Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
database vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2023-48434
Online Voting System Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the reg_action.php resource does not validate the characters received and they are sent unfiltered to the database.
Projectworlds Online Voting System Project 1.0
9.8
CVSSv3
CVE-2023-47118
ClickHouse® is an open-source column-oriented database management system that allows generating analytical data reports in real-time. A heap buffer overflow issue exists in ClickHouse server. An attacker could send a specially crafted payload to the native interface exposed b...
Clickhouse Clickhouse Cloud
Clickhouse Clickhouse
9.8
CVSSv3
CVE-2023-5007
Student Information System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'id' parameter of the marks.php resource does not validate the characters received and they are sent unfiltered to the database.
Kashipara Student Information System 1.0
9.8
CVSSv3
CVE-2023-5010
Student Information System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'coursecode' parameter of the marks.php resource does not validate the characters received and they are sent unfiltered to the database.
Kashipara Student Information System 1.0
9.8
CVSSv3
CVE-2023-5011
Student Information System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'coursename' parameter of the marks.php resource does not validate the characters received and they are sent unfiltered to the database.
Kashipara Student Information System 1.0
9.8
CVSSv3
CVE-2023-48384
ArmorX Global Technology Corporation ArmorX Spam has insufficient validation for user input within a special function. An unauthenticated remote attacker can exploit this vulnerability to inject arbitrary SQL commands to access, modify and delete database.
Armorxgt Spamtrap 8.15.2-2.872.088-1.90.027
9.8
CVSSv3
CVE-2023-48372
ITPison OMICARD EDM 's SMS-related function has insufficient validation for user input. An unauthenticated remote attacker can exploit this vulnerability to inject arbitrary SQL commands to access, modify and delete database.
Itpison Omicard Edm 6.0.1.5
9.8
CVSSv3
CVE-2023-47261
Dokmee ECM 7.4.6 allows remote code execution because the response to a GettingStarted/SaveSQLConnectionAsync /#/gettingstarted request contains a connection string for privileged SQL Server database access, and xp_cmdshell can be enabled.
Dokmee Enterprise Content Management 7.4.6
9.8
CVSSv3
CVE-2023-49934
An issue exists in SchedMD Slurm 23.11.x. There is SQL Injection against the SlurmDBD database. The fixed version is 23.11.1.
Schedmd Slurm 23.11
9.8
CVSSv3
CVE-2023-5008
Student Information System v1.0 is vulnerable to an unauthenticated SQL Injection vulnerability on the 'regno' parameter of index.php page, allowing an external malicious user to dump all the contents of the database contents and bypass the login control.
Imsurajghosh Student Information System 1.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4946
CVE-2024-30309
CVE-2024-4761
CVE-2024-30051
type confusion
memory leak
CVE-2024-30293
reflected XSS
CVE-2024-3126
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »