Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-16 | CVE-2023-2655 | SQL Injection vulnerability in Web-Dorado Contact Form Maker The Contact Form by WD WordPress plugin through 1.13.23 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin | 7.2 |
| 2024-01-16 | CVE-2023-3211 | SQL Injection vulnerability in Dmparekh Wordpress Database Administrator The WordPress Database Administrator WordPress plugin through 1.0.3 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection. | 9.8 |
| 2024-01-16 | CVE-2023-6373 | SQL Injection vulnerability in Artplacer Widget The ArtPlacer Widget WordPress plugin before 2.20.7 does not sanitize and escape the "id" parameter before submitting the query, leading to a SQLI exploitable by editors and above. | 8.8 |
| 2024-01-16 | CVE-2023-47460 | SQL Injection vulnerability in Knovos Discovery 22.67.0 SQL injection vulnerability in Knovos Discovery v.22.67.0 allows a remote attacker to execute arbitrary code via the /DiscoveryProcess/Service/Admin.svc/getGridColumnStructure component. | 8.8 |
| 2024-01-16 | CVE-2023-51810 | SQL Injection vulnerability in Stackideas Easydiscuss SQL injection vulnerability in StackIdeas EasyDiscuss v.5.0.5 and fixed in v.5.0.10 allows a remote attacker to obtain sensitive information via a crafted request to the search parameter in the Users module. | 7.5 |
| 2024-01-15 | CVE-2023-6620 | SQL Injection vulnerability in Wpexperts Post Smtp Mailer The POST SMTP Mailer WordPress plugin before 2.8.7 does not properly sanitise and escape several parameters before using them in SQL statements, leading to a SQL injection exploitable by high privilege users such as admin. | 7.2 |
| 2024-01-13 | CVE-2024-0498 | SQL Injection vulnerability in Yugeshverma Online Lawyer Management System 1.0 A vulnerability was found in Project Worlds Lawyer Management System 1.0. | 9.8 |
| 2024-01-13 | CVE-2024-0489 | SQL Injection vulnerability in Code-Projects Fighting Cock Information System 1.0 A vulnerability was found in code-projects Fighting Cock Information System 1.0. | 9.8 |
| 2024-01-13 | CVE-2023-51805 | SQL Injection vulnerability in Tduckcloud Tduck-Platform 4.0 SQL Injection vulnerability in TDuckCLoud tduck-platform v.4.0 allows a remote attacker to obtain sensitive information via the getFormKey parameter in the search function of FormDataMysqlService.java file. | 6.5 |
| 2024-01-12 | CVE-2023-51978 | SQL Injection vulnerability in PHPgurukul ART Gallery Management System 1.1 In PHPGurukul Art Gallery Management System v1.1, "Update Artist Image" functionality of "imageid" parameter is vulnerable to SQL Injection. | 6.5 |