Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-19 | CVE-2023-2567 | SQL Injection vulnerability in Nozominetworks CMC and Guardian A SQL Injection vulnerability has been found in Nozomi Networks Guardian and CMC, due to improper input validation in certain parameters used in the Query functionality. Authenticated users may be able to execute arbitrary SQL statements on the DBMS used by the web application. | 8.8 |
| 2023-09-19 | CVE-2023-41387 | SQL Injection vulnerability in Patreon Flutter Downloader A SQL injection in the flutter_downloader component through 1.11.1 for iOS allows remote attackers to steal session tokens and overwrite arbitrary files inside the app's container. | 9.1 |
| 2023-09-19 | CVE-2021-26837 | SQL Injection vulnerability in Fortra Delivernow SQL Injection vulnerability in SearchTextBox parameter in Fortra (Formerly HelpSystems) DeliverNow before version 1.2.18, allows attackers to execute arbitrary code, escalate privileges, and gain sensitive information. | 9.8 |
| 2023-09-18 | CVE-2023-41443 | SQL Injection vulnerability in Xxyopen Novel-Plus 4.1.0 SQL injection vulnerability in Novel-Plus v.4.1.0 allows a remote attacker to execute arbitrary code via a crafted script to the sort parameter in /sys/menu/list. | 7.2 |
| 2023-09-18 | CVE-2023-42359 | SQL Injection vulnerability in Exam Form Submission in PHP With Source Code Project Exam Form Submission in PHP With Source Code 1.0 SQL injection vulnerability in Exam Form Submission in PHP with Source Code v.1.0 allows a remote attacker to escalate privileges via the val-username parameter in /index.php. | 9.8 |
| 2023-09-15 | CVE-2023-39643 | SQL Injection vulnerability in Blmodules Xmlfeeds PRO 3.8.2 Bl Modules xmlfeeds before v3.9.8 was discovered to contain a SQL injection vulnerability via the component SearchApiXml::Xmlfeeds(). | 9.8 |
| 2023-09-15 | CVE-2023-39639 | SQL Injection vulnerability in Leotheme Leoblog 3.0.0/3.0.6/3.1.2 LeoTheme leoblog up to v3.1.2 was discovered to contain a SQL injection vulnerability via the component LeoBlogBlog::getListBlogs. | 9.8 |
| 2023-09-15 | CVE-2023-39641 | SQL Injection vulnerability in Activedesign Full Affiliates Active Design psaffiliate before v1.9.8 was discovered to contain a SQL injection vulnerability via the component PsaffiliateGetaffiliatesdetailsModuleFrontController::initContent(). | 9.8 |
| 2023-09-15 | CVE-2023-39642 | SQL Injection vulnerability in Carts.Guru Cartsguru 2.4.2 Carts Guru cartsguru up to v2.4.2 was discovered to contain a SQL injection vulnerability via the component CartsGuruCatalogModuleFrontController::display(). | 9.8 |
| 2023-09-15 | CVE-2023-40955 | SQL Injection vulnerability in Didotech Engineering & Lifecycle Management 14.0/15.0/16.0 A SQL injection vulnerability in Didotech srl Engineering & Lifecycle Management (aka pdm) v.14.0, v.15.0 and v.16.0 fixed in pdm-14.0.1.0.0, pdm-15.0.1.0.0, and pdm-16.0.1.0.0 allows a remote authenticated attacker to execute arbitrary code via the select parameter in models/base_client.py component. | 8.8 |