Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-05 | CVE-2023-50027 | SQL Injection vulnerability in Buy-Addons Bazoom Magnifier SQL Injection vulnerability in Buy Addons baproductzoommagnifier module for PrestaShop versions 1.0.16 and before, allows remote attackers to escalate privileges and gain sensitive information via BaproductzoommagnifierZoomModuleFrontController::run() method. | 9.8 |
| 2024-01-03 | CVE-2023-6981 | SQL Injection vulnerability in Veronalabs WP SMS The WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc plugin for WordPress is vulnerable to SQL Injection via the 'group_id' parameter in all versions up to, and including, 6.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 4.9 |
| 2024-01-02 | CVE-2020-26623 | SQL Injection vulnerability in Gilacms Gila CMS SQL Injection vulnerability discovered in Gila CMS 1.15.4 and earlier allows a remote attacker to execute arbitrary web scripts via the Area parameter under the Administration>Widget tab after the login portal. | 3.8 |
| 2024-01-02 | CVE-2020-26624 | SQL Injection vulnerability in Gilacms Gila CMS A SQL injection vulnerability was discovered in Gila CMS 1.15.4 and earlier which allows a remote attacker to execute arbitrary web scripts via the ID parameter after the login portal. | 3.8 |
| 2024-01-02 | CVE-2020-26625 | SQL Injection vulnerability in Gilacms Gila CMS A SQL injection vulnerability was discovered in Gila CMS 1.15.4 and earlier which allows a remote attacker to execute arbitrary web scripts via the 'user_id' parameter after the login portal. | 3.8 |
| 2023-12-31 | CVE-2023-7188 | SQL Injection vulnerability in Fahuo100 1.1 A vulnerability classified as critical has been found in Shipping 100 Fahuo100 up to 1.1. | 8.1 |
| 2023-12-30 | CVE-2023-50589 | SQL Injection vulnerability in Embras Geosiap ERP 2.2.167.02 Grupo Embras GEOSIAP ERP v2.2.167.02 was discovered to contain a SQL injection vulnerability via the codLogin parameter on the login page. | 9.8 |
| 2023-12-30 | CVE-2023-7179 | SQL Injection vulnerability in Online College Library System Project Online College Library System 1.0 A vulnerability, which was classified as critical, was found in Campcodes Online College Library System 1.0. | 8.8 |
| 2023-12-30 | CVE-2023-50578 | SQL Injection vulnerability in Mingsoft Mcms 5.2.9 Mingsoft MCMS v5.2.9 was discovered to contain a SQL injection vulnerability via the categoryType parameter at /content/list.do. | 9.8 |
| 2023-12-30 | CVE-2023-41542 | SQL Injection vulnerability in Jeecg Boot SQL injection vulnerability in jeecg-boot version 3.5.3, allows remote attackers to escalate privileges and obtain sensitive information via the jmreport/qurestSql component. | 9.8 |