CVE-2023-48685

CVE-2023-48685 affects Railway Reservation System v1.0. The vulnerability is an unauthenticated SQL Injection in the login.php resource, triggered by the unvalidated psd parameter sent to the database. The issue is confirmed across multiple sources (NVD/NVD-Centric records and third-party advisor...

PT-2023-31290 · Unknown · Job Portal

Name of the Vulnerable Software and Affected Versions: Job Portal version 1.0 Description: The issue concerns multiple Unauthenticated SQL Injection vulnerabilities. Specifically, the cmbQual parameter of the "Employer/InsertWalkin.php" resource does not validate the characters received, and they...

PT-2023-30924 · Unknown · Student Result Management System

Name of the Vulnerable Software and Affected Versions: Student Result Management System version 1.0 Description: The issue concerns multiple Unauthenticated SQL Injection vulnerabilities. The password parameter of the "login.php" resource does not validate the characters received, and they are se...

PT-2023-30921 · Unknown · Student Result Management System

Name of the Vulnerable Software and Affected Versions: Student Result Management System version 1.0 Description: The issue concerns multiple Unauthenticated SQL Injection vulnerabilities. The class name parameter of the "add students.php" resource does not validate the characters received, and th...

CVE-2023-48433 Online Voting System Project v1.0 - Multiple Unauthenticated SQL Injections (SQLi)

Online Voting System Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the loginaction.php resource does not validate the characters received and they are sent unfiltered to the database...

VulnCheck KEV: CVE-2022-1768

The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to insufficient escaping and parameterization on user supplied data passed to multiple SQL queries in the /rsvpmaker-email.php file. This makes it possible for unauthenticated attackers to steal sensitive...

VulnCheck KEV: CVE-2022-0747

The Infographic Maker WordPress plugin before 4.3.8 does not validate and escape the postid parameter before using it in a SQL statement via the qcldupvoteaction AJAX action available to unauthenticated and authenticated users, leading to an unauthenticated SQL Injection...

PT-2023-7555 · WordPress · Wordpress Calendar Plugin

Name of the Vulnerable Software and Affected Versions: My Calendar WordPress Plugin version 3.4.22 Description: The issue is related to an unauthenticated SQL injection vulnerability. This vulnerability is present in the from and to parameters in the "/my-calendar/v1/events" rest route. It allows...

CVE-2023-5652

The WP Hotel Booking WordPress plugin before 2.0.8 does not have authorisation and CSRF checks, as well as does not escape user input before using it in a SQL statement of a function hooked to admininit, allowing unauthenticated users to perform SQL injections...

VulnCheck KEV: CVE-2020-10548

rConfig 3.9.4 and previous versions has unauthenticated devices.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices...

Exploit for SQL Injection in Wpfastestcache Wp_Fastest_Cache

CVE-2023-6063 PoC Reference - Unauthenticated SQL Inject...

CVE-2023-46800

Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'id' parameter of the viewprofile.php resource does not validate the characters received and they are sent unfiltered to the database...

CVE-2023-46793

Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'day' parameter in the 'register' function of the functions.php resource does not validate the characters received and they are sent unfiltered to the database...

CVE-2023-46793

Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'day' parameter in the 'register' function of the functions.php resource does not validate the characters received and they are sent unfiltered to the database...

Sql injection

Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'id' parameter of the viewprofile.php resource does not validate the characters received and they are sent unfiltered to the database...

CVE-2023-46800 Online Matrimonial Project v1.0 - Multiple Unauthenticated SQL Injections (SQLi)

Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'id' parameter of the viewprofile.php resource does not validate the characters received and they are sent unfiltered to the database...

CVE-2023-46800 Online Matrimonial Project v1.0 - Multiple Unauthenticated SQL Injections (SQLi)

Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'id' parameter of the viewprofile.php resource does not validate the characters received and they are sent unfiltered to the database...

CVE-2023-46797

CVE-2023-46797 is rejected/not used; this CVE entry does not represent an active vulnerability.

CVE-2023-46789

Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'filename' attribute of the 'pic1' multipart parameter of the functions.php resource does not validate the characters received and they are sent unfiltered to the database...

CVE-2023-46785

Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'id' parameter of the partnerpreference.php resource does not validate the characters received and they are sent unfiltered to the database...