Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-14 | CVE-2023-49708 | SQL Injection vulnerability in Joomstar Starshop 1.0.0/1.0.9 SQLi vulnerability in Starshop component for Joomla. | 9.8 |
| 2023-12-14 | CVE-2023-25651 | SQL Injection vulnerability in ZTE Mf286R Firmware and Mf833U1 Firmware There is a SQL injection vulnerability in some ZTE mobile internet products. Due to insufficient input validation of SMS interface parameter, an authenticated attacker could use the vulnerability to execute SQL injection and cause information leak. | 8.0 |
| 2023-12-14 | CVE-2023-48084 | SQL Injection vulnerability in Nagios XI Nagios XI before version 5.11.3 was discovered to contain a SQL injection vulnerability via the bulk modification tool. | 9.8 |
| 2023-12-14 | CVE-2023-49934 | SQL Injection vulnerability in Schedmd Slurm 23.11 An issue was discovered in SchedMD Slurm 23.11.x. | 9.8 |
| 2023-12-14 | CVE-2023-40921 | SQL Injection vulnerability in Common-Services Soliberte 4.0.0 SQL Injection vulnerability in functions/point_list.php in Common Services soliberte before v4.3.03 allows attackers to obtain sensitive information via the lat and lng parameters. | 9.8 |
| 2023-12-13 | CVE-2023-49363 | SQL Injection vulnerability in Rockoa Rockoa <2.3.3 is vulnerable to SQL Injection. | 9.8 |
| 2023-12-13 | CVE-2023-45800 | SQL Injection vulnerability in Hanbiro Groupware 3.8.79 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Hanbiro Hanbiro groupware allows Information Elicitation.This issue affects Hanbiro groupware: from V3.8.79 before V3.8.81.1. | 7.5 |
| 2023-12-12 | CVE-2023-41623 | SQL Injection vulnerability in Emlog 2.1.14 Emlog version pro2.1.14 was discovered to contain a SQL injection vulnerability via the uid parameter at /admin/media.php. | 7.2 |
| 2023-12-12 | CVE-2023-36652 | SQL Injection vulnerability in Prolion Cryptospike 3.0.15 A SQL Injection in the users searching REST API endpoint in ProLion CryptoSpike 3.0.15P2 allows remote authenticated attackers to read database data via SQL commands injected in the search parameter. | 4.3 |
| 2023-12-11 | CVE-2023-6035 | SQL Injection vulnerability in Spider-Themes Eazydocs The EazyDocs WordPress plugin before 2.3.4 does not properly sanitize and escape "data" parameter before using it in an SQL statement via an AJAX action, which could allow any authenticated users, such as subscribers, to perform SQL Injection attacks. | 8.8 |