Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-12 | CVE-2023-30014 | SQL Injection vulnerability in Oretnom23 Judging Management System 1.0 SQL Injection vulnerability in oretnom23 Judging Management System v1.0, allows remote attackers to execute arbitrary code and obtain sensitive information via sub_event_id parameter in sub_event_stat_update.php. | 9.8 |
| 2024-01-12 | CVE-2023-30015 | SQL Injection vulnerability in Oretnom23 Judging Management System 1.0 SQL Injection vulnerability in oretnom23 Judging Management System v1.0, allows remote attackers to execute arbitrary code and obtain sensitive information via txtsearch parameter in review_search.php. | 9.8 |
| 2024-01-12 | CVE-2023-30016 | SQL Injection vulnerability in Oretnom23 Judging Management System 1.0 SQL Injection vulnerability in oretnom23 Judging Management System v1.0, allows remote attackers to execute arbitrary code and obtain sensitive information via sub_event_id parameter in sub_event_details_edit.php. | 9.8 |
| 2024-01-11 | CVE-2023-6567 | SQL Injection vulnerability in Thimpress Learnpress The LearnPress plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order_by’ parameter in all versions up to, and including, 4.2.5.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 7.5 |
| 2024-01-10 | CVE-2023-52064 | SQL Injection vulnerability in Wuzhicms Wuzhi CMS 4.1.0 Wuzhicms v4.1.0 was discovered to contain a SQL injection vulnerability via the $keywords parameter at /core/admin/copyfrom.php. | 9.8 |
| 2024-01-10 | CVE-2023-48253 | SQL Injection vulnerability in Bosch Nexo-Os 1000/1500Sp2 The vulnerability allows a remote authenticated attacker to read or update arbitrary content of the authentication database via a crafted HTTP request. By abusing this vulnerability it is possible to exfiltrate other users’ password hashes or update them with arbitrary values and access their accounts. | 8.8 |
| 2024-01-10 | CVE-2023-48259 | SQL Injection vulnerability in Bosch Nexo-Os 1000/1500Sp2 The vulnerability allows a remote unauthenticated attacker to read arbitrary content of the results database via a crafted HTTP request. | 7.5 |
| 2024-01-10 | CVE-2023-48260 | SQL Injection vulnerability in Bosch Nexo-Os 1000/1500Sp2 The vulnerability allows a remote unauthenticated attacker to read arbitrary content of the results database via a crafted HTTP request. | 7.5 |
| 2024-01-10 | CVE-2023-48261 | SQL Injection vulnerability in Bosch Nexo-Os 1000/1500Sp2 The vulnerability allows a remote unauthenticated attacker to read arbitrary content of the results database via a crafted HTTP request. | 7.5 |
| 2024-01-10 | CVE-2020-26627 | SQL Injection vulnerability in PHPgurukul Hospital Management System 4.0 A Time-Based SQL Injection vulnerability was discovered in Hospital Management System V4.0 which can allow an attacker to dump database information via a crafted payload entered into the 'Admin Remark' parameter under the 'Contact Us Queries -> Unread Query' tab. | 4.9 |