |||||