Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-45111

Summary
Assigner-Fluid Attacks
Assigner Org ID-84fe0718-d6bb-4716-a7e8-81a6d1daa869
Published At-02 Nov, 2023 | 01:42
Updated At-05 Sep, 2024 | 19:17
Rejected At-
Credits

Online Examination System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)

Online Examination System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'email' parameter of the feed.php resource does not validate the characters received and they are sent unfiltered to the database.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Fluid Attacks
Assigner Org ID:84fe0718-d6bb-4716-a7e8-81a6d1daa869
Published At:02 Nov, 2023 | 01:42
Updated At:05 Sep, 2024 | 19:17
Rejected At:
▼CVE Numbering Authority (CNA)
Online Examination System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)

Online Examination System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'email' parameter of the feed.php resource does not validate the characters received and they are sent unfiltered to the database.

Affected Products
Vendor
ProjectworldsProjectworlds Pvt. Limited
Product
Online Examination System
Default Status
unaffected
Versions
Affected
  • 1.0
Problem Types
TypeCWE IDDescription
CWECWE-89CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Type: CWE
CWE ID: CWE-89
Description: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Metrics
VersionBase scoreBase severityVector
3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-66CAPEC-66 SQL Injection
CAPEC ID: CAPEC-66
Description: CAPEC-66 SQL Injection
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://fluidattacks.com/advisories/pires
third-party-advisory
https://projectworlds.in/
N/A
Hyperlink: https://fluidattacks.com/advisories/pires
Resource:
third-party-advisory
Hyperlink: https://projectworlds.in/
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://fluidattacks.com/advisories/pires
third-party-advisory
x_transferred
https://projectworlds.in/
x_transferred
Hyperlink: https://fluidattacks.com/advisories/pires
Resource:
third-party-advisory
x_transferred
Hyperlink: https://projectworlds.in/
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:help@fluidattacks.com
Published At:02 Nov, 2023 | 02:15
Updated At:08 Nov, 2023 | 23:14

Online Examination System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'email' parameter of the feed.php resource does not validate the characters received and they are sent unfiltered to the database.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CPE Matches
razormist
online_examination_system_project
>>online_examination_system>>1.0
cpe:2.3:a:online_examination_system_project:online_examination_system:1.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-89Primaryhelp@fluidattacks.com
CWE ID: CWE-89
Type: Primary
Source: help@fluidattacks.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://fluidattacks.com/advisories/pireshelp@fluidattacks.com
Exploit
Third Party Advisory
https://projectworlds.in/help@fluidattacks.com
Product
Hyperlink: https://fluidattacks.com/advisories/pires
Source: help@fluidattacks.com
Resource:
Exploit
Third Party Advisory
Hyperlink: https://projectworlds.in/
Source: help@fluidattacks.com
Resource:
Product

Change History

0
Information is not available yet

Similar CVEs

4972Records found
CVE-2023-48434
Matching Score-10
Assigner-Fluid Attacks
ShareView Details
Matching Score-10
Assigner-Fluid Attacks
CVSS Score-9.8||CRITICAL
EPSS-0.07% / 21.38%
||
7 Day CHG~0.00%
Published-20 Dec, 2023 | 20:29
Updated-13 Sep, 2024 | 15:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Online Voting System Project v1.0 - Multiple Unauthenticated SQL Injections (SQLi)

Online Voting System Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the reg_action.php resource does not validate the characters received and they are sent unfiltered to the database.

Action-Not Available
Vendor-Projectworlds
Product-online_voting_system_projectOnline Voting System Project
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-48716
Matching Score-10
Assigner-Fluid Attacks
ShareView Details
Matching Score-10
Assigner-Fluid Attacks
CVSS Score-9.8||CRITICAL
EPSS-0.15% / 36.57%
||
7 Day CHG~0.00%
Published-21 Dec, 2023 | 20:53
Updated-02 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Student Result Management System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)

Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'class_id' parameter of the add_classes.php resource does not validate the characters received and they are sent unfiltered to the database.

Action-Not Available
Vendor-Projectworlds
Product-student_result_management_systemStudent Result Management System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-48687
Matching Score-10
Assigner-Fluid Attacks
ShareView Details
Matching Score-10
Assigner-Fluid Attacks
CVSS Score-9.8||CRITICAL
EPSS-0.15% / 36.57%
||
7 Day CHG~0.00%
Published-21 Dec, 2023 | 20:42
Updated-02 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Railway Reservation System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)

Railway Reservation System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'from' parameter of the reservation.php resource does not validate the characters received and they are sent unfiltered to the database.

Action-Not Available
Vendor-Projectworlds
Product-railway_reservation_systemRailway Reservation System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-48720
Matching Score-10
Assigner-Fluid Attacks
ShareView Details
Matching Score-10
Assigner-Fluid Attacks
CVSS Score-9.8||CRITICAL
EPSS-0.15% / 36.57%
||
7 Day CHG~0.00%
Published-21 Dec, 2023 | 21:00
Updated-02 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Student Result Management System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)

Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'password' parameter of the login.php resource does not validate the characters received and they are sent unfiltered to the database.

Action-Not Available
Vendor-PHPGurukul LLPProjectworlds
Product-student_result_management_systemStudent Result Management System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-48722
Matching Score-10
Assigner-Fluid Attacks
ShareView Details
Matching Score-10
Assigner-Fluid Attacks
CVSS Score-9.8||CRITICAL
EPSS-0.15% / 36.57%
||
7 Day CHG~0.00%
Published-21 Dec, 2023 | 21:06
Updated-02 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Student Result Management System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)

Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'class_name' parameter of the add_results.php resource does not validate the characters received and they are sent unfiltered to the database.

Action-Not Available
Vendor-PHPGurukul LLPProjectworlds
Product-student_result_management_systemStudent Result Management System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-48433
Matching Score-10
Assigner-Fluid Attacks
ShareView Details
Matching Score-10
Assigner-Fluid Attacks
CVSS Score-9.8||CRITICAL
EPSS-0.07% / 22.06%
||
7 Day CHG~0.00%
Published-20 Dec, 2023 | 20:28
Updated-02 Aug, 2024 | 21:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Online Voting System Project v1.0 - Multiple Unauthenticated SQL Injections (SQLi)

Online Voting System Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the login_action.php resource does not validate the characters received and they are sent unfiltered to the database.

Action-Not Available
Vendor-Projectworlds
Product-online_voting_system_projectOnline Voting System Project
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-48718
Matching Score-10
Assigner-Fluid Attacks
ShareView Details
Matching Score-10
Assigner-Fluid Attacks
CVSS Score-9.8||CRITICAL
EPSS-0.16% / 37.14%
||
7 Day CHG~0.00%
Published-21 Dec, 2023 | 20:57
Updated-27 Nov, 2024 | 18:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Student Result Management System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)

Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'class_name' parameter of the add_students.php resource does not validate the characters received and they are sent unfiltered to the database.

Action-Not Available
Vendor-PHPGurukul LLPProjectworlds
Product-student_result_management_systemStudent Result Management System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-48685
Matching Score-10
Assigner-Fluid Attacks
ShareView Details
Matching Score-10
Assigner-Fluid Attacks
CVSS Score-9.8||CRITICAL
EPSS-0.15% / 36.57%
||
7 Day CHG~0.00%
Published-21 Dec, 2023 | 20:11
Updated-02 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Railway Reservation System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)

Railway Reservation System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'psd' parameter of the login.php resource does not validate the characters received and they are sent unfiltered to the database.

Action-Not Available
Vendor-Projectworlds
Product-railway_reservation_systemRailway Reservation System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-48689
Matching Score-10
Assigner-Fluid Attacks
ShareView Details
Matching Score-10
Assigner-Fluid Attacks
CVSS Score-9.8||CRITICAL
EPSS-0.15% / 36.57%
||
7 Day CHG~0.00%
Published-21 Dec, 2023 | 20:46
Updated-23 Apr, 2025 | 16:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Railway Reservation System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)

Railway Reservation System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'byname' parameter of the train.php resource does not validate the characters received and they are sent unfiltered to the database.

Action-Not Available
Vendor-Projectworlds
Product-railway_reservation_systemRailway Reservation System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-46788
Matching Score-10
Assigner-Fluid Attacks
ShareView Details
Matching Score-10
Assigner-Fluid Attacks
CVSS Score-9.8||CRITICAL
EPSS-0.15% / 36.17%
||
7 Day CHG~0.00%
Published-07 Nov, 2023 | 21:01
Updated-17 Sep, 2024 | 13:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Online Matrimonial Project v1.0 - Multiple Unauthenticated SQL Injections (SQLi)

Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'id' parameter in the 'uploadphoto()' function of the functions.php resource does not validate the characters received and they are sent unfiltered to the database.

Action-Not Available
Vendor-Projectworlds
Product-online_matrimonial_projectOnline Matrimonial Project
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-46793
Matching Score-10
Assigner-Fluid Attacks
ShareView Details
Matching Score-10
Assigner-Fluid Attacks
CVSS Score-9.8||CRITICAL
EPSS-0.15% / 36.17%
||
7 Day CHG~0.00%
Published-07 Nov, 2023 | 21:10
Updated-17 Sep, 2024 | 13:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Online Matrimonial Project v1.0 - Multiple Unauthenticated SQL Injections (SQLi)

Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'day' parameter in the 'register()' function of the functions.php resource does not validate the characters received and they are sent unfiltered to the database.

Action-Not Available
Vendor-Projectworlds
Product-online_matrimonial_projectOnline Matrimonial Project
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-46787
Matching Score-10
Assigner-Fluid Attacks
ShareView Details
Matching Score-10
Assigner-Fluid Attacks
CVSS Score-9.8||CRITICAL
EPSS-0.14% / 35.53%
||
7 Day CHG~0.00%
Published-07 Nov, 2023 | 20:59
Updated-17 Sep, 2024 | 13:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Online Matrimonial Project v1.0 - Multiple Unauthenticated SQL Injections (SQLi)

Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the auth/auth.php resource does not validate the characters received and they are sent unfiltered to the database.

Action-Not Available
Vendor-Projectworlds
Product-online_matrimonial_projectOnline Matrimonial Project
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-46677
Matching Score-10
Assigner-Fluid Attacks
ShareView Details
Matching Score-10
Assigner-Fluid Attacks
CVSS Score-9.8||CRITICAL
EPSS-0.15% / 36.17%
||
7 Day CHG~0.00%
Published-07 Nov, 2023 | 20:35
Updated-12 Sep, 2024 | 19:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Online Job Portal v1.0 - Multiple Unauthenticated SQL Injections (SQLi)

Online Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'txt_uname' parameter of the sign-up.php resource does not validate the characters received and they are sent unfiltered to the database.

Action-Not Available
Vendor-Projectworlds
Product-online_job_portalOnline Job Portal
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-46789
Matching Score-10
Assigner-Fluid Attacks
ShareView Details
Matching Score-10
Assigner-Fluid Attacks
CVSS Score-9.8||CRITICAL
EPSS-0.14% / 35.53%
||
7 Day CHG~0.00%
Published-07 Nov, 2023 | 21:02
Updated-17 Sep, 2024 | 13:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Online Matrimonial Project v1.0 - Multiple Unauthenticated SQL Injections (SQLi)

Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'filename' attribute of the 'pic1' multipart parameter of the functions.php resource does not validate the characters received and they are sent unfiltered to the database.

Action-Not Available
Vendor-Projectworlds
Product-online_matrimonial_projectOnline Matrimonial Project
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-46785
Matching Score-10
Assigner-Fluid Attacks
ShareView Details
Matching Score-10
Assigner-Fluid Attacks
CVSS Score-9.8||CRITICAL
EPSS-0.15% / 36.17%
||
7 Day CHG~0.00%
Published-07 Nov, 2023 | 20:57
Updated-17 Sep, 2024 | 13:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Online Matrimonial Project v1.0 - Multiple Unauthenticated SQL Injections (SQLi)

Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'id' parameter of the partner_preference.php resource does not validate the characters received and they are sent unfiltered to the database.

Action-Not Available
Vendor-Projectworlds
Product-online_matrimonial_projectOnline Matrimonial Project
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-46679
Matching Score-10
Assigner-Fluid Attacks
ShareView Details
Matching Score-10
Assigner-Fluid Attacks
CVSS Score-9.8||CRITICAL
EPSS-0.15% / 36.17%
||
7 Day CHG~0.00%
Published-07 Nov, 2023 | 20:37
Updated-12 Sep, 2024 | 19:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Online Job Portal v1.0 - Multiple Unauthenticated SQL Injections (SQLi)

Online Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'txt_uname_email' parameter of the index.php resource does not validate the characters received and they are sent unfiltered to the database.

