Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-17 | CVE-2023-44694 | SQL Injection vulnerability in Dlink Dar-7000 Firmware V31R02B1413C D-Link Online behavior audit gateway DAR-7000 V31R02B1413C is vulnerable to SQL Injection via /log/mailrecvview.php. | 9.8 |
| 2023-10-17 | CVE-2023-34210 | SQL Injection vulnerability in Easyuse Mailhunter Ultimate 2020/2023 SQL Injection in create customer group function in EasyUse MailHunter Ultimate 2023 and earlier allow remote authenticated users to execute arbitrary SQL commands via the ctl00$ContentPlaceHolder1$txtCustSQL parameter. | 8.8 |
| 2023-10-17 | CVE-2023-45375 | SQL Injection vulnerability in 01Generator Pireospay 1.7.9 In the module "PireosPay" (pireospay) before version 1.7.10 from 01generator.com for PrestaShop, a guest can perform SQL injection via `PireosPayValidationModuleFrontController::postProcess().` | 8.8 |
| 2023-10-17 | CVE-2023-45386 | SQL Injection vulnerability in Mypresta Product Extra Tabs PRO In the module extratabspro before version 2.2.8 from MyPresta.eu for PrestaShop, a guest can perform SQL injection via `extratabspro::searchcategory()`, `extratabspro::searchproduct()` and `extratabspro::searchmanufacturer().' | 9.8 |
| 2023-10-16 | CVE-2023-40852 | SQL Injection vulnerability in User Registration & Login and User Management System With Admin Panel Project User Registration & Login and User Management System With Admin Panel 3.0 SQL Injection vulnerability in Phpgurukul User Registration & Login and User Management System With admin panel 3.0 allows attackers to obtain sensitive information via crafted string in the admin user name field on the admin log in page. network low complexity user-registration-login-and-user-management-system-with-admin-panel-project CWE-89 critical | 9.8 |
| 2023-10-16 | CVE-2023-4776 | SQL Injection vulnerability in Igexsolutions Wpschoolpress The School Management System WordPress plugin before 2.2.5 uses the WordPress esc_sql() function on a field not delimited by quotes and did not first prepare the query, leading to a SQL injection exploitable by relatively low-privilege users like Teachers. | 8.8 |
| 2023-10-15 | CVE-2023-5587 | SQL Injection vulnerability in Free Hospital Management System for Small Practices Project Free Hospital Management System for Small Practices 1.0 A vulnerability was found in SourceCodester Free Hospital Management System for Small Practices 1.0 and classified as critical. | 9.8 |
| 2023-10-14 | CVE-2023-30154 | SQL Injection vulnerability in Shoprunners Aftermail Multiple improper neutralization of SQL parameters in module AfterMail (aftermailpresta) for PrestaShop, before version 2.2.1, allows remote attackers to perform SQL injection attacks via `id_customer`, `id_conf`, `id_product` and `token` parameters in `aftermailajax.php via the 'id_product' parameter in hooks DisplayRightColumnProduct and DisplayProductButtons. | 9.8 |
| 2023-10-13 | CVE-2023-34976 | SQL Injection vulnerability in Qnap Video Station A SQL injection vulnerability has been reported to affect Video Station. | 8.8 |
| 2023-10-13 | CVE-2023-45162 | SQL Injection vulnerability in 1E Platform Affected 1E Platform versions have a Blind SQL Injection vulnerability that can lead to arbitrary code execution. Application of the relevant hotfix remediates this issue. for v8.1.2 apply hotfix Q23166 for v8.4.1 apply hotfix Q23164 for v9.0.1 apply hotfix Q23169 SaaS implementations on v23.7.1 will automatically have hotfix Q23173 applied. | 9.8 |