Lucene search
K

9888 matches found

OSV
OSV
added 2023/11/30 2:15 p.m.4 views

CVE-2023-6410

A vulnerability has been reported in Voovi Social Networking Script that affects version 1.0 and consists of a SQL injection via editprofile.php in multiple parameters. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retriev...

7.5CVSS5.8AI score0.00831EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/11/30 12:0 a.m.5 views

Voovi SQL Injection Vulnerability

Voovi is an open source social networking script from Sourceforge. Voovi version 1.0 suffers from a SQL injection vulnerability, which stems from a SQL injection vulnerability in videos.php...

9.8CVSS8AI score0.00831EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/11/30 12:0 a.m.4 views

Voovi SQL Injection Vulnerability

Voovi is an open source social networking script from Sourceforge. Voovi 1.0 version has a SQL injection vulnerability , the vulnerability stems from editprofile.php has a SQL injection vulnerability...

9.8CVSS8.1AI score0.00831EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/11/30 12:0 a.m.4 views

Voovi SQL Injection Vulnerability

Voovi is an open source social networking script from Sourceforge. Voovi 1.0 version has a SQL injection vulnerability , the vulnerability stems from home.php has a SQL injection vulnerability...

9.8CVSS8.1AI score0.00831EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/11/30 12:0 a.m.5 views

Voovi SQL Injection Vulnerability

Voovi is an open source social networking script from Sourceforge. Voovi version 1.0 suffers from a SQL injection vulnerability, which stems from a SQL injection vulnerability in photo.php...

9.8CVSS8AI score0.00831EPSS
Exploits0References1
NCSC
NCSC
added 2023/11/28 12:0 a.m.3 views

Vulnerability fixed in Solarwinds Platform

Solarwinds has fixed a vulnerability in Solarwinds Platform. A malicious party could exploit the vulnerability to use SQL-Injection to gain access to sensitive data, or potentially execute arbitrary code with application privileges. For successful exploitation, the malicious party must be...

8.8CVSS7.5AI score0.00214EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2023/11/27 11:15 p.m.9 views

CVE-2023-48188

SQL injection vulnerability in PrestaShop opartdevis v.4.5.18 thru v.4.6.12 allows a remote attacker to execute arbitrary code via a crafted script to the getModuleTranslation function...

9.8CVSS6.3AI score0.01327EPSS
Exploits1References2
OSV
OSV
added 2023/11/27 2:15 a.m.4 views

CVE-2023-6310

A vulnerability has been found in SourceCodester Loan Management System 1.0 and classified as critical. This vulnerability affects the function deleteborrower of the file deleteBorrower.php. The manipulation of the argument borrowerid leads to sql injection. The attack can be initiated remotely...

7.2CVSS5.7AI score0.00763EPSS
Exploits1References3
VulnCheck KEV
VulnCheck KEV
added 2023/11/27 12:0 a.m.5 views

VulnCheck KEV: CVE-2023-1020

The Steveas WP Live Chat Shoutbox WordPress plugin through 1.4.2 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection...

9.8CVSS7.4AI score0.0499EPSS
Exploits2References1
CNNVD
CNNVD
added 2023/11/27 12:0 a.m.2 views

PrestaShop SQL Injection Vulnerability

PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution provides multiple payment methods, short message alerts and product image scaling. A SQL injection vulnerability exists in PrestaShop opartdevis versions v.4.5.18 through v.4.6.12, which...

9.8CVSS8.7AI score0.01327EPSS
Exploits1References1
OSV
OSV
added 2023/11/22 5:15 p.m.4 views

CVE-2023-45377

In the module "Chronopost Official" chronopost for PrestaShop, a guest can perform SQL injection. The script PHP cancelSkybill.php own a sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection...

9.8CVSS5.8AI score
Exploits0References2
OSV
OSV
added 2023/11/22 4:15 p.m.3 views

CVE-2023-5466

The Wp anything slider plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 9.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

8.8CVSS5.8AI score0.00797EPSS
Exploits0References4
PyPA
PyPA
added 2023/11/22 10:15 a.m.8 views

PYSEC-2023-244

Apache Software Foundation Apache Submarine has an SQL injection vulnerability when a user logs in. This issue can result in unauthorized login.Now we have fixed this issue and now user must have the correct login to access workbench.This issue affects Apache Submarine: from 0.7.0 before 0.8.0.We...

9.8CVSS8AI score0.07167EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2023/11/22 12:0 a.m.7 views

PT-2023-29977 · Prestashop · Motivationsale

Name of the Vulnerable Software and Affected Versions: motivationsale module for PrestaShop versions prior to 3.5.0 Description: The issue concerns a SQL injection flaw in the motivationsaleDataModel::getProductsByIds method, allowing a guest to execute sensitive SQL calls with a simple HTTP...

9.8CVSS9.8AI score0.00714EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/11/20 12:0 a.m.6 views

WordPress Plugin Article Analytics Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

9.8CVSS9.1AI score0.01012EPSS
Exploits2References3
CNNVD
CNNVD
added 2023/11/17 12:0 a.m.4 views

Adobe RoboHelp 安全漏洞

Adobe RoboHelp is a help authoring tool developed and released for Windows by the American company Audobee Adobe. Adobe RoboHelp Server suffers from a SQL injection vulnerability that stems from the application's lack of validation of externally entered SQL statements. An attacker can exploit the...

7.5CVSS8.1AI score0.01341EPSS
Exploits0References2
OSV
OSV
added 2023/11/15 6:15 a.m.5 views

CVE-2023-40923

MyPrestaModules ordersexport before v5.0 was discovered to contain multiple SQL injection vulnerabilities at send.php via the key and savesetting parameters...

8.8CVSS5.8AI score
Exploits0References1
CNNVD
CNNVD
added 2023/11/15 12:0 a.m.6 views

PHPGurukul Pre-School Enrollment Security Vulnerability

PHPGurukul Pre-School Enrollment is a web-based preschool enrollment system from PHPGurukul, Inc. A security vulnerability exists in version 1.0 of PHPGurukul Pre-School Enrollment that originates from an easy SQL injection attack via the username parameter in the preschool/admin/ page...

9.8CVSS7.9AI score0.0077EPSS
Exploits1References2
CNNVD
CNNVD
added 2023/11/15 12:0 a.m.6 views

Pimcore SQL Injection Vulnerability

Pimcore is Austria Pimcore company's set of open source for creating and managing Web applications Web content management platform. The platform integrates Web content management, e-commerce framework and product information management applications. A security vulnerability exists in Pimcore...

8.8CVSS7.6AI score0.01218EPSS
Exploits1References4
OSV
OSV
added 2023/11/14 6:15 p.m.4 views

CVE-2023-34991

A improper neutralization of special elements used in an sql command 'sql injection' in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 and 8.4.0 through 8.4.2 and 8.3.0 through 8.3.2 and 8.2.2 allows attacker to execute unauthorized code or commands via a crafted http reque...

9.8CVSS5.9AI score0.28783EPSS
Exploits0References1
Rows per page
Query Builder