CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2025/05/23 6:28 a.m.•6 views

CVE-2024-4890

A blind SQL injection vulnerability exists in the berriai/litellm application, specifically within the '/team/update' process. The vulnerability arises due to the improper handling of the 'userid' parameter in the raw SQL query used for deleting users. An attacker can exploit this vulnerability b...

4.9CVSS5.5AI score0.0056EPSS

RedhatCVE•added 2025/05/23 5:32 a.m.•3 views

CVE-2023-22378

A blind SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in the sorting parameter, allows an authenticated attacker to execute arbitrary SQL statements on the DBMS used by the web application. Authenticated users may be able to extract arbitrary...

8.8CVSS8AI score0.00508EPSS

RedhatCVE•added 2025/05/23 5:9 a.m.•7 views

CVE-2023-50030

In the module "Jms Setting" jmssetting from Joommasters for PrestaShop, a guest can perform SQL injection in versions = 1.1.0. The method JmsSetting::getSecondImgs has a sensitive SQL call that can be executed with a trivial http call and exploited to forge a blind SQL injection...

9.8CVSS7.8AI score0.00666EPSS

RedhatCVE•added 2025/05/23 3:52 a.m.•3 views

CVE-2023-33279

In the Store Commander scfixmyprestashop module through 2023-05-09 for PrestaShop, sensitive SQL calls can be executed with a trivial HTTP request and exploited to forge a blind SQL injection...

9.8CVSS7.4AI score0.00602EPSS

RedhatCVE•added 2025/05/23 3:47 a.m.•6 views

CVE-2023-3197

The MStore API plugin for WordPress is vulnerable to Unauthenticated Blind SQL Injection via the 'id' parameter in versions up to, and including, 4.0.1 due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existing SQL query. This makes it possible...

9.8CVSS7.5AI score0.03499EPSS

RedhatCVE•added 2025/05/23 3:38 a.m.•4 views

CVE-2023-28883

In Cerebrate 1.13, a blind SQL injection exists in the searchAll API endpoint...

9.8CVSS7.9AI score0.00701EPSS

RedhatCVE•added 2025/05/23 3:17 a.m.•3 views

CVE-2023-23315

The PrestaShop e-commerce platform module stripejs contains a Blind SQL injection vulnerability up to version 4.5.5. The method stripejsValidationModuleFrontController::initContent has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection...

9.8CVSS8AI score0.0085EPSS

RedhatCVE•added 2025/05/23 2:56 a.m.•7 views

CVE-2023-0765

The Gallery by BestWebSoft WordPress plugin before 4.7.0 does not properly escape values used in SQL queries, leading to an Blind SQL Injection vulnerability. The attacker must have at least the privileges of an Author, and the vendor's Slider plugin https://wordpress.org/plugins/slider-bws/ must...

8.8CVSS9.1AI score0.00873EPSS

Exploits2References1

RedhatCVE•added 2025/05/23 2:15 a.m.•6 views

CVE-2023-3416

The tagDiv Opt-In Builder plugin is vulnerable to Blind SQL Injection via the 'subscriptionCouponId' parameter via the 'createstripesubscription' REST API endpoint in versions up to, and including, 1.4.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparatio...

7.2CVSS7.3AI score0.00561EPSS

RedhatCVE•added 2025/05/23 2:9 a.m.•6 views

CVE-2023-42283

Blind SQL injection in apiid parameter in Tyk Gateway version 5.0.3 allows attacker to access and dump the database via a crafted SQL query...

9.8CVSS7.8AI score0.01257EPSS

Exploits2References1

RedhatCVE•added 2025/05/23 2:9 a.m.•8 views

CVE-2023-42284

Blind SQL injection in apiversion parameter in Tyk Gateway version 5.0.3 allows attacker to access and dump the database via a crafted SQL query...

9.8CVSS7.8AI score0.01247EPSS

Exploits2References1

RedhatCVE•added 2025/05/23 2:6 a.m.•6 views

CVE-2023-6921

Blind SQL Injection vulnerability in PrestaShow Google Integrator PrestaShop addon allows for data extraction and modification. This attack is possible via command insertion in one of the cookies...

9.8CVSS8.3AI score0.00694EPSS

RedhatCVE•added 2025/05/23 2:3 a.m.•3 views

CVE-2023-33280

In the Store Commander scquickaccounting module for PrestaShop through 3.7.3, multiple sensitive SQL calls can be executed with a trivial HTTP request and exploited to forge a blind SQL injection...

9.8CVSS7.5AI score0.0062EPSS

RedhatCVE•added 2025/05/22 11:10 p.m.•4 views

CVE-2022-30493

In oretnom23 Automotive Shop Management System v1.0, the product id parameter suffers from a blind SQL Injection Vulnerability allowing remote attackers to dump all database credential and gain admin accessprivilege escalation...

10CVSS8.3AI score0.02069EPSS

RedhatCVE•added 2025/05/22 11:9 p.m.•3 views

CVE-2022-36201

Doctor’s Appointment System v1.0 is vulnerable to Blind SQLi via settings.php...

9.8CVSS6.8AI score0.01728EPSS

Exploits3References1

RedhatCVE•added 2025/05/22 10:47 p.m.•4 views

CVE-2022-29686

CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/singer/admin/lists/zhuan...

RedhatCVE•added 2025/05/22 10:47 p.m.•4 views

CVE-2022-29688

CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/singer/admin/singer/hy...

RedhatCVE•added 2025/05/22 10:47 p.m.•3 views

CVE-2022-29682

CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/vod/admin/topic/del...

RedhatCVE•added 2025/05/22 10:47 p.m.•5 views

CVE-2022-29684

CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/Label/jsdel...