Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

DATE CVE VULNERABILITY TITLE RISK
2023-12-15 CVE-2023-40954 SQL Injection vulnerability in Gmarczynski Dynamic Progress BAR
A SQL injection vulnerability in Grzegorz Marczynski Dynamic Progress Bar (aka web_progress) v.
network
low complexity
gmarczynski CWE-89
critical
 9.8
9.8
2023-12-15 CVE-2023-48050 SQL Injection vulnerability in multiple products
SQL injection vulnerability in Cams Biometrics Zkteco, eSSL, Cams Biometrics Integration Module with HR Attendance (aka odoo-biometric-attendance) v.
network
low complexity
camsbiometrics odoo CWE-89
critical
 9.8
9.8
2023-12-15 CVE-2023-48049 SQL Injection vulnerability in Cybrosys Website Blog Search 13.0/13.0.1.0.1
A SQL injection vulnerability in Cybrosys Techno Solutions Website Blog Search (aka website_search_blog) v.
network
low complexity
cybrosys CWE-89
critical
 9.8
9.8
2023-12-14 CVE-2023-44284 SQL Injection vulnerability in Dell products
Dell PowerProtect DD , versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an SQL Injection vulnerability.
network
low complexity
dell CWE-89
4.3
4.3
2023-12-14 CVE-2023-50073 SQL Injection vulnerability in Leadscloud Empirecms 7.5
EmpireCMS v7.5 was discovered to contain a SQL injection vulnerability via the ftppassword parameter at SetEnews.php.
network
low complexity
leadscloud CWE-89
critical
 9.8
9.8
2023-12-14 CVE-2023-50563 SQL Injection vulnerability in Sem-Cms Semcms 4.8
Semcms v4.8 was discovered to contain a SQL injection vulnerability via the AID parameter at SEMCMS_Function.php.
network
low complexity
sem-cms CWE-89
critical
 9.8
9.8
2023-12-14 CVE-2023-40629 SQL Injection vulnerability in King-Products LMS King Lite 1.0.0/3.3.01
SQLi vulnerability in LMS Lite component for Joomla.
network
low complexity
king-products CWE-89
critical
 9.8
9.8
2023-12-14 CVE-2023-46348 SQL Injection vulnerability in Sunnytoo Sturls
SQL njection vulnerability in SunnyToo sturls before version 1.1.13, allows attackers to escalate privileges and obtain sensitive information via StUrls::hookActionDispatcher and StUrls::getInstanceId methods.
network
low complexity
sunnytoo CWE-89
critical
 9.8
9.8
2023-12-14 CVE-2023-48925 SQL Injection vulnerability in Buy-Addons Bavideotab
SQL injection vulnerability in Buy Addons bavideotab before version 1.0.6, allows attackers to escalate privileges and obtain sensitive information via the component BaVideoTabSaveVideoModuleFrontController::run().
network
low complexity
buy-addons CWE-89
critical
 9.8
9.8
2023-12-14 CVE-2023-49707 SQL Injection vulnerability in Joomlart S5 Register 1.0.0/3.0.0
SQLi vulnerability in S5 Register module for Joomla.
network
low complexity
joomlart CWE-89
critical
 9.8
9.8