Action-Not Available
Vendor-Projectworlds
Product-online_job_portalOnline Job Portal
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-46800
Matching Score-10
Assigner-Fluid Attacks
ShareView Details
Matching Score-10
Assigner-Fluid Attacks
CVSS Score-9.8||CRITICAL
EPSS-0.15% / 36.17%
||
7 Day CHG~0.00%
Published-07 Nov, 2023 | 21:19
Updated-04 Sep, 2024 | 15:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Online Matrimonial Project v1.0 - Multiple Unauthenticated SQL Injections (SQLi)

Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'id' parameter of the view_profile.php resource does not validate the characters received and they are sent unfiltered to the database.

Action-Not Available
Vendor-Projectworlds
Product-online_matrimonial_projectOnline Matrimonial Projectonline_matrimonial_project
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-45347
Matching Score-10
Assigner-Fluid Attacks
ShareView Details
Matching Score-10
Assigner-Fluid Attacks
CVSS Score-9.8||CRITICAL
EPSS-0.10% / 27.74%
||
7 Day CHG~0.00%
Published-02 Nov, 2023 | 14:04
Updated-12 Sep, 2024 | 19:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Online Food Ordering System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)

Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The '*_verified' parameter of the routers/user-router.php resource does not validate the characters received and they are sent unfiltered to the database.

Action-Not Available
Vendor-Projectworlds
Product-online_food_ordering_scriptOnline Food Ordering System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-45344
Matching Score-10
Assigner-Fluid Attacks
ShareView Details
Matching Score-10
Assigner-Fluid Attacks
CVSS Score-9.8||CRITICAL
EPSS-0.10% / 27.74%
||
7 Day CHG~0.00%
Published-02 Nov, 2023 | 13:57
Updated-17 Sep, 2024 | 13:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Online Food Ordering System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)

Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The '*_balance' parameter of the routers/user-router.php resource does not validate the characters received and they are sent unfiltered to the database.

Action-Not Available
Vendor-Projectworlds
Product-online_food_ordering_systemOnline Food Ordering System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-45323
Matching Score-10
Assigner-Fluid Attacks
ShareView Details
Matching Score-10
Assigner-Fluid Attacks
CVSS Score-9.8||CRITICAL
EPSS-0.10% / 27.74%
||
7 Day CHG~0.00%
Published-02 Nov, 2023 | 13:08
Updated-17 Sep, 2024 | 13:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Online Food Ordering System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)

Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'name' parameter of the routers/add-item.php resource does not validate the characters received and they are sent unfiltered to the database.

Action-Not Available
Vendor-Projectworlds
Product-online_food_ordering_systemOnline Food Ordering System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-45342
Matching Score-10
Assigner-Fluid Attacks
ShareView Details
Matching Score-10
Assigner-Fluid Attacks
CVSS Score-9.8||CRITICAL
EPSS-0.08% / 25.39%
||
7 Day CHG~0.00%
Published-02 Nov, 2023 | 13:47
Updated-02 Aug, 2024 | 20:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Online Food Ordering System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)

Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'phone' parameter of the routers/register-router.php resource does not validate the characters received and they are sent unfiltered to the database.

Action-Not Available
Vendor-Projectworlds
Product-online_food_ordering_systemOnline Food Ordering System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-45345
Matching Score-10
Assigner-Fluid Attacks
ShareView Details
Matching Score-10
Assigner-Fluid Attacks
CVSS Score-9.8||CRITICAL
EPSS-0.10% / 27.74%
||
7 Day CHG~0.00%
Published-02 Nov, 2023 | 14:02
Updated-12 Sep, 2024 | 19:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Online Food Ordering System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)

Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The '*_deleted' parameter of the routers/user-router.php resource does not validate the characters received and they are sent unfiltered to the database.

Action-Not Available
Vendor-Projectworlds
Product-online_food_ordering_scriptOnline Food Ordering System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-45340
Matching Score-10
Assigner-Fluid Attacks
ShareView Details
Matching Score-10
Assigner-Fluid Attacks
CVSS Score-9.8||CRITICAL
EPSS-0.08% / 25.39%
||
7 Day CHG~0.00%
Published-02 Nov, 2023 | 13:38
Updated-02 Aug, 2024 | 20:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Online Food Ordering System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)

Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'phone' parameter of the routers/details-router.php resource does not validate the characters received and they are sent unfiltered to the database.

Action-Not Available
Vendor-Projectworlds
Product-online_food_ordering_systemOnline Food Ordering System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-45325
Matching Score-10
Assigner-Fluid Attacks
ShareView Details
Matching Score-10
Assigner-Fluid Attacks
CVSS Score-9.8||CRITICAL
EPSS-0.10% / 27.74%
||
7 Day CHG~0.00%
Published-02 Nov, 2023 | 13:12
Updated-17 Sep, 2024 | 13:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Online Food Ordering System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)

Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'address' parameter of the routers/add-users.php resource does not validate the characters received and they are sent unfiltered to the database.

Action-Not Available
Vendor-Projectworlds
Product-online_food_ordering_systemOnline Food Ordering System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-45019
Matching Score-10
Assigner-Fluid Attacks
ShareView Details
Matching Score-10
Assigner-Fluid Attacks
CVSS Score-9.8||CRITICAL
EPSS-0.10% / 27.74%
||
7 Day CHG~0.00%
Published-02 Nov, 2023 | 02:19
Updated-05 Sep, 2024 | 18:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Online Bus Booking System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)

Online Bus Booking System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'category' parameter of the category.php resource does not validate the characters received and they are sent unfiltered to the database.

Action-Not Available
Vendor-online_bus_booking_system_projectonline_bus_booking_system_projectProjectworlds
Product-online_bus_booking_systemOnline Bus Booking Systemonline_bus_booking_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-45343
Matching Score-10
Assigner-Fluid Attacks
ShareView Details
Matching Score-10
Assigner-Fluid Attacks
CVSS Score-9.8||CRITICAL
EPSS-0.08% / 25.39%
||
7 Day CHG~0.00%
Published-02 Nov, 2023 | 13:59
Updated-02 Aug, 2024 | 20:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Online Food Ordering System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)

Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'ticket_id' parameter of the routers/ticket-message.php resource does not validate the characters received and they are sent unfiltered to the database.

Action-Not Available
Vendor-Projectworlds
Product-online_food_ordering_systemOnline Food Ordering System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-45341
Matching Score-10
Assigner-Fluid Attacks
ShareView Details
Matching Score-10
Assigner-Fluid Attacks
CVSS Score-9.8||CRITICAL
EPSS-0.08% / 25.39%
||
7 Day CHG~0.00%
Published-02 Nov, 2023 | 13:58
Updated-12 Jun, 2025 | 14:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Online Food Ordering System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)

Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The '*_price' parameter of the routers/menu-router.php resource does not validate the characters received and they are sent unfiltered to the database.

Action-Not Available
Vendor-Projectworlds
Product-online_food_ordering_systemOnline Food Ordering System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-45012
Matching Score-10
Assigner-Fluid Attacks
ShareView Details
Matching Score-10
Assigner-Fluid Attacks
CVSS Score-9.8||CRITICAL
EPSS-0.10% / 27.74%
||
7 Day CHG~0.00%
Published-02 Nov, 2023 | 02:11
Updated-04 Sep, 2024 | 20:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Online Bus Booking System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)

Online Bus Booking System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'user_email' parameter of the bus_info.php resource does not validate the characters received and they are sent unfiltered to the database.

Action-Not Available
Vendor-online_bus_booking_system_projectProjectworlds
Product-online_bus_booking_systemOnline Bus Booking System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-45018
Matching Score-10
Assigner-Fluid Attacks
ShareView Details
Matching Score-10
Assigner-Fluid Attacks
CVSS Score-9.8||CRITICAL
EPSS-0.10% / 27.74%
||
7 Day CHG~0.00%
Published-02 Nov, 2023 | 02:17
Updated-05 Sep, 2024 | 19:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Online Bus Booking System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)

Online Bus Booking System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the includes/login.php resource does not validate the characters received and they are sent unfiltered to the database.

Action-Not Available
Vendor-online_bus_booking_system_projectonline_bus_booking_system_projectProjectworlds
Product-online_bus_booking_systemOnline Bus Booking Systemonline_bus_booking_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-45334
Matching Score-10
Assigner-Fluid Attacks
ShareView Details
Matching Score-10
Assigner-Fluid Attacks
CVSS Score-9.8||CRITICAL
EPSS-0.10% / 27.74%
||
7 Day CHG~0.00%
Published-02 Nov, 2023 | 13:24
Updated-17 Sep, 2024 | 13:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Online Food Ordering System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)

Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'status' parameter of the routers/edit-orders.php resource does not validate the characters received and they are sent unfiltered to the database.

Action-Not Available
Vendor-Projectworlds
Product-online_food_ordering_systemOnline Food Ordering System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-45336
Matching Score-10
Assigner-Fluid Attacks
ShareView Details
Matching Score-10
Assigner-Fluid Attacks
CVSS Score-9.8||CRITICAL
EPSS-0.08% / 25.39%
||
7 Day CHG~0.00%
Published-02 Nov, 2023 | 13:26
Updated-02 Aug, 2024 | 20:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Online Food Ordering System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)

Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'password' parameter of the routers/router.php resource does not validate the characters received and they are sent unfiltered to the database.

Action-Not Available
Vendor-Projectworlds
Product-online_food_ordering_systemOnline Food Ordering System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-45015
Matching Score-10
Assigner-Fluid Attacks
ShareView Details
Matching Score-10
Assigner-Fluid Attacks
CVSS Score-9.8||CRITICAL
EPSS-0.10% / 27.74%
||
7 Day CHG~0.00%
Published-02 Nov, 2023 | 02:14
Updated-04 Sep, 2024 | 20:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Online Bus Booking System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)

Online Bus Booking System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'date' parameter of the bus_info.php resource does not validate the characters received and they are sent unfiltered to the database.

Action-Not Available
Vendor-online_bus_booking_system_projectProjectworlds
Product-online_bus_booking_systemOnline Bus Booking System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-45338
Matching Score-10
Assigner-Fluid Attacks
ShareView Details
Matching Score-10
Assigner-Fluid Attacks
CVSS Score-9.8||CRITICAL
EPSS-0.10% / 27.74%
||
7 Day CHG~0.00%
Published-02 Nov, 2023 | 14:01
Updated-12 Sep, 2024 | 19:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Online Food Ordering System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)

Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'id' parameter of the routers/add-ticket.php resource does not validate the characters received and they are sent unfiltered to the database.

Action-Not Available
Vendor-Projectworlds
Product-online_food_ordering_scriptOnline Food Ordering System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-45346
Matching Score-10
Assigner-Fluid Attacks
ShareView Details
Matching Score-10
Assigner-Fluid Attacks
CVSS Score-9.8||CRITICAL
EPSS-0.10% / 27.74%
||
7 Day CHG~0.00%
Published-02 Nov, 2023 | 14:03
Updated-12 Sep, 2024 | 19:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Online Food Ordering System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)

Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The '*_role' parameter of the routers/user-router.php resource does not validate the characters received and they are sent unfiltered to the database.

Action-Not Available
Vendor-Projectworlds
Product-online_food_ordering_scriptOnline Food Ordering System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-44267
Matching Score-10
Assigner-Fluid Attacks
ShareView Details
Matching Score-10
Assigner-Fluid Attacks
CVSS Score-9.8||CRITICAL
EPSS-0.08% / 25.39%
||
7 Day CHG~0.00%
Published-26 Oct, 2023 | 19:14
Updated-09 Sep, 2024 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Online Art Gallery v1.0 - Multiple Unauthenticated SQL Injections (SQLi)

Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'lnm' parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database.

Action-Not Available
Vendor-Projectworlds
Product-online_art_galleryOnline Art Gallery
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-2945
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.07% / 21.88%
||
7 Day CHG~0.00%
Published-27 Mar, 2024 | 03:00
Updated-21 Feb, 2025 | 18:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Campcodes Online Examination System updateExaminee.php sql injection

A vulnerability was found in Campcodes Online Examination System 1.0. It has been classified as critical. Affected is an unknown function of the file /adminpanel/admin/facebox_modal/updateExaminee.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258036.

