Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-07 | CVE-2023-5761 | SQL Injection vulnerability in Burst-Statistics Burst Statistics The Burst Statistics – Privacy-Friendly Analytics for WordPress plugin for WordPress is vulnerable to SQL Injection via the 'url' parameter in versions 1.4.0 to 1.4.6.1 (free) and versions 1.4.0 to 1.5.0 (pro) due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 7.5 |
| 2023-12-06 | CVE-2023-46353 | SQL Injection vulnerability in Mypresta Product TAG Icons PRO In the module "Product Tag Icons Pro" (ticons) before 1.8.4 from MyPresta.eu for PrestaShop, a guest can perform SQL injection. | 9.8 |
| 2023-12-04 | CVE-2023-5108 | SQL Injection vulnerability in Alphabpo Easy Newsletter Signups 1.0.4 The Easy Newsletter Signups WordPress plugin through 1.0.4 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin | 7.2 |
| 2023-12-04 | CVE-2023-6063 | SQL Injection vulnerability in Wpfastestcache WP Fastest Cache The WP Fastest Cache WordPress plugin before 1.2.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users. | 7.5 |
| 2023-12-04 | CVE-2023-48863 | SQL Injection vulnerability in Sem-Cms Semcms 3.9 SEMCMS 3.9 is vulnerable to SQL Injection. | 7.5 |
| 2023-12-01 | CVE-2023-48813 | SQL Injection vulnerability in Slims Senayan Library Management System Bulian 9.6.1 Senayan Library Management Systems (Slims) 9 Bulian v9.6.1 is vulnerable to SQL Injection via admin/modules/reporting/customs/fines_report.php. | 8.8 |
| 2023-12-01 | CVE-2023-48893 | SQL Injection vulnerability in Slims Senayan Library Management System Bulian 9.6.1 SLiMS (aka SENAYAN Library Management System) through 9.6.1 allows admin/modules/reporting/customs/staff_act.php SQL Injection via startDate or untilDate. | 8.8 |
| 2023-12-01 | CVE-2023-49371 | SQL Injection vulnerability in Ruoyi RuoYi up to v4.6 was discovered to contain a SQL injection vulnerability via /system/dept/edit. | 9.8 |
| 2023-12-01 | CVE-2023-48016 | SQL Injection vulnerability in PHPgurukul Restaurant Table Booking System 1.0 Restaurant Table Booking System V1.0 is vulnerable to SQL Injection in rtbs/admin/index.php via the username parameter. | 7.5 |
| 2023-11-30 | CVE-2023-46956 | SQL Injection vulnerability in Oretnom23 Packers and Movers Management System 1.0 SQL injection vulnerability in Packers and Movers Management System v.1.0 allows a remote attacker to execute arbitrary code via crafted payload to the /mpms/admin/?page=user/manage_user&id file. | 7.2 |