Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-21 | CVE-2023-38190 | SQL Injection vulnerability in Superwebmailer 9.00.0.01710 An issue was discovered in SuperWebMailer 9.00.0.01710. | 8.8 |
| 2023-10-20 | CVE-2023-5681 | SQL Injection vulnerability in Netentsec Application Security Gateway 6.3 A vulnerability, which was classified as critical, was found in Netentsec NS-ASG Application Security Gateway 6.3. | 7.2 |
| 2023-10-20 | CVE-2023-5682 | SQL Injection vulnerability in Tongda2000 Tongda Office Anywhere 2017 A vulnerability has been found in Tongda OA 2017 and classified as critical. | 9.8 |
| 2023-10-20 | CVE-2023-37824 | SQL Injection vulnerability in Sitolog Application Connect 7.8.A Sitolog sitologapplicationconnect v7.8.a and before was discovered to contain a SQL injection vulnerability via the component /activate_hook.php. | 9.8 |
| 2023-10-20 | CVE-2022-4290 | SQL Injection vulnerability in CYR to LAT Project CYR to LAT The Cyr to Lat plugin for WordPress is vulnerable to authenticated SQL Injection via the 'ctl_sanitize_title' function in versions up to, and including, 3.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 8.8 |
| 2023-10-20 | CVE-2023-4999 | SQL Injection vulnerability in Gopiplus Horizontal Scrolling Announcement 9.2 The Horizontal scrolling announcement plugin for WordPress is vulnerable to SQL Injection via the plugin's [horizontal-scrolling] shortcode in versions up to, and including, 9.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 8.8 |
| 2023-10-20 | CVE-2023-4598 | SQL Injection vulnerability in Wp-Slimstat Slimstat Analytics The Slimstat Analytics plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 5.0.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 6.5 |
| 2023-10-19 | CVE-2023-45376 | SQL Injection vulnerability in Hipresta Carousels Pack 1.5.0 In the module "Carousels Pack - Instagram, Products, Brands, Supplier" (hicarouselspack) for PrestaShop up to version 1.5.0 from HiPresta for PrestaShop, a guest can perform SQL injection via HiCpProductGetter::getViewedProduct().` | 9.8 |
| 2023-10-19 | CVE-2023-43986 | SQL Injection vulnerability in Dmconcept Configurator 4.9.3 DM Concept configurator before v4.9.4 was discovered to contain a SQL injection vulnerability via the component ConfiguratorAttachment::getAttachmentByToken. | 9.8 |
| 2023-10-19 | CVE-2023-45381 | SQL Injection vulnerability in Webshopworks Creativepopup 1.6.9 In the module "Creative Popup" (creativepopup) up to version 1.6.9 from WebshopWorks for PrestaShop, a guest can perform SQL injection via `cp_download_popup().` | 9.8 |