Action-Not Available
Vendor-CampCodesrazormist
Product-online_examination_systemOnline Examination Systemonline_examination_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-45121
Matching Score-6
Assigner-Fluid Attacks
ShareView Details
Matching Score-6
Assigner-Fluid Attacks
CVSS Score-8.8||HIGH
EPSS-0.13% / 33.15%
||
7 Day CHG~0.00%
Published-21 Dec, 2023 | 16:23
Updated-19 May, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Online Examination System v1.0 - Multiple Authenticated SQL Injections (SQLi)

Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'desc' parameter of the /update.php?q=addquiz resource does not validate the characters received and they are sent unfiltered to the database.

Action-Not Available
Vendor-Projectworlds
Product-online_examination_systemOnline Examination System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-45115
Matching Score-6
Assigner-Fluid Attacks
ShareView Details
Matching Score-6
Assigner-Fluid Attacks
CVSS Score-8.8||HIGH
EPSS-0.12% / 31.16%
||
7 Day CHG~0.00%
Published-21 Dec, 2023 | 15:36
Updated-21 May, 2025 | 14:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Online Examination System v1.0 - Multiple Authenticated SQL Injections (SQLi)

Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'ch' parameter of the /update.php?q=addqns resource does not validate the characters received and they are sent unfiltered to the database.

Action-Not Available
Vendor-Projectworlds
Product-online_examination_systemOnline Examination System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-45117
Matching Score-6
Assigner-Fluid Attacks
ShareView Details
Matching Score-6
Assigner-Fluid Attacks
CVSS Score-8.8||HIGH
EPSS-0.10% / 27.79%
||
7 Day CHG~0.00%
Published-21 Dec, 2023 | 15:47
Updated-19 May, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Online Examination System v1.0 - Multiple Authenticated SQL Injections (SQLi)

Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'eid' parameter of the /update.php?q=rmquiz resource does not validate the characters received and they are sent unfiltered to the database.

Action-Not Available
Vendor-Projectworlds
Product-online_examination_systemOnline Examination System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-45116
Matching Score-6
Assigner-Fluid Attacks
ShareView Details
Matching Score-6
Assigner-Fluid Attacks
CVSS Score-8.8||HIGH
EPSS-0.12% / 30.91%
||
7 Day CHG~0.00%
Published-21 Dec, 2023 | 15:42
Updated-19 May, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Online Examination System v1.0 - Multiple Authenticated SQL Injections (SQLi)

Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'demail' parameter of the /update.php resource does not validate the characters received and they are sent unfiltered to the database.

Action-Not Available
Vendor-Projectworlds
Product-online_examination_systemOnline Examination Systemonline_examination_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-45120
Matching Score-6
Assigner-Fluid Attacks
ShareView Details
Matching Score-6
Assigner-Fluid Attacks
CVSS Score-8.8||HIGH
EPSS-0.12% / 30.91%
||
7 Day CHG~0.00%
Published-21 Dec, 2023 | 16:21
Updated-19 May, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Online Examination System v1.0 - Multiple Authenticated SQL Injections (SQLi)

Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'qid' parameter of the /update.php?q=quiz&step=2 resource does not validate the characters received and they are sent unfiltered to the database.

Action-Not Available
Vendor-Projectworlds
Product-online_examination_systemOnline Examination System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-45119
Matching Score-6
Assigner-Fluid Attacks
ShareView Details
Matching Score-6
Assigner-Fluid Attacks
CVSS Score-8.8||HIGH
EPSS-0.13% / 33.15%
||
7 Day CHG~0.00%
Published-21 Dec, 2023 | 16:03
Updated-19 May, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Online Examination System v1.0 - Multiple Authenticated SQL Injections (SQLi)

Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'n' parameter of the /update.php?q=quiz resource does not validate the characters received and they are sent unfiltered to the database.

Action-Not Available
Vendor-Projectworlds
Product-online_examination_systemOnline Examination System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-45118
Matching Score-6
Assigner-Fluid Attacks
ShareView Details
Matching Score-6
Assigner-Fluid Attacks
CVSS Score-8.8||HIGH
EPSS-0.12% / 31.16%
||
7 Day CHG~0.00%
Published-21 Dec, 2023 | 15:51
Updated-19 May, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Online Examination System v1.0 - Multiple Authenticated SQL Injections (SQLi)

Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'fdid' parameter of the /update.php resource does not validate the characters received and they are sent unfiltered to the database.

