Security
Headlines
HeadlinesLatestCVEs

Tag

#sql

CVE-2023-5918

A vulnerability, which was classified as critical, was found in SourceCodester Visitor Management System 1.0. Affected is an unknown function of the file manage_user.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-244308.

CVE
Open in Source
#sql#vulnerability#php
CVE-2023-45019: Online Bus Booking System v1.0 - Multiple Unauthenticated SQL Injections (SQLi) | Advisories | Fluid Attacks

Online Bus Booking System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'category' parameter of the category.php resource does not validate the characters received and they are sent unfiltered to the database.

CVE-2023-44025: [CVE-2023-44025] Improper neutralization of SQL parameter in Addify - Free Gifts module for PrestaShop

SQL injection vulnerability in addify Addifyfreegifts v.1.0.2 and before allows a remote attacker to execute arbitrary code via a crafted script to the getrulebyid function in the AddifyfreegiftsModel.php component.

CVE-2023-46482: PHP/wuzhicms/WUZHI CMS v4.1.0 SQL Injection Vulnerability in Database Backup Functionality.md at main · XTo-o1/PHP

SQL injection vulnerability in wuzhicms v.4.1.0 allows a remote attacker to execute arbitrary code via the Database Backup Functionality in the coreframe/app/database/admin/index.php component.

CVE-2023-40062: SolarWinds Hybrid Cloud Observability 2023.4 Release Notes

SolarWinds Platform Incomplete List of Disallowed Inputs Remote Code Execution Vulnerability. If executed, this vulnerability would allow a low-privileged user to execute commands with SYSTEM privileges.

CVE-2023-4198: (CVE-2023-4198) Dolibarr ERP CRM (

Improper Access Control in Dolibarr ERP CRM <= v17.0.3 allows an unauthorized authenticated user to read a database table containing customer data

Alert: F5 Warns of Active Attacks Exploiting BIG-IP Vulnerability

F5 is warning of active abuse of a critical security flaw in BIG-IP less than a week after its public disclosure that could result in the execution of arbitrary system commands as part of an exploit chain. Tracked as CVE-2023-46747 (CVSS score: 9.8), the vulnerability allows an unauthenticated attacker with network access to the BIG-IP system through the management port to achieve code execution

CVE-2023-40050: Profiles

Upload profile either through API or user interface in Chef Automate prior to and including version 4.10.29 using InSpec check command with maliciously crafted profile allows remote code execution.

CVE-2023-33927: WordPress Multiple Page Generator Plugin – MPG plugin <= 3.3.19 - SQL Injection vulnerability - Patchstack

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeisle Multiple Page Generator Plugin – MPG multiple-pages-generator-by-porthas allows SQL Injection.This issue affects Multiple Page Generator Plugin – MPG: from n/a through 3.3.19.

CVE-2023-35879: WordPress WooCommerce Product Vendors plugin <= 2.1.78 - Shop Manager+ SQL Injection vulnerability - Patchstack

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WooCommerce Product Vendors allows SQL Injection.This issue affects Product Vendors: from n/a through 2.1.78.