Security
Headlines
HeadlinesLatestCVEs

Tag

#sql

CVE-2023-47445: PHPGrukul-Pre-School-Enrollment-System-v1.0/CVE-2023-47445 PHPGurukul-Pre-School-Enrollment-System-v1.0 SQL Injection.md at main · termanix/PHPGrukul-Pre-School-Enrollment-System-v1.0

Pre-School Enrollment version 1.0 is vulnerable to SQL Injection via the username parameter in preschool/admin/ page.

CVE
Open in Source
#sql#vulnerability#git#php
CVE-2023-40923: [CVE-2023-40923] Improper neutralization of an SQL parameter in MyPrestaModules - Orders (CSV, Excel) Export PRO module for PrestaShop

MyPrestaModules ordersexport before v5.0 was discovered to contain multiple SQL injection vulnerabilities at send.php via the key and save_setting parameters.

CVE-2023-47309: [CVE-2023-47309] Improper Neutralization of Input During Web Page Generation in Nukium - NKM GLS module for PrestaShop

Nukium nkmgls before version 3.0.2 is vulnerable to Cross Site Scripting (XSS) via NkmGlsCheckoutModuleFrontController::displayAjaxSavePhoneMobile.

CVE-2023-43979: [CVE-2023-43979] Improper neutralization of SQL parameter in PrestaHero (ETS Soft) - BLOG - Drive High Traffic & Boost SEO module for PrestaShop

ETS Soft ybc_blog before v4.4.0 was discovered to contain a SQL injection vulnerability via the component Ybc_blogBlogModuleFrontController::getPosts().

CVE-2023-47308: security-advisories/_posts/2023-11-09-newsletterpop.md at main · friends-of-presta/security-advisories

In the module "Newsletter Popup PRO with Voucher/Coupon code" (newsletterpop) before version 2.6.1 from Active Design for PrestaShop, a guest can perform SQL injection in affected versions. The method `NewsletterpopsendVerificationModuleFrontController::checkEmailSubscription()` has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection.

CVE-2023-46581: Code-Projects-Inventory-Management-1.0/CVE-2023-46581-Code-Projects-Inventory-Management-1.0-SQL-Injection-Vulnerability.md at main · ersinerenler/Code-Projects-Inventory-Management-1.0

SQL injection vulnerability in Inventory Management v.1.0 allows a local attacker to execute arbitrary code via the name, uname and email parameters in the registration.php component.

CVE-2023-46025: phpgurukul-Teacher-Subject-Allocation-Management-System-1.0/CVE-2023-46025-phpgurukul-Teacher-Subject-Allocation-Management-System-1.0-SQL-Injection-Vulnerability.md at main · ersinerenler/phpgurukul-

SQL Injection vulnerability in teacher-info.php in phpgurukul Teacher Subject Allocation Management System 1.0 allows attackers to obtain sensitive information via the 'editid' parameter.

CVE-2023-46582: Code-Projects-Inventory-Management-1.0/CVE-2023-46582-Code-Projects-Inventory-Management-1.0-SQL-Injection-Vulnerability.md at main · ersinerenler/Code-Projects-Inventory-Management-1.0

SQL injection vulnerability in Inventory Management v.1.0 allows a local attacker to execute arbitrary SQL commands via the id paramter in the deleteProduct.php component.

CVE-2023-46024: PHPGurukul-Teacher-Subject-Allocation-Management-System-1.0/CVE-2023-46024-phpgurukul-Teacher-Subject-Allocation-Management-System-1.0-SQL-Injection-Vulnerability.md at main · ersinerenler/PHPGurukul-

SQL Injection vulnerability in index.php in phpgurukul Teacher Subject Allocation Management System 1.0 allows attackers to run arbitrary SQL commands and obtain sensitive information via the 'searchdata' parameter.

CVE-2023-46023: Code-Projects-Simple-Task-List-1.0/CVE-2023-46023-Code-Projects-Simple-Task-List-1.0-SQL-Injection-Vulnerability.md at main · ersinerenler/Code-Projects-Simple-Task-List-1.0

SQL injection vulnerability in addTask.php in Code-Projects Simple Task List 1.0 allows attackers to obtain sensitive information via the 'status' parameter.