Skip to main content
CVE-2023-50445 HIGH POC Act Now

Shell Injection vulnerability GL.iNet A1300 v4.4.6, AX1800 v4.4.6, AXT1800 v4.4.6, MT3000 v4.4.6, MT2500 v4.4.6, MT6000 v4.5.0, MT1300 v4.3.7, MT300N-V2 v4.3.7, AR750S v4.3.7, AR750 v4.3.7, AR300M. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Gl Mt1300 Firmware Gl Mt300N V2 Firmware Gl Ar750S Firmware +9
NVD GitHub
CVSS 3.1
7.8
EPSS
9.1%
CVE-2023-46987 HIGH POC This Week

SeaCMS v12.9 was discovered to contain a remote code execution (RCE) vulnerability via the component /augap/adminip.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE PHP Seacms
NVD VulDB
CVSS 3.1
8.8
EPSS
1.5%
CVE-2023-7138 HIGH POC This Week

A vulnerability, which was classified as critical, was found in code-projects Client Details System 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Client Details System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-7137 HIGH POC THREAT This Week

A vulnerability, which was classified as critical, has been found in code-projects Client Details System 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Client Details System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
17.0%
CVE-2023-7129 HIGH POC This Week

A vulnerability, which was classified as critical, was found in code-projects Voting System 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Voting System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-7128 HIGH POC This Week

A vulnerability, which was classified as critical, has been found in code-projects Voting System 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Voting System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-7126 HIGH POC This Week

A vulnerability classified as critical has been found in code-projects Automated Voting System 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Automated Voting System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-50038 HIGH POC This Week

There is an arbitrary file upload vulnerability in the background of textpattern cms v4.8.8, which leads to the loss of server permissions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Textpattern
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-50692 HIGH POC This Week

File Upload vulnerability in JIZHICMS v.2.5, allows remote attacker to execute arbitrary code via a crafted file uploaded and downloaded to the download_url parameter in the app/admin/exts/ directory. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Jizhicms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-49230 HIGH POC This Week

An issue was discovered in Peplink Balance Two before 8.4.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Balance Two Firmware
NVD
CVSS 3.1
8.8
EPSS
2.1%
CVE-2023-52152 HIGH POC This Week

mupnp/net/uri.c in mUPnP for C through 3.0.2 has an out-of-bounds read and application crash because it lacks a certain host length recalculation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Mupnp For C
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-51006 HIGH POC This Week

An issue in the openFile method of Chinese Perpetual Calendar v9.0.0 allows attackers to read any file via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Chinese Perpetual Calendar
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-50842 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Matthew Fries MF Gig Calendar.2.1. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Mf Gig Calendar
NVD
CVSS 3.1
8.5
EPSS
0.3%
CVE-2023-50841 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Repute Infosystems BookingPress - Appointment Booking Calendar Plugin and Online Scheduling. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Bookingpress
NVD
CVSS 3.1
8.5
EPSS
0.3%
CVE-2023-50840 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpdevelop, oplugins Booking Manager.1.5. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Booking Manager
NVD
CVSS 3.1
8.5
EPSS
0.3%
CVE-2023-32795 HIGH This Week

Deserialization of Untrusted Data vulnerability in WooCommerce Product Add-Ons.1.3. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization WordPress Product Addons
NVD
CVSS 3.1
8.2
EPSS
0.2%
CVE-2023-46989 HIGH PATCH This Week

SQL Injection vulnerability in the Innovadeluxe Quick Order module for PrestaShop before v.1.4.0, allows local attackers to execute arbitrary code via the getProducts() function in the. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

RCE PHP SQLi Quick Order
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-50838 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Basix NEX-Forms - Ultimate Form Builder - Contact forms and much more.5.5. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Nex Forms
NVD
CVSS 3.1
7.6
EPSS
0.3%
CVE-2023-50847 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Collne Inc. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Welcart E Commerce
NVD
CVSS 3.1
7.6
EPSS
0.3%
CVE-2023-50846 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RegistrationMagic RegistrationMagic - Custom Registration Forms, User Registration, Payment, and. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Registrationmagic
NVD
CVSS 3.1
7.6
EPSS
0.3%
CVE-2023-50845 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AyeCode - WordPress Business Directory Plugins GeoDirectory - WordPress Business Directory. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi Geodirectory
NVD
CVSS 3.1
7.6
EPSS
0.3%
CVE-2023-50844 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in James Ward Mail logging - WP Mail Catcher.1.3. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Wp Mail Catcher
NVD
CVSS 3.1
7.6
EPSS
0.3%
CVE-2023-50843 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Clockwork Clockwork SMS Notfications.0.4. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Clockwork Sms Notfications
NVD
CVSS 3.1
7.6
EPSS
0.3%
CVE-2023-50855 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Sam Perrow Pre* Party Resource Hints.8.18. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Pre Party Resource Hints
NVD
CVSS 3.1
7.6
EPSS
0.1%
CVE-2023-50854 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Squirrly Squirrly SEO - Advanced Pack squirrly-seo-pack allows SQL Injection.4.02. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
7.6
EPSS
0.1%
CVE-2023-50853 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Nasirahmed Advanced Form Integration - Connect WooCommerce and Contact Form 7 to Google Sheets. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Google SQLi Advanced Form Integration
NVD
CVSS 3.1
7.6
EPSS
0.1%
CVE-2023-50852 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in StylemixThemes Booking Calendar | Appointment Booking | BookIt.4.3. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Bookit
NVD
CVSS 3.1
7.6
EPSS
0.1%
CVE-2023-50851 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in N Squared Appointment Booking Calendar - Simply Schedule Appointments Booking Plugin.6.6.1. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Simply Schedule Appointments
NVD
CVSS 3.1
7.6
EPSS
0.1%
CVE-2023-50849 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in E2Pdf.Com E2Pdf - Export To Pdf Tool for WordPress.20.23. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi E2pdf
NVD
CVSS 3.1
7.6
EPSS
0.1%
CVE-2023-50848 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Aaron J 404 Solution.34.0. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi 404 Solution
NVD
CVSS 3.1
7.6
EPSS
0.1%
CVE-2023-50857 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in FunnelKit Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi Funnelkit Automations
NVD
CVSS 3.1
7.6
EPSS
0.1%
CVE-2023-50856 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in FunnelKit Funnel Builder for WordPress by FunnelKit - Customize WooCommerce Checkout Pages,. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi Funnel Builder
NVD
CVSS 3.1
7.6
EPSS
0.1%
CVE-2023-32513 HIGH This Week

Deserialization of Untrusted Data vulnerability in GiveWP GiveWP - Donation Plugin and Fundraising Platform.25.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Deserialization Givewp
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-51501 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Undsgn Uncode - Creative & WooCommerce WordPress Theme allows Reflected XSS.8.6. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress Uncode
NVD
CVSS 3.1
7.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy