Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

DATE CVE VULNERABILITY TITLE RISK
2023-09-25 CVE-2023-39640 SQL Injection vulnerability in Uplight Cookie LAW
UpLight cookiebanner before 1.5.1 was discovered to contain a SQL injection vulnerability via the component Hook::getHookModuleExecList().
network
low complexity
uplight CWE-89
critical
 9.8
9.8
2023-09-25 CVE-2023-5152 SQL Injection vulnerability in Dlink Dar-8000 Firmware 100A53Dbr/20151231
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, has been found in D-Link DAR-7000 and DAR-8000 up to 20151231.
network
low complexity
dlink CWE-89
6.5
6.5
2023-09-23 CVE-2023-43468 SQL Injection vulnerability in Online JOB Portal Project Online JOB Portal 2020
SQL injection vulnerability in janobe Online Job Portal v.2020 allows a remote attacker to execute arbitrary code via the login.php component.
network
low complexity
online-job-portal-project CWE-89
critical
 9.8
9.8
2023-09-23 CVE-2023-43469 SQL Injection vulnerability in Online JOB Portal Project Online JOB Portal 2020
SQL injection vulnerability in janobe Online Job Portal v.2020 allows a remote attacker to execute arbitrary code via the ForPass.php component.
network
low complexity
online-job-portal-project CWE-89
critical
 9.8
9.8
2023-09-23 CVE-2023-43470 SQL Injection vulnerability in Janobe Online Voting System 1.0
SQL injection vulnerability in janobe Online Voting System v.1.0 allows a remote attacker to execute arbitrary code via the checklogin.php component.
network
low complexity
janobe CWE-89
critical
 9.8
9.8
2023-09-22 CVE-2023-40989 SQL Injection vulnerability in Jeecg Boot 3.0/3.5.3
SQL injection vulnerbility in jeecgboot jeecg-boot v 3.0, 3.5.3 that allows a remote attacker to execute arbitrary code via a crafted request to the report/jeecgboot/jmreport/queryFieldBySql component.
network
low complexity
jeecg CWE-89
critical
 9.8
9.8
2023-09-22 CVE-2023-43144 SQL Injection vulnerability in Projectworlds Asset Management System Project in PHP 1.0
Projectworldsl Assets-management-system-in-php 1.0 is vulnerable to SQL Injection via the "id" parameter in delete.php.
network
low complexity
projectworlds CWE-89
critical
 9.8
9.8
2023-09-22 CVE-2023-31717 SQL Injection vulnerability in Frangoteam Fuxa
A SQL Injection attack in FUXA <= 1.1.12 allows exfiltration of confidential information from the database.
network
low complexity
frangoteam CWE-89
7.5
7.5
2023-09-22 CVE-2023-31719 SQL Injection vulnerability in Frangoteam Fuxa
FUXA <= 1.1.12 is vulnerable to SQL Injection via /api/signin.
network
low complexity
frangoteam CWE-89
critical
 9.8
9.8
2023-09-21 CVE-2023-34576 SQL Injection vulnerability in Opartfaq Project Opartfaq 1.0.3
SQL injection vulnerability in updatepos.php in PrestaShop opartfaq through 1.0.3 allows remote attackers to run arbitrary SQL commands via unspedified vector.
network
low complexity
opartfaq-project CWE-89
critical
 9.8
9.8