Export limit exceeded: 18206 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (18206 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-34581 | 1 Oretnom23 | 1 Service Provider Management System | 2025-01-03 | 9.8 Critical |
| Sourcecodester Service Provider Management System v1.0 is vulnerable to SQL Injection via the ID parameter in /php-spms/?page=services/view&id=2 | ||||
| CVE-2023-35036 | 1 Progress | 1 Moveit Transfer | 2025-01-03 | 9.1 Critical |
| In Progress MOVEit Transfer before 2021.0.7 (13.0.7), 2021.1.5 (13.1.5), 2022.0.5 (14.0.5), 2022.1.6 (14.1.6), and 2023.0.2 (15.0.2), SQL injection vulnerabilities have been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to MOVEit Transfer's database. An attacker could submit a crafted payload to a MOVEit Transfer application endpoint that could result in modification and disclosure of MOVEit database content. | ||||
| CVE-2023-34249 | 1 Pybb Project | 1 Pybb | 2025-01-03 | 9.8 Critical |
| benjjvi/PyBB is an open source bulletin board. Prior to commit dcaeccd37198ecd3e41ea766d1099354b60d69c2, benjjvi/PyBB is vulnerable to SQL Injection. This vulnerability has been fixed as of commit dcaeccd37198ecd3e41ea766d1099354b60d69c2. As a workaround, a user may be able to update the software manually to avoid this problem by sanitizing user queries to `BulletinDatabaseModule.py`. | ||||
| CVE-2024-12832 | 1 Arista | 1 Ng Firewall | 2025-01-03 | 6.3 Medium |
| Arista NG Firewall ReportEntry SQL Injection Arbitrary File Read and Write Vulnerability. This vulnerability allows remote attackers to create arbitrary files and disclose sensitive information on affected installations of Arista NG Firewall. Authentication is required to exploit this vulnerability. The specific flaw exists within the ReportEntry class. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the www-data user. Was ZDI-CAN-24325. | ||||
| CVE-2023-34756 | 2 Apple, Bloofox | 2 Macos, Bloofoxcms | 2025-01-03 | 9.8 Critical |
| bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the cid parameter at admin/index.php?mode=settings&page=charset&action=edit. | ||||
| CVE-2023-34755 | 2 Apple, Bloofox | 2 Macos, Bloofoxcms | 2025-01-03 | 9.8 Critical |
| bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the userid parameter at admin/index.php?mode=user&action=edit. | ||||
| CVE-2023-3047 | 1 Tmtmakine | 2 Lockcell, Lockcell Firmware | 2025-01-03 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TMT Lockcell allows SQL Injection.This issue affects Lockcell: before 15. | ||||
| CVE-2023-33817 | 1 Digitaldruid | 1 Hoteldruid | 2025-01-03 | 8.8 High |
| hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability. | ||||
| CVE-2023-32115 | 1 Sap | 1 Master Data Synchronization | 2025-01-03 | 4.2 Medium |
| An attacker can exploit MDS COMPARE TOOL and use specially crafted inputs to read and modify database commands, resulting in the retrieval of additional information persisted by the system. | ||||
| CVE-2024-32480 | 1 Librenms | 1 Librenms | 2025-01-02 | 7.2 High |
| LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Versions prior to 24.4.0 are vulnerable to SQL injection. The `order` parameter is obtained from `$request`. After performing a string check, the value is directly incorporated into an SQL statement and concatenated, resulting in a SQL injection vulnerability. An attacker may extract a whole database this way. Version 24.4.0 fixes the issue. | ||||
| CVE-2024-32461 | 1 Librenms | 1 Librenms | 2025-01-02 | 7.1 High |
| LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A SQL injection vulnerability in POST /search/search=packages in LibreNMS prior to version 24.4.0 allows a user with global read privileges to execute SQL commands via the package parameter. With this vulnerability, an attacker can exploit a SQL injection time based vulnerability to extract all data from the database, such as administrator credentials. Version 24.4.0 contains a patch for the vulnerability. | ||||
| CVE-2023-35064 | 1 Satos | 1 Satos Mobile | 2025-01-02 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Satos Satos Mobile allows SQL Injection through SOAP Parameter Tampering.This issue affects Satos Mobile: before 20230607. | ||||
| CVE-2024-2073 | 1 Oretnom23 | 1 Block Inserter For Dynamic Content | 2025-01-02 | 6.3 Medium |
| A vulnerability has been found in SourceCodester Block Inserter for Dynamic Content 1.0 and classified as critical. This vulnerability affects unknown code of the file view_post.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-255388. | ||||
| CVE-2023-34754 | 2 Apple, Bloofox | 2 Macos, Bloofoxcms | 2025-01-02 | 9.8 Critical |
| bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the pid parameter at admin/index.php?mode=settings&page=plugins&action=edit. | ||||
| CVE-2023-34753 | 2 Apple, Bloofox | 2 Macos, Bloofoxcms | 2025-01-02 | 9.8 Critical |
| bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the tid parameter at admin/index.php?mode=settings&page=tmpl&action=edit. | ||||
| CVE-2023-34752 | 2 Apple, Bloofox | 2 Macos, Bloofoxcms | 2025-01-02 | 9.8 Critical |
| bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the lid parameter at admin/index.php?mode=settings&page=lang&action=edit. | ||||
| CVE-2023-34751 | 2 Apple, Bloofox | 2 Macos, Bloofoxcms | 2025-01-02 | 9.8 Critical |
| bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the gid parameter at admin/index.php?mode=user&page=groups&action=edit. | ||||
| CVE-2023-34750 | 2 Apple, Bloofox | 2 Macos, Bloofoxcms | 2025-01-02 | 9.8 Critical |
| bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the cid parameter at admin/index.php?mode=settings&page=projects&action=edit. | ||||
| CVE-2024-2147 | 1 Oretnom23 | 1 Online Mobile Store Management System | 2025-01-02 | 7.3 High |
| A vulnerability was found in SourceCodester Online Mobile Management Store 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/login.php. The manipulation of the argument username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-255500. | ||||
| CVE-2024-31495 | 1 Fortinet | 1 Fortiportal | 2025-01-02 | 3.9 Low |
| A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiPortal versions 7.0.0 through 7.0.6 and version 7.2.0 allows privileged user to obtain unauthorized information via the report download functionality. | ||||