U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): SQL injection
There are 13,208 matching records.
Displaying matches 881 through 900.
Vuln ID Summary CVSS Severity
CVE-2023-46581

SQL injection vulnerability in Inventory Management v.1.0 allows a local attacker to execute arbitrary code via the name, uname and email parameters in the registration.php component.

Published: November 14, 2023; 5:15:30 PM -0500
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2023-46025

SQL Injection vulnerability in teacher-info.php in phpgurukul Teacher Subject Allocation Management System 1.0 allows attackers to obtain sensitive information via the 'editid' parameter.

Published: November 14, 2023; 5:15:30 PM -0500
V3.1: 4.9 MEDIUM
V2.0:(not available)
CVE-2023-46024

SQL Injection vulnerability in index.php in phpgurukul Teacher Subject Allocation Management System 1.0 allows attackers to run arbitrary SQL commands and obtain sensitive information via the 'searchdata' parameter.

Published: November 14, 2023; 5:15:30 PM -0500
V3.1: 7.5 HIGH
V2.0:(not available)
CVE-2023-46023

SQL injection vulnerability in addTask.php in Code-Projects Simple Task List 1.0 allows attackers to obtain sensitive information via the 'status' parameter.

Published: November 14, 2023; 5:15:30 PM -0500
V3.1: 6.5 MEDIUM
V2.0:(not available)
CVE-2023-46022

SQL Injection vulnerability in delete.php in Code-Projects Blood Bank 1.0 allows attackers to run arbitrary SQL commands via the 'bid' parameter.

Published: November 14, 2023; 5:15:30 PM -0500
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2023-34991

A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 and 8.4.0 through 8.4.2 and 8.3.0 through 8.3.2 and 8.2.2 allows attacker to execute unauthorized code or commands via a crafted http request.

Published: November 14, 2023; 1:15:30 PM -0500
V3.1: 9.8 CRITICAL
V2.0:(not available)
CVE-2023-45684

Northern.tech CFEngine Enterprise before 3.21.3 allows SQL Injection. The fixed versions are 3.18.6 and 3.21.3. The earliest affected version is 3.6.0. The issue is in the Mission Portal login page in the CFEngine hub.

Published: November 14, 2023; 10:15:07 AM -0500
V3.1: 7.5 HIGH
V2.0:(not available)
CVE-2023-47609

SQL injection vulnerability in OSS Calendar versions prior to v.2.0.3 allows a remote authenticated attacker to execute arbitrary code or obtain and/or alter the information stored in the database by sending a specially crafted request.

Published: November 14, 2023; 1:15:29 AM -0500
V3.1: 8.8 HIGH
V2.0:(not available)
CVE-2023-46021

SQL Injection vulnerability in cancel.php in Code-Projects Blood Bank 1.0 allows attackers to run arbitrary commands via the 'reqid' parameter.

Published: November 13, 2023; 6:15:07 PM -0500
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2023-46018

SQL injection vulnerability in receiverReg.php in Code-Projects Blood Bank 1.0 \allows attackers to run arbitrary SQL commands via 'remail' parameter.

Published: November 13, 2023; 5:15:07 PM -0500
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2023-46017

SQL Injection vulnerability in receiverLogin.php in Code-Projects Blood Bank 1.0 allows attackers to run arbitrary SQL commands via 'remail' and 'rpassword' parameters.

Published: November 13, 2023; 5:15:07 PM -0500
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2023-46014

SQL Injection vulnerability in hospitalLogin.php in Code-Projects Blood Bank 1.0 allows attackers to run arbitrary SQL commands via 'hemail' and 'hpassword' parameters.

Published: November 13, 2023; 5:15:07 PM -0500
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2023-6097

A SQL injection vulnerability has been found in ICS Business Manager, affecting version 7.06.0028.7089. This vulnerability could allow a remote user to send a specially crafted SQL query and retrieve all the information stored in the database. The data could also be modified or deleted, causing the application to malfunction.

Published: November 13, 2023; 8:15:08 AM -0500
V3.1: 8.8 HIGH
V2.0:(not available)
CVE-2023-6084

A vulnerability was found in Tongda OA 2017 up to 11.9 and classified as critical. Affected by this issue is some unknown functionality of the file general/vehicle/checkup/delete.php. The manipulation of the argument VU_ID leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. VDB-244994 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Published: November 12, 2023; 6:15:07 AM -0500
V3.1: 9.8 CRITICAL
V2.0:(not available)
CVE-2023-47128

Piccolo is an object-relational mapping and query builder which supports asyncio. Prior to version 1.1.1, the handling of named transaction `savepoints` in all database implementations is vulnerable to SQL Injection via f-strings. While the likelihood of an end developer exposing a `savepoints` `name` parameter to a user is highly unlikely, it would not be unheard of. If a malicious user was able to abuse this functionality they would have essentially direct access to the database and the ability to modify data to the level of permissions associated with the database user. A non exhaustive list of actions possible based on database permissions is: Read all data stored in the database, including usernames and password hashes; insert arbitrary data into the database, including modifying existing records; and gain a shell on the underlying server. Version 1.1.1 fixes this issue.

Published: November 10, 2023; 1:15:09 PM -0500
V3.1: 9.1 CRITICAL
V2.0:(not available)
CVE-2023-41285

A SQL injection vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: QuMagie 2.1.4 and later

Published: November 10, 2023; 11:15:32 AM -0500
V3.1: 8.8 HIGH
V2.0:(not available)
CVE-2023-41284

A SQL injection vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: QuMagie 2.1.4 and later

Published: November 10, 2023; 11:15:32 AM -0500
V3.1: 8.8 HIGH
V2.0:(not available)
CVE-2023-6074

A vulnerability was found in PHPGurukul Restaurant Table Booking System 1.0. It has been rated as critical. This issue affects some unknown processing of the file check-status.php of the component Booking Reservation Handler. The manipulation leads to sql injection. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-244943.

Published: November 10, 2023; 10:15:09 AM -0500
V3.1: 9.8 CRITICAL
V2.0:(not available)
CVE-2023-39796

SQL injection vulnerability in the miniform module in WBCE CMS v.1.6.0 allows remote unauthenticated attacker to execute arbitrary code via the DB_RECORD_TABLE parameter.

Published: November 10, 2023; 1:15:30 AM -0500
V3.1: 9.8 CRITICAL
V2.0:(not available)
CVE-2023-6054

A vulnerability, which was classified as critical, was found in Tongda OA 2017 up to 11.9. This affects an unknown part of the file general/wiki/cp/manage/lock.php. The manipulation of the argument TERM_ID_STR leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-244875. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Published: November 09, 2023; 2:15:08 PM -0500
V3.1: 9.8 CRITICAL
V2.0:(not available)