Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

DATE CVE VULNERABILITY TITLE RISK
2022-01-19 CVE-2022-23046 SQL Injection vulnerability in PHPipam 1.4.4
PhpIPAM v1.4.4 allows an authenticated admin user to inject SQL sentences in the "subnet" parameter while searching a subnet via app/admin/routing/edit-bgp-mapping-search.php
network
low complexity
phpipam CWE-89
6.5
2022-01-19 CVE-2021-46204 SQL Injection vulnerability in Taogogo Taocms 3.0.2
Taocms v3.0.2 was discovered to contain an arbitrary file read vulnerability via the path parameter.
network
low complexity
taogogo CWE-89
7.5
2022-01-17 CVE-2022-0258 SQL Injection vulnerability in Pimcore
pimcore is vulnerable to Improper Neutralization of Special Elements used in an SQL Command
network
low complexity
pimcore CWE-89
6.5
2022-01-17 CVE-2021-25037 SQL Injection vulnerability in Aioseo ALL in ONE SEO
The All in One SEO WordPress plugin before 4.1.5.3 is affected by an authenticated SQL injection issue, which was discovered during an internal audit by the Jetpack Scan team, and could grant attackers access to privileged information from the affected site’s database (e.g., usernames and hashed passwords).
network
low complexity
aioseo CWE-89
4.0
2022-01-14 CVE-2021-45406 SQL Injection vulnerability in Salonerp Project Salonerp 3.0.1
In SalonERP 3.0.1, a SQL injection vulnerability allows an attacker to inject payload using 'sql' parameter in SQL query while generating a report.
network
low complexity
salonerp-project CWE-89
6.5
2022-01-14 CVE-2022-0224 SQL Injection vulnerability in Dolibarr
dolibarr is vulnerable to Improper Neutralization of Special Elements used in an SQL Command
network
low complexity
dolibarr CWE-89
7.5
2022-01-14 CVE-2022-22055 SQL Injection vulnerability in Le-Yan Dental Management System Project Le-Yan Dental Management System 2.8.5
The Le-yan dental management system contains an SQL-injection vulnerability.
network
low complexity
le-yan-dental-management-system-project CWE-89
critical
10.0
2022-01-11 CVE-2021-43971 SQL Injection vulnerability in Sysaid 20.4.74
A SQL injection vulnerability in /mobile/SelectUsers.jsp in SysAid ITIL 20.4.74 b10 allows a remote authenticated attacker to execute arbitrary SQL commands via the filterText parameter.
network
low complexity
sysaid CWE-89
6.5
2022-01-11 CVE-2020-28102 SQL Injection vulnerability in Chshcms Cscms 4.1
cscms v4.1 allows for SQL injection via the "js_del" function.
network
low complexity
chshcms CWE-89
7.5
2022-01-11 CVE-2020-28103 SQL Injection vulnerability in Chshcms Cscms 4.1
cscms v4.1 allows for SQL injection via the "page_del" function.
network
low complexity
chshcms CWE-89
7.5