Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2020-22223

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-05 Nov, 2021 | 22:46
Updated At-04 Aug, 2024 | 14:51
Rejected At-
Credits

Stivasoft (Phpjabbers) Fundraising Script v1.0 was discovered to contain a SQL injection vulnerability via the pjActionLoad function.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:05 Nov, 2021 | 22:46
Updated At:04 Aug, 2024 | 14:51
Rejected At:
▼CVE Numbering Authority (CNA)

Stivasoft (Phpjabbers) Fundraising Script v1.0 was discovered to contain a SQL injection vulnerability via the pjActionLoad function.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://pastebin.com/cZFwMb5F
x_refsource_MISC
Hyperlink: https://pastebin.com/cZFwMb5F
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://pastebin.com/cZFwMb5F
x_refsource_MISC
x_transferred
Hyperlink: https://pastebin.com/cZFwMb5F
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:05 Nov, 2021 | 23:15
Updated At:09 Nov, 2021 | 14:39

Stivasoft (Phpjabbers) Fundraising Script v1.0 was discovered to contain a SQL injection vulnerability via the pjActionLoad function.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary2.07.5HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Type: Primary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 7.5
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CPE Matches
PHPJabbers Ltd.
phpjabbers
>>fundraising_script>>1.0
cpe:2.3:a:phpjabbers:fundraising_script:1.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-89Primarynvd@nist.gov
CWE ID: CWE-89
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://pastebin.com/cZFwMb5Fcve@mitre.org
Exploit
Third Party Advisory
Hyperlink: https://pastebin.com/cZFwMb5F
Source: cve@mitre.org
Resource:
Exploit
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

9477Records found
CVE-2023-40748
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-26.46% / 96.12%
||
7 Day CHG~0.00%
Published-28 Aug, 2023 | 00:00
Updated-02 Oct, 2024 | 15:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHPJabbers Food Delivery Script 3.0 has a SQL injection (SQLi) vulnerability in the "q" parameter of index.php.

Action-Not Available
Vendor-n/aPHPJabbers Ltd.
Product-food_delivery_scriptn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-40749
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-26.46% / 96.12%
||
7 Day CHG~0.00%
Published-28 Aug, 2023 | 00:00
Updated-02 Oct, 2024 | 15:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHPJabbers Food Delivery Script v3.0 is vulnerable to SQL Injection in the "column" parameter of index.php.

Action-Not Available
Vendor-n/aPHPJabbers Ltd.
Product-food_delivery_scriptn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2014-10015
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.02% / 76.23%
||
7 Day CHG~0.00%
Published-13 Jan, 2015 | 11:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in load-calendar.php in PHPJabbers Event Booking Calendar 2.0 allows remote attackers to execute arbitrary SQL commands via the cid parameter.

Action-Not Available
Vendor-n/aPHPJabbers Ltd.
Product-event_booking_calendarn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-36311
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.07% / 20.66%
||
7 Day CHG~0.00%
Published-10 Aug, 2023 | 00:00
Updated-09 Oct, 2024 | 20:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a SQL injection (SQLi) vulnerability in the "column" parameter of index.php in PHPJabbers Document Creator v1.0.

Action-Not Available
Vendor-n/aPHPJabbers Ltd.
Product-document_creatorn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2020-22225
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.26% / 49.61%
||
7 Day CHG~0.00%
Published-05 Nov, 2021 | 22:46
Updated-04 Aug, 2024 | 14:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stivasoft (Phpjabbers) Fundraising Script v1.0 was discovered to contain a SQL injection vulnerability via the pjActionLoadForm function.

Action-Not Available
Vendor-n/aPHPJabbers Ltd.
Product-fundraising_scriptn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2020-22226
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.26% / 49.61%
||
7 Day CHG~0.00%
Published-05 Nov, 2021 | 22:46
Updated-04 Aug, 2024 | 14:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stivasoft (Phpjabbers) Fundraising Script v1.0 was discovered to contain a SQL injection vulnerability via the pjActionSetAmount function.

Action-Not Available
Vendor-n/aPHPJabbers Ltd.
Product-fundraising_scriptn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-57430
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.44% / 62.44%
||
7 Day CHG~0.00%
Published-06 Feb, 2025 | 00:00
Updated-24 Jun, 2025 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An SQL injection vulnerability in the pjActionGetUser function of PHPJabbers Cinema Booking System v2.0 allows attackers to manipulate database queries via the column parameter. Exploiting this flaw can lead to unauthorized information disclosure, privilege escalation, or database manipulation.

Action-Not Available
Vendor-n/aPHPJabbers Ltd.
Product-cinema_booking_systemn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-40760
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.10% / 28.01%
||
7 Day CHG~0.00%
Published-28 Aug, 2023 | 00:00
Updated-02 Oct, 2024 | 15:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

User enumeration is found in PHP Jabbers Hotel Booking System v4.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.

Action-Not Available
Vendor-n/aPHPJabbers Ltd.
Product-hotel_booking_systemn/a
CWE ID-CWE-209
Generation of Error Message Containing Sensitive Information
CVE-2023-40762
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.10% / 28.01%
||
7 Day CHG~0.00%
Published-28 Aug, 2023 | 00:00
Updated-02 Oct, 2024 | 15:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

User enumeration is found in PHPJabbers Fundraising Script v1.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.

Action-Not Available
Vendor-n/aPHPJabbers Ltd.
Product-fundraising_scriptn/a
CWE ID-CWE-209
Generation of Error Message Containing Sensitive Information
CVE-2023-40761
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.10% / 28.01%
||
7 Day CHG~0.00%
Published-28 Aug, 2023 | 00:00
Updated-02 Oct, 2024 | 15:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

User enumeration is found in PHPJabbers Yacht Listing Script v2.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.

Action-Not Available
Vendor-n/aPHPJabbers Ltd.
Product-yacht_listing_scriptn/a
CWE ID-CWE-209
Generation of Error Message Containing Sensitive Information
CVE-2023-40759
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.10% / 28.01%
||
7 Day CHG~0.00%
Published-28 Aug, 2023 | 00:00
Updated-02 Oct, 2024 | 15:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

User enumeration is found in PHP Jabbers Restaurant Booking Script v3.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.

Action-Not Available
Vendor-n/aPHPJabbers Ltd.
Product-restaurant_booking_scriptn/a
CWE ID-CWE-209
Generation of Error Message Containing Sensitive Information
CVE-2023-40765
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.11% / 29.45%
||
7 Day CHG~0.00%
Published-28 Aug, 2023 | 00:00
Updated-02 Oct, 2024 | 15:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

User enumeration is found in PHPJabbers Event Booking Calendar v4.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.

Action-Not Available
Vendor-n/aPHPJabbers Ltd.
Product-event_booking_calendarn/a
CWE ID-CWE-209
Generation of Error Message Containing Sensitive Information
CVE-2023-36139
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.34% / 55.82%
||
7 Day CHG~0.00%
Published-03 Aug, 2023 | 00:00
Updated-17 Oct, 2024 | 17:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In PHPJabbers Cleaning Business Software 1.0, lack of verification when changing an email address and/or password (on the Profile Page) allows remote attackers to take over accounts.

Action-Not Available
Vendor-n/aPHPJabbers Ltd.
Product-cleaning_business_softwaren/a
CWE ID-CWE-345
Insufficient Verification of Data Authenticity
CVE-2023-36140
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.06% / 18.77%
||
7 Day CHG~0.00%
Published-11 Sep, 2023 | 00:00
Updated-26 Sep, 2024 | 14:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In PHPJabbers Cleaning Business Software 1.0, there is no encryption on user passwords allowing an attacker to gain access to all user accounts.

Action-Not Available
Vendor-n/aPHPJabbers Ltd.
Product-cleaning_business_softwaren/a
CWE ID-CWE-862
Missing Authorization
CVE-2023-40767
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.11% / 29.45%
||
7 Day CHG~0.00%
Published-28 Aug, 2023 | 00:00
Updated-02 Oct, 2024 | 15:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

User enumeration is found in in PHPJabbers Make an Offer Widget v1.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.

Action-Not Available
Vendor-n/aPHPJabbers Ltd.
Product-make_an_offer_widgetn/a
CWE ID-CWE-209
Generation of Error Message Containing Sensitive Information
CVE-2023-33562
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.10% / 28.01%
||
7 Day CHG~0.00%
Published-01 Aug, 2023 | 00:00
Updated-21 Oct, 2024 | 13:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

User enumeration is found in in PHP Jabbers Time Slots Booking Calendar v3.3. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.

Action-Not Available
Vendor-n/aPHPJabbers Ltd.
Product-time_slots_booking_calendarn/a
CVE-2023-33561
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.11% / 29.45%
||
7 Day CHG~0.00%
Published-01 Aug, 2023 | 00:00
Updated-21 Oct, 2024 | 13:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation of password parameter in PHP Jabbers Time Slots Booking Calendar v 3.3 results in insecure passwords.

Action-Not Available
Vendor-n/aPHPJabbers Ltd.
Product-time_slots_booking_calendarn/a
CVE-2023-40756
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.10% / 28.01%
||
7 Day CHG~0.00%
Published-28 Aug, 2023 | 00:00
Updated-02 Oct, 2024 | 15:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

User enumeration is found in PHPJabbers Callback Widget v1.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.

Action-Not Available
Vendor-n/aPHPJabbers Ltd.
Product-callback_widgetn/a
CWE ID-CWE-203
Observable Discrepancy
CVE-2023-40763
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.31% / 53.88%
||
7 Day CHG~0.00%
Published-28 Aug, 2023 | 00:00
Updated-02 Oct, 2024 | 15:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

User enumeration is found in PHPJabbers Taxi Booking Script v2.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.

Action-Not Available
Vendor-n/aPHPJabbers Ltd.
Product-taxi_booking_scriptn/a
CWE ID-CWE-209
Generation of Error Message Containing Sensitive Information
CVE-2023-40758
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.10% / 28.01%
||
7 Day CHG~0.00%
Published-28 Aug, 2023 | 00:00
Updated-02 Oct, 2024 | 15:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

User enumeration is found in PHPJabbers Document Creator v1.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.

Action-Not Available
Vendor-n/aPHPJabbers Ltd.
Product-document_creatorn/a
CWE ID-CWE-209
Generation of Error Message Containing Sensitive Information
CVE-2023-40757
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.10% / 28.01%
||
7 Day CHG~0.00%
Published-28 Aug, 2023 | 00:00
Updated-02 Oct, 2024 | 15:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

User enumeration is found in PHPJabbers Food Delivery Script v3.1. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.

Action-Not Available
Vendor-n/aPHPJabbers Ltd.
Product-food_delivery_scriptn/a
CWE ID-CWE-209
Generation of Error Message Containing Sensitive Information
CVE-2023-40764
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.11% / 29.45%
||
7 Day CHG~0.00%
Published-28 Aug, 2023 | 00:00
Updated-02 Oct, 2024 | 15:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

User enumeration is found in PHP Jabbers Car Rental Script v3.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.

Action-Not Available
Vendor-n/aPHPJabbers Ltd.
Product-car_rental_scriptn/a
CWE ID-CWE-209
Generation of Error Message Containing Sensitive Information
CVE-2023-40766
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.11% / 29.45%
||
7 Day CHG~0.00%
Published-28 Aug, 2023 | 00:00
Updated-02 Oct, 2024 | 15:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

User enumeration is found in in PHPJabbers Ticket Support Script v3.2. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.

Action-Not Available
Vendor-n/aPHPJabbers Ltd.
Product-ticket_support_scriptn/a
CWE ID-CWE-209
Generation of Error Message Containing Sensitive Information
CVE-2023-39776
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.11% / 30.82%
||
7 Day CHG~0.00%
Published-10 Aug, 2023 | 00:00
Updated-09 Oct, 2024 | 19:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A File Upload vulnerability in PHPJabbers Ticket Support Script v3.2 allows attackers to execute arbitrary code via uploading a crafted file.

Action-Not Available
Vendor-n/aPHPJabbers Ltd.
Product-ticket_support_scriptn/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2023-36132
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.10% / 28.01%
||
7 Day CHG~0.00%
Published-03 Aug, 2023 | 00:00
Updated-17 Oct, 2024 | 18:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP Jabbers Availability Booking Calendar 5.0 is vulnerable to Incorrect Access Control.

Action-Not Available
Vendor-n/aPHPJabbers Ltd.
Product-availability_booking_calendarn/a
CVE-2023-36131
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.10% / 28.01%
||
7 Day CHG~0.00%
Published-03 Aug, 2023 | 00:00
Updated-17 Oct, 2024 | 18:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHPJabbers Availability Booking Calendar 5.0 is vulnerable to Incorrect Access Control due to improper input validation of password parameter.

Action-Not Available
Vendor-n/aPHPJabbers Ltd.
Product-availability_booking_calendarn/a
CVE-2023-36134
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.32% / 54.25%
||
7 Day CHG~0.00%
Published-03 Aug, 2023 | 00:00
Updated-17 Oct, 2024 | 18:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In PHP Jabbers Class Scheduling System 1.0, lack of verification when changing an email address and/or password (on the Profile Page) allows remote attackers to take over accounts.

