Lucene search
K

1666 matches found

Cvelist
Cvelist
added 2024/01/04 1:53 p.m.20 views

CVE-2023-49633 Billing Software v1.0 - Multiple Unauthenticated SQL Injections (SQLi)

Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'buyeraddress' parameter of the buyerdetailsubmit.php resource does not validate the characters received and they are sent unfiltered to the database...

9.8CVSS10AI score0.00672EPSS
Exploits1References2
Cvelist
Cvelist
added 2023/12/21 11:26 p.m.28 views

CVE-2023-49689 Job Portal v1.0 - Multiple Unauthenticated SQL Injections (SQLi)

Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'JobId' parameter of the Employer/DeleteJob.php resource does not validate the characters received and they are sent unfiltered to the database...

9.8CVSS10AI score0.00671EPSS
Exploits1References2
Cvelist
Cvelist
added 2023/12/21 11:21 p.m.29 views

CVE-2023-49688 Job Portal v1.0 - Multiple Unauthenticated SQL Injections (SQLi)

Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'txtUser' parameter of the login.php resource does not validate the characters received and they are sent unfiltered to the database...

9.8CVSS10AI score0.00671EPSS
Exploits1References2
Cvelist
Cvelist
added 2023/12/21 11:6 p.m.17 views

CVE-2023-49681 Job Portal v1.0 - Multiple Unauthenticated SQL Injections (SQLi)

Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'cmbQual' parameter of the Employer/InsertWalkin.php resource does not validate the characters received and they are sent unfiltered to the database...

9.8CVSS10AI score0.00671EPSS
Exploits1References2
hivepro
hivepro
added 2023/12/19 6:27 a.m.40 views

Attacks, Vulnerabilities and Actors 11 December to 17 December 2023

For a detailed threat digest, download the pdf file here Summary HiveForce Labs has recently made several significant discoveries related to cybersecurity threats. Over the past week, we identified a total of eleven executed attacks, six instances of adversary activity, and five exploited...

7.5CVSS7.5AI score0.99979EPSS
Exploits17
The Hacker News
The Hacker News
added 2023/12/14 6:30 a.m.63 views

New Hacker Group 'GambleForce' Tageting APAC Firms Using SQL Injection Attacks

A previously unknown hacker outfit called GambleForce has been attributed to a series of SQL injection attacks against companies primarily in the Asia-Pacific APAC region since at least September 2023. "GambleForce uses a set of basic yet very effective techniques, including SQL injections and th...

5.3CVSS6AI score0.99827EPSS
Exploits43
Cvelist
Cvelist
added 2023/11/20 6:55 p.m.39 views

CVE-2023-5652 WP Hotel Booking < 2.0.8 - Unauthenticated SQLi

The WP Hotel Booking WordPress plugin before 2.0.8 does not have authorisation and CSRF checks, as well as does not escape user input before using it in a SQL statement of a function hooked to admininit, allowing unauthenticated users to perform SQL injections...

9.9AI score0.63711EPSS
Exploits2References1
NVD
NVD
added 2023/11/14 11:15 a.m.31 views

CVE-2023-46097

A vulnerability has been identified in SIMATIC PCS neo All versions V4.1. The PUD Manager of affected products does not properly neutralize user provided inputs. This could allow an authenticated adjacent attacker to execute SQL statements in the underlying database...

8CVSS0.00432EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/11/07 9:2 p.m.21 views

CVE-2023-46789 Online Matrimonial Project v1.0 - Multiple Unauthenticated SQL Injections (SQLi)

Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'filename' attribute of the 'pic1' multipart parameter of the functions.php resource does not validate the characters received and they are sent unfiltered to the database...

9.8CVSS8.2AI score0.00831EPSS
Exploits1References2
Cvelist
Cvelist
added 2023/11/07 8:57 p.m.24 views

CVE-2023-46785 Online Matrimonial Project v1.0 - Multiple Unauthenticated SQL Injections (SQLi)

Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'id' parameter of the partnerpreference.php resource does not validate the characters received and they are sent unfiltered to the database...

9.8CVSS10AI score0.00831EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2023/11/02 2:3 p.m.12 views

CVE-2023-45346 Online Food Ordering System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)

Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'role' parameter of the routers/user-router.php resource does not validate the characters received and they are sent unfiltered to the database...

9.8CVSS8.2AI score0.007EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2023/11/02 1:8 p.m.17 views

CVE-2023-45323 Online Food Ordering System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)

Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'name' parameter of the routers/add-item.php resource does not validate the characters received and they are sent unfiltered to the database...

9.8CVSS8.1AI score0.007EPSS
Exploits1References2
Cvelist
Cvelist
added 2023/10/03 11:30 a.m.42 views

CVE-2023-4103 Multiple vulnerabilities in IDM Sistemas QSige

QSige statistics are affected by a remote SQLi vulnerability. It has been identified that the web application does not correctly filter input parameters, allowing SQL injections, DoS or information disclosure. As a prerequisite, it is necessary to log into the application...

8.8CVSS8.8AI score0.00493EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/10/03 11:3 a.m.11 views

CVE-2023-4098 Multiple vulnerabilities in IDM Sistemas QSige

It has been identified that the web application does not correctly filter input parameters, allowing SQL injections, DoS or information disclosure. As a prerequisite, it is necessary to log into the application...

8.8CVSS7.1AI score0.00493EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/10/03 11:3 a.m.21 views

CVE-2023-4098 Multiple vulnerabilities in IDM Sistemas QSige

It has been identified that the web application does not correctly filter input parameters, allowing SQL injections, DoS or information disclosure. As a prerequisite, it is necessary to log into the application...

8.8CVSS8.8AI score0.00493EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/09/28 9:51 p.m.23 views

CVE-2023-44166 Online Movie Ticket Booking System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)

The 'age' parameter of the processregistration.php resource does not validate the characters received and they are sent unfiltered to the database...

9.8CVSS9.7AI score0.00805EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2023/09/28 9:51 p.m.12 views

CVE-2023-44166 Online Movie Ticket Booking System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)

The 'age' parameter of the processregistration.php resource does not validate the characters received and they are sent unfiltered to the database...

9.8CVSS6.9AI score0.00805EPSS
Exploits1References2
Cvelist
Cvelist
added 2023/09/28 9:44 p.m.14 views

CVE-2023-44164 Online Movie Ticket Booking System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)

The 'Email' parameter of the processlogin.php resource does not validate the characters received and they are sent unfiltered to the database...

9.8CVSS9.7AI score0.00805EPSS
Exploits1References2
Cvelist
Cvelist
added 2023/09/28 9:42 p.m.11 views

CVE-2023-44163 Online Movie Ticket Booking System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)

The 'search' parameter of the processsearch.php resource does not validate the characters received and they are sent unfiltered to the database...

9.8CVSS9.7AI score0.00805EPSS
Exploits1References2
Prion
Prion
added 2023/08/03 7:15 a.m.20 views

Sql injection

User provided input is not sanitized on the AXIS License Plate Verifier specific “search.cgi” allowing for SQL injections...

6.5CVSS8.7AI score0.00492EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder