Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-28 | CVE-2023-46989 | SQL Injection vulnerability in Innovadeluxe Quick Order SQL Injection vulnerability in the Innovadeluxe Quick Order module for PrestaShop before v.1.4.0, allows local attackers to execute arbitrary code via the getProducts() function in the productlist.php file. | 7.8 |
| 2023-12-26 | CVE-2023-52096 | SQL Injection vulnerability in Steve-Community Ocpp-Jaxb SteVe Community ocpp-jaxb before 0.0.8 generates invalid timestamps such as ones with month 00 in certain situations (such as when an application receives a StartTransaction Open Charge Point Protocol message with a timestamp parameter of 1000000). | 7.5 |
| 2023-12-26 | CVE-2023-5203 | SQL Injection vulnerability in Swit WP Sessions Time Monitoring Full Automatic The WP Sessions Time Monitoring Full Automatic WordPress plugin before 1.0.9 does not sanitize the request URL or query parameters before using them in an SQL query, allowing unauthenticated attackers to extract sensitive data from the database via blind time based SQL injection techniques, or in some cases an error/union based technique. | 7.5 |
| 2023-12-26 | CVE-2023-5645 | SQL Injection vulnerability in Wpvibes WP Mail LOG The WP Mail Log WordPress plugin before 1.1.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Contributor. | 8.8 |
| 2023-12-26 | CVE-2023-5674 | SQL Injection vulnerability in Wpvibes WP Mail LOG The WP Mail Log WordPress plugin before 1.1.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Contributor. | 8.8 |
| 2023-12-25 | CVE-2023-49954 | SQL Injection vulnerability in 3CX The CRM Integration in 3CX before 18.0.9.23 and 20 before 20.0.0.1494 allows SQL Injection via a first name, search string, or email address. | 9.8 |
| 2023-12-25 | CVE-2022-39822 | SQL Injection vulnerability in Nokia Network Functions Manager for Transport 19.9 In NOKIA NFM-T R19.9, a SQL Injection vulnerability occurs in /cgi-bin/R19.9/easy1350.pl of the VM Manager WebUI via the id or host HTTP GET parameter. | 8.8 |
| 2023-12-25 | CVE-2023-7097 | SQL Injection vulnerability in Fabianros Water Billing System 1.0 A vulnerability classified as critical has been found in code-projects Water Billing System 1.0. | 9.8 |
| 2023-12-22 | CVE-2022-47532 | SQL Injection vulnerability in Filerun 20220519 FileRun 20220519 allows SQL Injection via the "dir" parameter in a /?module=users§ion=cpanel&page=list request. | 9.8 |
| 2023-12-21 | CVE-2023-45117 | SQL Injection vulnerability in Projectworlds Online Examination System 1.0 Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'eid' parameter of the /update.php?q=rmquiz resource does not validate the characters received and they are sent unfiltered to the database. | 8.8 |