Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
database vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2023-46700
SQL injection vulnerability in LuxCal Web Calendar before 5.2.4M (MySQL version) and LuxCal Web Calendar before 5.2.4L (SQLite version) allows a remote unauthenticated malicious user to execute an arbitrary SQL command by sending a crafted request, and obtain or alter information...
Luxsoft Luxcal Web Calendar
9.8
CVSSv3
CVE-2023-46785
Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'id' parameter of the partner_preference.php resource does not validate the characters received and they are sent unfiltered to the database.
Projectworlds Online Matrimonial Project 1.0
9.8
CVSSv3
CVE-2023-42283
Blind SQL injection in api_id parameter in Tyk Gateway version 5.0.3 allows malicious user to access and dump the database via a crafted SQL query.
Tyk Tyk 5.0.3
1 Github repository
9.8
CVSSv3
CVE-2023-42284
Blind SQL injection in api_version parameter in Tyk Gateway version 5.0.3 allows malicious user to access and dump the database via a crafted SQL query.
Tyk Tyk 5.0.3
1 Github repository
9.8
CVSSv3
CVE-2023-38547
A vulnerability in Veeam ONE allows an unauthenticated user to gain information about the SQL server connection Veeam ONE uses to access its configuration database. This may lead to remote code execution on the SQL server hosting the Veeam ONE configuration database.
Veeam One 12.0.1.2591
Veeam One 12.0.0.2498
Veeam One 11.0.0.1379
Veeam One 11.0.1.1880
1 Article
9.8
CVSSv3
CVE-2023-45338
Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'id' parameter of the routers/add-ticket.php resource does not validate the characters received and they are sent unfiltered to the database.
Projectworlds Online Food Ordering Script 1.0
9.8
CVSSv3
CVE-2023-45345
Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The '*_deleted' parameter of the routers/user-router.php resource does not validate the characters received and they are sent unfiltered to the database.
Projectworlds Online Food Ordering Script 1.0
9.8
CVSSv3
CVE-2023-45346
Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The '*_role' parameter of the routers/user-router.php resource does not validate the characters received and they are sent unfiltered to the database.
Projectworlds Online Food Ordering Script 1.0
9.8
CVSSv3
CVE-2023-45347
Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The '*_verified' parameter of the routers/user-router.php resource does not validate the characters received and they are sent unfiltered to the database.
Projectworlds Online Food Ordering Script 1.0
9.8
CVSSv3
CVE-2023-45323
Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'name' parameter of the routers/add-item.php resource does not validate the characters received and they are sent unfiltered to the database.
Projectworlds Online Food Ordering System 1.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
firewall
CVE-2024-35649
stored XSS
CVE-2022-28654
CVE-2020-35153
CVE-2024-27348
CVE-2022-28652
local users
CVE-2017-3506
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »