Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-21 | CVE-2023-42279 | SQL Injection vulnerability in Iteachyou Dreamer CMS 4.1.3 Dreamer CMS v4.1.3 was discovered to contain a SQL injection vulnerability via the model-form-management-field form. | 9.8 |
| 2023-09-21 | CVE-2023-34577 | SQL Injection vulnerability in Planned Popup Project Planned Popup 1.4.11 SQL injection vulnerability in Prestashop opartplannedpopup 1.4.11 and earlier allows remote attackers to run arbitrary SQL commands via OpartPlannedPopupModuleFrontController::prepareHook() method. | 9.8 |
| 2023-09-21 | CVE-2023-43274 | SQL Injection vulnerability in PHPjabbers PHP Shopping Cart 4.2 Phpjabbers PHP Shopping Cart 4.2 is vulnerable to SQL Injection via the id parameter. | 7.5 |
| 2023-09-20 | CVE-2023-34575 | SQL Injection vulnerability in Op'Art Save Cart Project Op'Art Save Cart SQL injection vulnerability in PrestaShop opartsavecart through 2.0.7 allows remote attackers to run arbitrary SQL commands via OpartSaveCartDefaultModuleFrontController::initContent() and OpartSaveCartDefaultModuleFrontController::displayAjaxSendCartByEmail() methods. | 9.8 |
| 2023-09-20 | CVE-2023-39675 | SQL Injection vulnerability in Simpleimportproduct Project Simpleimportproduct 6.2.9 SimpleImportProduct Prestashop Module v6.2.9 was discovered to contain a SQL injection vulnerability via the key parameter at send.php. | 9.8 |
| 2023-09-20 | CVE-2023-43371 | SQL Injection vulnerability in Digitaldruid Hoteldruid 3.0.5 Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the numcaselle parameter at /hoteldruid/creaprezzi.php. | 9.8 |
| 2023-09-20 | CVE-2023-43373 | SQL Injection vulnerability in Digitaldruid Hoteldruid 3.0.5 Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the n_utente_agg parameter at /hoteldruid/interconnessioni.php. | 9.8 |
| 2023-09-20 | CVE-2023-43374 | SQL Injection vulnerability in Digitaldruid Hoteldruid 3.0.5 Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the id_utente_log parameter at /hoteldruid/personalizza.php. | 9.8 |
| 2023-09-20 | CVE-2023-43375 | SQL Injection vulnerability in Digitaldruid Hoteldruid 3.0.5 Hoteldruid v3.0.5 was discovered to contain multiple SQL injection vulnerabilities at /hoteldruid/clienti.php via the annonascita, annoscaddoc, giornonascita, giornoscaddoc, lingua_cli, mesenascita, and mesescaddoc parameters. | 9.8 |
| 2023-09-20 | CVE-2023-43377 | SQL Injection vulnerability in Digitaldruid Hoteldruid 3.0.5 A cross-site scripting (XSS) vulnerability in /hoteldruid/visualizza_contratto.php of Hoteldruid v3.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the destinatario_email1 parameter. | 5.4 |