Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-22 | CVE-2024-23751 | SQL Injection vulnerability in Llamaindex LlamaIndex (aka llama_index) through 0.9.34 allows SQL injection via the Text-to-SQL feature in NLSQLTableQueryEngine, SQLTableRetrieverQueryEngine, NLSQLRetriever, RetrieverQueryEngine, and PGVectorSQLQueryEngine. | 9.8 |
| 2024-01-20 | CVE-2023-51927 | SQL Injection vulnerability in Yonyou Yonbip 323.05 YonBIP v3_23.05 was discovered to contain a SQL injection vulnerability via the com.yonyou.hrcloud.attend.web.AttendScriptController.runScript() method. | 9.8 |
| 2024-01-19 | CVE-2023-43985 | SQL Injection vulnerability in Sunnytoo Stblogsearch 1.0.0 SunnyToo stblogsearch up to v1.0.0 was discovered to contain a SQL injection vulnerability via the StBlogSearchClass::prepareSearch component. | 9.8 |
| 2024-01-19 | CVE-2023-46351 | SQL Injection vulnerability in Mypresta Manufacturers (Brands) Images Block In the module mib < 1.6.1 from MyPresta.eu for PrestaShop, a guest can perform SQL injection. | 9.8 |
| 2024-01-19 | CVE-2023-50028 | SQL Injection vulnerability in Prestashopmodules Sliding Cart Block In the module "Sliding cart block" (blockslidingcart) up to version 2.3.8 from PrestashopModules.eu for PrestaShop, a guest can perform SQL injection. | 9.8 |
| 2024-01-19 | CVE-2023-50030 | SQL Injection vulnerability in Joommasters Jmssetting In the module "Jms Setting" (jmssetting) from Joommasters for PrestaShop, a guest can perform SQL injection in versions <= 1.1.0. | 9.8 |
| 2024-01-19 | CVE-2024-0705 | SQL Injection vulnerability in Webtoffee Stripe Payment Plugin for Woocommerce The Stripe Payment Plugin for WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 3.7.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 7.5 |
| 2024-01-18 | CVE-2024-0651 | SQL Injection vulnerability in PHPgurukul Company Visitor Management System 1.0 A vulnerability was found in PHPGurukul Company Visitor Management System 1.0. | 7.2 |
| 2024-01-17 | CVE-2023-20271 | SQL Injection vulnerability in Cisco Prime Infrastructure A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. | 6.5 |
| 2024-01-17 | CVE-2023-5041 | SQL Injection vulnerability in Tracktheclick Track the Click The Track The Click WordPress plugin before 0.3.12 does not properly sanitize query parameters to the stats REST endpoint before using them in a database query, allowing a logged in user with an author role or higher to perform time based blind SQLi attacks on the database. | 8.8 |