Action-Not Available
Vendor-Projectworlds
Product-online_examination_systemOnline Examination System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-44482
Matching Score-6
Assigner-Fluid Attacks
ShareView Details
Matching Score-6
Assigner-Fluid Attacks
CVSS Score-8.8||HIGH
EPSS-0.11% / 30.01%
||
7 Day CHG~0.00%
Published-21 Dec, 2023 | 18:59
Updated-27 Nov, 2024 | 18:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Leave Management System Project v1.0 - Multiple Authenticated SQL Injections (SQLi)

Leave Management System Project v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'setsickleave' parameter of the admin/setleaves.php resource does not validate the characters received and they are sent unfiltered to the database.

Action-Not Available
Vendor-Projectworlds
Product-leave_management_systemLeave Management System Project
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-44480
Matching Score-6
Assigner-Fluid Attacks
ShareView Details
Matching Score-6
Assigner-Fluid Attacks
CVSS Score-8.8||HIGH
EPSS-0.07% / 22.19%
||
7 Day CHG~0.00%
Published-27 Oct, 2023 | 20:52
Updated-09 Sep, 2024 | 17:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Leave Management System Project v1.0 - Multiple Authenticated SQL Injections (SQLi)

Leave Management System Project v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'setcasualleave' parameter of the admin/setleaves.php resource does not validate the characters received and they are sent unfiltered to the database.

Action-Not Available
Vendor-Projectworlds
Product-leave_management_systemLeave Management System Project
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-44481
Matching Score-6
Assigner-Fluid Attacks
ShareView Details
Matching Score-6
Assigner-Fluid Attacks
CVSS Score-8.8||HIGH
EPSS-0.11% / 30.01%
||
7 Day CHG~0.00%
Published-21 Dec, 2023 | 18:58
Updated-12 Sep, 2024 | 19:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Leave Management System Project v1.0 - Multiple Authenticated SQL Injections (SQLi)

Leave Management System Project v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'setearnleave' parameter of the admin/setleaves.php resource does not validate the characters received and they are sent unfiltered to the database.

Action-Not Available
Vendor-Projectworlds
Product-leave_management_systemLeave Management System Project
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2020-22818
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.07% / 22.82%
||
7 Day CHG~0.00%
Published-03 Nov, 2022 | 00:00
Updated-05 May, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

MKCMS V6.2 has SQL injection via /ucenter/reg.php name parameter.

Action-Not Available
Vendor-mkcms_projectn/a
Product-mkcmsn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-30058
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.07% / 21.07%
||
7 Day CHG~0.00%
Published-11 Sep, 2023 | 00:00
Updated-26 Sep, 2024 | 18:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

novel-plus 3.6.2 is vulnerable to SQL Injection.

Action-Not Available
Vendor-n/axxyopen (Novel Plus)
Product-novel-plusn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-29629
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.80% / 73.09%
||
7 Day CHG~0.00%
Published-05 Jun, 2023 | 00:00
Updated-31 Jan, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PrestaShop jmsthemelayout 2.5.5 is vulnerable to SQL Injection via ajax_jmsvermegamenu.php.

Action-Not Available
Vendor-jmsthemelayout_projectn/a
Product-jmsthemelayoutn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-39887
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-4.3||MEDIUM
EPSS-45.77% / 97.53%
||
7 Day CHG-7.72%
Published-16 Jul, 2024 | 09:20
Updated-13 Feb, 2025 | 18:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Superset: Improper SQL authorisation, parse not checking for specific engine functions

An SQL Injection vulnerability in Apache Superset exists due to improper neutralization of special elements used in SQL commands. Specifically, certain engine-specific functions are not checked, which allows attackers to bypass Apache Superset's SQL authorization. To mitigate this, a new configuration key named DISALLOWED_SQL_FUNCTIONS has been introduced. This key disallows the use of the following PostgreSQL functions: version, query_to_xml, inet_server_addr, and inet_client_addr. Additional functions can be added to this list for increased protection. This issue affects Apache Superset: before 4.0.2. Users are recommended to upgrade to version 4.0.2, which fixes the issue.

Action-Not Available
Vendor-The Apache Software Foundation
Product-supersetApache Superset
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 99
  • 100
  • Next
Details not found