1666 matches found
CVE-2023-49633 Billing Software v1.0 - Multiple Unauthenticated SQL Injections (SQLi)
Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'buyeraddress' parameter of the buyerdetailsubmit.php resource does not validate the characters received and they are sent unfiltered to the database...
CVE-2023-49689 Job Portal v1.0 - Multiple Unauthenticated SQL Injections (SQLi)
Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'JobId' parameter of the Employer/DeleteJob.php resource does not validate the characters received and they are sent unfiltered to the database...
CVE-2023-49688 Job Portal v1.0 - Multiple Unauthenticated SQL Injections (SQLi)
Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'txtUser' parameter of the login.php resource does not validate the characters received and they are sent unfiltered to the database...
CVE-2023-49681 Job Portal v1.0 - Multiple Unauthenticated SQL Injections (SQLi)
Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'cmbQual' parameter of the Employer/InsertWalkin.php resource does not validate the characters received and they are sent unfiltered to the database...
Attacks, Vulnerabilities and Actors 11 December to 17 December 2023
For a detailed threat digest, download the pdf file here Summary HiveForce Labs has recently made several significant discoveries related to cybersecurity threats. Over the past week, we identified a total of eleven executed attacks, six instances of adversary activity, and five exploited...
New Hacker Group 'GambleForce' Tageting APAC Firms Using SQL Injection Attacks
A previously unknown hacker outfit called GambleForce has been attributed to a series of SQL injection attacks against companies primarily in the Asia-Pacific APAC region since at least September 2023. "GambleForce uses a set of basic yet very effective techniques, including SQL injections and th...
CVE-2023-5652 WP Hotel Booking < 2.0.8 - Unauthenticated SQLi
The WP Hotel Booking WordPress plugin before 2.0.8 does not have authorisation and CSRF checks, as well as does not escape user input before using it in a SQL statement of a function hooked to admininit, allowing unauthenticated users to perform SQL injections...
CVE-2023-46097
A vulnerability has been identified in SIMATIC PCS neo All versions V4.1. The PUD Manager of affected products does not properly neutralize user provided inputs. This could allow an authenticated adjacent attacker to execute SQL statements in the underlying database...
CVE-2023-46789 Online Matrimonial Project v1.0 - Multiple Unauthenticated SQL Injections (SQLi)
Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'filename' attribute of the 'pic1' multipart parameter of the functions.php resource does not validate the characters received and they are sent unfiltered to the database...
CVE-2023-46785 Online Matrimonial Project v1.0 - Multiple Unauthenticated SQL Injections (SQLi)
Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'id' parameter of the partnerpreference.php resource does not validate the characters received and they are sent unfiltered to the database...
CVE-2023-45346 Online Food Ordering System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)
Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'role' parameter of the routers/user-router.php resource does not validate the characters received and they are sent unfiltered to the database...
CVE-2023-45323 Online Food Ordering System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)
Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'name' parameter of the routers/add-item.php resource does not validate the characters received and they are sent unfiltered to the database...
CVE-2023-4103 Multiple vulnerabilities in IDM Sistemas QSige
QSige statistics are affected by a remote SQLi vulnerability. It has been identified that the web application does not correctly filter input parameters, allowing SQL injections, DoS or information disclosure. As a prerequisite, it is necessary to log into the application...
CVE-2023-4098 Multiple vulnerabilities in IDM Sistemas QSige
It has been identified that the web application does not correctly filter input parameters, allowing SQL injections, DoS or information disclosure. As a prerequisite, it is necessary to log into the application...
CVE-2023-4098 Multiple vulnerabilities in IDM Sistemas QSige
It has been identified that the web application does not correctly filter input parameters, allowing SQL injections, DoS or information disclosure. As a prerequisite, it is necessary to log into the application...
CVE-2023-44166 Online Movie Ticket Booking System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)
The 'age' parameter of the processregistration.php resource does not validate the characters received and they are sent unfiltered to the database...
CVE-2023-44166 Online Movie Ticket Booking System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)
The 'age' parameter of the processregistration.php resource does not validate the characters received and they are sent unfiltered to the database...
CVE-2023-44164 Online Movie Ticket Booking System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)
The 'Email' parameter of the processlogin.php resource does not validate the characters received and they are sent unfiltered to the database...
CVE-2023-44163 Online Movie Ticket Booking System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)
The 'search' parameter of the processsearch.php resource does not validate the characters received and they are sent unfiltered to the database...
Sql injection
User provided input is not sanitized on the AXIS License Plate Verifier specific “search.cgi” allowing for SQL injections...