Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

DATE CVE VULNERABILITY TITLE RISK
2023-10-04 CVE-2023-4037 SQL Injection vulnerability in Setelsa-Security Conacwin 3.7.1.2
Blind SQL injection vulnerability in the Conacwin 3.7.1.2 web interface, the exploitation of which could allow a local attacker to obtain sensitive data stored in the database by sending a specially crafted SQL query to the xml parameter.
local
low complexity
setelsa-security CWE-89
5.5
5.5
2023-10-03 CVE-2023-39647 SQL Injection vulnerability in Themevolty Theme Volty CMS Category Product 4.0.1
Improper neutralization of SQL parameter in Theme Volty CMS Category Product module for PrestaShop.
network
low complexity
themevolty CWE-89
critical
 9.8
9.8
2023-10-03 CVE-2023-39646 SQL Injection vulnerability in Themevolty Theme Volty CMS Category Chain Slider 4.0.1
Improper neutralization of SQL parameter in Theme Volty CMS Category Chain Slider module for PrestaShop.
network
low complexity
themevolty CWE-89
critical
 9.8
9.8
2023-10-03 CVE-2023-39648 SQL Injection vulnerability in Themevolty Theme Volty CMS Testimonial 4.0.1
Improper neutralization of SQL parameter in Theme Volty CMS Testimonial module for PrestaShop.
network
low complexity
themevolty CWE-89
critical
 9.8
9.8
2023-10-03 CVE-2023-39649 SQL Injection vulnerability in Themevolty Theme Volty CMS Category Slider 4.0.1
Improper neutralization of SQL parameter in Theme Volty CMS Category Slider module for PrestaShop.
network
low complexity
themevolty CWE-89
critical
 9.8
9.8
2023-10-03 CVE-2023-39651 SQL Injection vulnerability in Themevolty Theme Volty CMS Brandlist 4.0.1
Improper neutralization of SQL parameter in Theme Volty CMS BrandList module for PrestaShop In the module “Theme Volty CMS BrandList” (tvcmsbrandlist) up to version 4.0.1 from Theme Volty for PrestaShop, a guest can perform SQL injection in affected versions.
network
low complexity
themevolty CWE-89
critical
 9.8
9.8
2023-10-03 CVE-2023-39645 SQL Injection vulnerability in Themevolty CMS Payment Icon 4.0.1
Improper neutralization of SQL parameter in Theme Volty CMS Payment Icon module for PrestaShop.
network
low complexity
themevolty CWE-89
critical
 9.8
9.8
2023-10-03 CVE-2023-2681 SQL Injection vulnerability in Jorani 1.0.0
An SQL Injection vulnerability has been found on Jorani version 1.0.0.
network
low complexity
jorani CWE-89
8.8
8.8
2023-10-03 CVE-2023-4098 SQL Injection vulnerability in Qsige 3.0.0.0
It has been identified that the web application does not correctly filter input parameters, allowing SQL injections, DoS or information disclosure.
network
low complexity
qsige CWE-89
8.8
8.8
2023-10-03 CVE-2023-4102 SQL Injection vulnerability in Qsige 3.0.0.0
QSige login SSO does not have an access control mechanism to verify whether the user requesting a resource has sufficient permissions to do so.
network
low complexity
qsige CWE-89
8.8
8.8