Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-08 | CVE-2021-40814 | SQL Injection vulnerability in Mypresta Customer Photo Gallery The Customer Photo Gallery addon before 2.9.4 for PrestaShop is vulnerable to SQL injection. | 7.5 |
| 2021-09-08 | CVE-2020-19853 | SQL Injection vulnerability in Bluecms Project Bluecms 1.6 BlueCMS v1.6 contains a SQL injection vulnerability via /ad_js.php. | 7.5 |
| 2021-09-07 | CVE-2021-38706 | SQL Injection vulnerability in Cliniccases 7.3.3 messages_load.php in ClinicCases 7.3.3 suffers from a blind SQL injection vulnerability, which allows low-privileged attackers to execute arbitrary SQL commands through a vulnerable parameter. | 6.5 |
| 2021-09-07 | CVE-2020-7819 | SQL Injection vulnerability in Ntracker USB Enterprise A SQL-Injection vulnerability in the nTracker USB Enterprise(secure USB management solution) allows a remote unauthenticated attacker to perform SQL query to access username password and other session related information. | 5.0 |
| 2021-09-07 | CVE-2021-38840 | SQL Injection vulnerability in Simple Water Refilling Station Management System Project Simple Water Refilling Station Management System 1.0 SQL Injection can occur in Simple Water Refilling Station Management System 1.0 via the water_refilling/classes/Login.php username parameter. | 7.5 |
| 2021-09-06 | CVE-2021-24303 | SQL Injection vulnerability in Jiangqie Official Website Mini Program 1.0/1.0.5/1.1.0 The JiangQie Official Website Mini Program WordPress plugin before 1.1.1 does not escape or validate the id GET parameter before using it in SQL statements, leading to SQL injection issues | 6.5 |
| 2021-09-06 | CVE-2021-24390 | SQL Injection vulnerability in Alipay Project Alipay A proid GET parameter of the WordPress支付�Alipay|财付通Tenpay|��PayPal集��件 WordPress plugin through 3.7.2 is not sanitised, properly escaped or validated before inserting to a SQL statement not delimited by quotes, leading to SQL injection. | 6.5 |
| 2021-09-06 | CVE-2021-24391 | SQL Injection vulnerability in Cashtomer Project Cashtomer 1.0.0 An editid GET parameter of the Cashtomer WordPress plugin through 1.0.0 is not properly sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. | 6.5 |
| 2021-09-06 | CVE-2021-24392 | SQL Injection vulnerability in Swiftcrm Club-Management-Software An id GET parameter of the WordPress Membership SwiftCloud.io WordPress plugin through 1.0 is not properly sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. | 6.5 |
| 2021-09-06 | CVE-2021-24393 | SQL Injection vulnerability in Comment Highlighter Project Comment Highlighter 0.13 A c GET parameter of the Comment Highlighter WordPress plugin through 0.13 is not properly sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. | 6.5 |