Action-Not Available
Vendor-n/aPHPJabbers Ltd.
Product-class_scheduling_systemn/a
CWE ID-CWE-345
Insufficient Verification of Data Authenticity
CVE-2023-36133
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.10% / 28.01%
||
7 Day CHG~0.00%
Published-03 Aug, 2023 | 00:00
Updated-17 Oct, 2024 | 19:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHPJabbers Availability Booking Calendar 5.0 is vulnerable to User Account Takeover through username/password change.

Action-Not Available
Vendor-n/aPHPJabbers Ltd.
Product-availability_booking_calendarn/a
CVE-2023-41539
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.06% / 19.43%
||
7 Day CHG~0.00%
Published-30 Aug, 2023 | 00:00
Updated-01 Oct, 2024 | 19:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

phpjabbers Business Directory Script 3.2 is vulnerable to SQL Injection via the column parameter.

Action-Not Available
Vendor-n/aPHPJabbers Ltd.
Product-business_directory_scriptn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-43274
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.06% / 19.43%
||
7 Day CHG~0.00%
Published-21 Sep, 2023 | 00:00
Updated-24 Sep, 2024 | 19:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Phpjabbers PHP Shopping Cart 4.2 is vulnerable to SQL Injection via the id parameter.

Action-Not Available
Vendor-n/aPHPJabbers Ltd.
Product-php_shopping_cartn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2010-2714
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.12% / 31.94%
||
7 Day CHG~0.00%
Published-13 Jul, 2010 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in photos/index.php in TCW PHP Album 1.0 allows remote attackers to execute arbitrary SQL commands via the album parameter.

Action-Not Available
Vendor-tcwonlinen/a
Product-tcw_php_albumn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2010-2926
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.10% / 28.76%
||
7 Day CHG~0.00%
Published-30 Jul, 2010 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in index.php in sNews 1.7 allows remote attackers to execute arbitrary SQL commands via the category parameter.

Action-Not Available
Vendor-solucijan/a
Product-snewsn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2010-5062
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.32% / 79.07%
||
7 Day CHG~0.00%
Published-23 Nov, 2011 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in search.php in MH Products kleinanzeigenmarkt allows remote attackers to execute arbitrary SQL commands via the c parameter.

Action-Not Available
Vendor-mh_productsn/a
Product-kleinanzeigenmarktn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2010-2609
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.42% / 79.79%
||
7 Day CHG~0.00%
Published-01 Jul, 2010 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in show_search_result.php in 2daybiz Job Search Engine Script allows remote attackers to execute arbitrary SQL commands via the keyword parameter.

Action-Not Available
Vendor-2daybizn/a
Product-job_search_engine_scriptn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2010-2616
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.32% / 54.29%
||
7 Day CHG~0.00%
Published-01 Jul, 2010 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in bible.php in PHP Bible Search, probably 0.99, allows remote attackers to execute arbitrary SQL commands via the chapter parameter.

Action-Not Available
Vendor-paul_mceneryn/a
Product-php_bible_searchn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2010-3428
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.11% / 29.54%
||
7 Day CHG~0.00%
Published-16 Sep, 2010 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in modules/notes/json.php in Intermesh Group-Office 3.5.9 allows remote attackers to execute arbitrary SQL commands via the category_id parameter in a category action.

Action-Not Available
Vendor-intermeshn/a
Product-group-officen/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2016-2299
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.3||HIGH
EPSS-1.30% / 78.92%
||
7 Day CHG~0.00%
Published-22 Apr, 2016 | 00:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Action-Not Available
Vendor-ecavan/a
Product-integraxorn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2011-3989
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-7.5||HIGH
EPSS-0.40% / 59.72%
||
7 Day CHG~0.00%
Published-04 Nov, 2011 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in DBD::mysqlPP 0.04 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Action-Not Available
Vendor-hiroyuki_oyaman/a
Product-dbd\n/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2011-1061
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.71% / 71.23%
||
7 Day CHG~0.00%
Published-22 Feb, 2011 | 23:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in memberlist.php in WSN Guest 1.24 allows remote attackers to execute arbitrary SQL commands via the time parameter.

Action-Not Available
Vendor-webmastersiten/a
Product-wsn_guestn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2011-4559
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.09% / 77.03%
||
7 Day CHG~0.00%
Published-28 Nov, 2011 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in the Calendar module in vTiger CRM 5.2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the onlyforuser parameter in an index action to index.php.

Action-Not Available
Vendor-vtigern/a
Product-vtiger_crmn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2010-3458
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.51% / 65.18%
||
7 Day CHG~0.00%
Published-17 Sep, 2010 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in lib/toolkit/events/event.section.php in Symphony CMS 2.0.7 and 2.1.1 allows remote attackers to execute arbitrary SQL commands via the send-email[recipient] parameter to about/. NOTE: some of these details are obtained from third party information.

Action-Not Available
Vendor-getsymphonyn/a
Product-symphonyn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2010-3485
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.39% / 59.12%
||
7 Day CHG~0.00%
Published-22 Sep, 2010 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in common.php in LightNEasy 3.2.1 allows remote attackers to execute arbitrary SQL commands via the userhandle cookie to LightNEasy.php, a different vector than CVE-2008-6593. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Action-Not Available
Vendor-lightneasyn/a
Product-lightneasyn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2011-4671
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.78% / 72.63%
||
7 Day CHG~0.00%
Published-02 Dec, 2011 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in adrotate/adrotate-out.php in the AdRotate plugin 3.6.6, and other versions before 3.6.8, for WordPress allows remote attackers to execute arbitrary SQL commands via the track parameter (aka redirect URL).

Action-Not Available
Vendor-adrotatepluginn/aWordPress.org
Product-wordpressadrotaten/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2011-4847
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.17% / 38.49%
||
7 Day CHG~0.00%
Published-16 Dec, 2011 | 11:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in the Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 allows remote attackers to execute arbitrary SQL commands via a certificateslist cookie to notification@/.

Action-Not Available
Vendor-n/aParallels International GmbhMicrosoft Corporation
Product-windows_server_2008parallels_plesk_panelwindows_2003_servern/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2011-4803
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.83% / 73.56%
||
7 Day CHG~0.00%
Published-14 Dec, 2011 | 00:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in wptouch/ajax.php in the WPTouch plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter.

Action-Not Available
Vendor-bravenewcoden/aWordPress.org
Product-wordpresswptouchn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-2032
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-9.8||CRITICAL
EPSS-0.20% / 41.77%
||
7 Day CHG~0.00%
Published-27 Jun, 2023 | 13:17
Updated-27 Nov, 2024 | 19:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Custom 404 Pro < 3.8.1 - Multiple SQL Injection

The Custom 404 Pro WordPress plugin before 3.8.1 does not properly sanitize database inputs, leading to multiple SQL Injection vulnerabilities.

Action-Not Available
Vendor-kunalnagarUnknown
Product-custom_404_proCustom 404 Pro
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2016-4999
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-3.51% / 87.16%
||
7 Day CHG~0.00%
Published-05 Aug, 2016 | 15:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in the getStringParameterSQL method in main/java/org/dashbuilder/dataprovider/sql/dialect/DefaultDialect.java in Dashbuilder before 0.6.0.Beta1 allows remote attackers to execute arbitrary SQL commands via a data set lookup filter in the (1) Data Set Authoring or (2) Displayer editor UI.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-jboss_enterprise_brms_platformdashbuilderjboss_bpm_suiten/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2011-4026
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.45% / 62.53%
||
7 Day CHG~0.00%
Published-21 Oct, 2011 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in thanks.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.

Action-Not Available
Vendor-xia_zuojien/a
Product-nexusphpn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2010-2925
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.35% / 56.71%
||
7 Day CHG~0.00%
Published-30 Jul, 2010 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in index.php in Freeway CMS 1.4.3.210 allows remote attackers to execute arbitrary SQL commands via the ecPath parameter.

Action-Not Available
Vendor-openfreewayn/a
Product-freewayn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2011-4763
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.31% / 53.91%
||
7 Day CHG~0.00%
Published-16 Dec, 2011 | 11:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple SQL injection vulnerabilities in the Site Editor (aka SiteBuilder) feature in Parallels Plesk Small Business Panel 10.2.0 allow remote attackers to execute arbitrary SQL commands via crafted input to a PHP script, as demonstrated by Wizard/Edit/Html and certain other files.

Action-Not Available
Vendor-n/aParallels International Gmbh
Product-parallels_plesk_small_business_paneln/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 189
  • 190
  • Next
Details not found