Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

DATE CVE VULNERABILITY TITLE RISK
2024-04-03 CVE-2024-2879 SQL Injection vulnerability in Layerslider 7.10.0/7.9.11
The LayerSlider plugin for WordPress is vulnerable to SQL Injection via the ls_get_popup_markup action in versions 7.9.11 and 7.10.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
network
low complexity
layerslider CWE-89
7.5
7.5
2024-03-29 CVE-2023-6191 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Egehan Security WebPDKS allows SQL Injection.This issue affects WebPDKS: through 20240329. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
network
low complexity
CWE-89
critical
 9.8
9.8
2024-03-27 CVE-2023-6173 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TeoSOFT Software TeoBASE allows SQL Injection.This issue affects TeoBASE: through 27032024. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
network
low complexity
CWE-89
critical
 9.8
9.8
2024-03-25 CVE-2024-2865 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mergen Software Quality Management System allows SQL Injection.This issue affects Quality Management System: through 25032024.
network
low complexity
CWE-89
critical
 9.8
9.8
2024-03-12 CVE-2023-48788 SQL Injection vulnerability in Fortinet Forticlient Enterprise Management Server
A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiClientEMS version 7.2.0 through 7.2.2, FortiClientEMS 7.0.1 through 7.0.10 allows attacker to execute unauthorized code or commands via specially crafted packets.
network
low complexity
fortinet CWE-89
critical
 9.8
9.8
2024-03-08 CVE-2024-21901 SQL Injection vulnerability in Qnap QTS
A SQL injection vulnerability has been reported to affect myQNAPcloud.
network
low complexity
qnap CWE-89
4.7
4.7
2024-02-19 CVE-2024-1597 SQL Injection vulnerability in multiple products
pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE.
network
low complexity
postgresql fedoraproject CWE-89
critical
 9.8
9.8
2024-02-15 CVE-2023-5155 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Utarit Information Technologies SoliPay Mobile App allows SQL Injection.This issue affects SoliPay Mobile App: before 5.0.8.
network
low complexity
CWE-89
critical
 9.8
9.8
2024-02-15 CVE-2023-7081 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in POSTAHSIL Online Payment System allows SQL Injection.This issue affects Online Payment System: before 14.02.2024.
network
low complexity
CWE-89
critical
 9.8
9.8
2024-02-15 CVE-2024-1530 SQL Injection vulnerability in Shopex Ecshop 4.1.8
A vulnerability, which was classified as critical, has been found in ECshop 4.1.8.
network
low complexity
shopex CWE-89
8.8
8.8