MStore API < 3.9.8 - SQL Injection

The MStore API WordPress plugin before 3.9.8 is vulnerable to Blind SQL injection via the productid parameter. id: CVE-2023-3077 info: name: MStore API 3.9.8 - SQL Injection author: DhiyaneshDK severity: critical description: | The MStore API WordPress plugin before 3.9.8 is vulnerable to Blind S...

Gogs (Go Git Service) - SQL Injection

Multiple SQL injection vulnerabilities in Gogs aka Go Git Service 0.3.1-9 through 0.5.x before 0.5.6.1105 Beta allow remote attackers to execute arbitrary SQL commands via the q parameter to 1 api/v1/repos/search, which is not properly handled in models/repo.go, or 2 api/v1/users/search, which is...

Email Subscribers by Icegram Express <= 5.7.20 - Unauthenticated SQL Injection via Hash

Email Subscribers by Icegram Express = 5.7.20 contains an unauthenticated SQL injection vulnerability via the hash parameter. id: CVE-2024-4295 info: name: Email Subscribers by Icegram Express = 5.7.20 - Unauthenticated SQL Injection via Hash author: iamnoooob,rootxharsh,pdresearch severity:...

DedeCMS 5.7 - SQL Injection

DedeCMS through 5.7 has SQL Injection via the $FILES superglobal to plus/recommend.php. id: CVE-2017-17731 info: name: DedeCMS 5.7 - SQL Injection author: j4vaovo severity: critical description: | DedeCMS through 5.7 has SQL Injection via the $FILES superglobal to plus/recommend.php. impact: |...

Mingsoft MCMS v5.2.7 - SQL Injection

Mingsoft MCMS v5.2.7 contains an SQL injection vulnerability via /cms/content/list that allows unauthenticated attackers to execute arbitrary SQL commands on the affected database server. id: CVE-2022-26585 info: name: Mingsoft MCMS v5.2.7 - SQL Injection author: ritikchaddha severity: critical...

WordPress WP Fundraising Donation and Crowdfunding Platform <1.5.0 - SQL Injection

WordPress WP Fundraising Donation and Crowdfunding Platform plugin before 1.5.0 contains an unauthenticated SQL injection vulnerability. It does not sanitize and escape a parameter before using it in a SQL statement via a REST route. An attacker can possibly obtain sensitive information, modify...

PrestaShop PireosPay - SQL Injection

In the module “PireosPay” pireospay up to version 1.7.9 from 01generator.com for PrestaShop, a guest can perform SQL injection in affected versions. id: CVE-2023-45375 info: name: PrestaShop PireosPay - SQL Injection author: MaStErChO severity: high description: | In the module “PireosPay”...

AP Pricing Tables Lite <= 1.1.6 - SQL Injection

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high-privilege users such as admins. id: CVE-2023-0900 info: name: AP Pricing Tables Lite = 1.1.6 - SQL Injection author: r3Y3r53 severity: high description: ...

WordPress My Calendar <3.4.22 - SQL Injection

WordPress My Calendar plugin versions before 3.4.22 are vulnerable to an unauthenticated SQL injection within the 'from' and 'to' parameters of the '/my-calendar/v1/events' REST route. id: CVE-2023-6360 info: name: WordPress My Calendar 3.4.22 - SQL Injection author: xxcdd severity: critical...

Faculty Evaluation System v1.0 - SQL Injection

Sourcecodester Faculty Evaluation System v1.0 is vulnerable to SQL Injection via /eval/admin/managetask.php?id= id: CVE-2023-33439 info: name: Faculty Evaluation System v1.0 - SQL Injection author: Harsh severity: high description: | Sourcecodester Faculty Evaluation System v1.0 is vulnerable to...

Old Age Home Management System v1.0 - SQL Injection

Old Age Home Management 1.0 is vulnerable to SQL Injection via the username parameter. id: CVE-2023-33338 info: name: Old Age Home Management System v1.0 - SQL Injection author: Harsh severity: critical description: | Old Age Home Management 1.0 is vulnerable to SQL Injection via the username...

bloofoxCMS v0.5.2.1 - SQL Injection

bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the userid parameter at admin/index.php?mode=user&action=edit. id: CVE-2023-34755 info: name: bloofoxCMS v0.5.2.1 - SQL Injection author: theamanrawat severity: critical description: | bloofox v0.5.2.1 was discovered to...

bloofoxCMS v0.5.2.1 - SQL Injection

bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the tid parameter at admin/index.php?mode=settings&page=tmpl&action=edit. id: CVE-2023-34753 info: name: bloofoxCMS v0.5.2.1 - SQL Injection author: theamanrawat severity: critical description: | bloofox v0.5.2.1 was...

bloofoxCMS v0.5.2.1 - SQL Injection

bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the lid parameter at admin/index.php?mode=settings&page=lang&action=edit. id: CVE-2023-34752 info: name: bloofoxCMS v0.5.2.1 - SQL Injection author: theamanrawat severity: critical description: | bloofox v0.5.2.1 was...

PrestaShop Theme Volty CMS Blog - SQL Injection

In the module 'Theme Volty CMS Blog' tvcmsblog up to versions 4.0.1 from Theme Volty for PrestaShop, a guest can perform SQL injection in affected versions. id: CVE-2023-39650 info: name: PrestaShop Theme Volty CMS Blog - SQL Injection author: mastercho severity: critical description: | In the...

Bank Locker Management System v1.0 - SQL Injection

A vulnerability was found in PHPGurukul Bank Locker Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file index.php of the component Login. The manipulation of the argument username leads to sql injection. id: CVE-2023-0562 info:...

Jeecg-Boot v3.5.1 - SQL Injection

SQL injection vulnerability via the title parameter at /sys/dict/loadTreeData in jeecg-boot v3.5.1. id: CVE-2023-38992 info: name: Jeecg-Boot v3.5.1 - SQL Injection author: ritikchaddha severity: critical description: | SQL injection vulnerability via the title parameter at /sys/dict/loadTreeData...

Jeecg-boot 3.5.0 qurestSql - SQL Injection

A vulnerability classified as critical has been found in jeecg-boot 3.5.0. This affects an unknown part of the file jmreport/qurestSql. The manipulation of the argument apiSelectId leads to sql injection. It is possible to initiate the attack remotely. id: CVE-2023-1454 info: name: Jeecg-boot 3.5...

Slimstat Analytics < 4.9.3.3 Subscriber - SQL Injection

The Slimstat Analytics WordPress plugin before 4.9.3.3 does not prevent subscribers from rendering shortcodes that concatenates attributes directly into an SQL query. id: CVE-2023-0630 info: name: Slimstat Analytics 4.9.3.3 Subscriber - SQL Injection author: DhiyaneshDK severity: high description...

Bloofox v0.5.2.1 - SQL Injection

Bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the cid parameter at admin/index.php?mode=settings&page=charset&action=edit. id: CVE-2023-34756 info: name: Bloofox v0.5.2.1 - SQL Injection author: theamanrawat severity: critical description: | Bloofox v0.5.2.1 was...