Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-15 | CVE-2023-40956 | SQL Injection vulnerability in Cloudroits Wesite JOB Search 15.0 A SQL injection vulnerability in Cloudroits Website Job Search v.15.0 allows a remote authenticated attacker to execute arbitrary code via the name parameter in controllers/main.py component. | 8.8 |
| 2023-09-15 | CVE-2023-40957 | SQL Injection vulnerability in Didotech Engineering & Lifecycle Management 14.0/15.0/16.0 A SQL injection vulnerability in Didotech srl Engineering & Lifecycle Management (aka pdm) v.14.0, v.15.0 and v.16.0 fixed in pdm-14.0.1.0.0, pdm-15.0.1.0.0, and pdm-16.0.1.0.0 allows a remote authenticated attacker to execute arbitrary code via the request parameter in models/base_client.py component. | 8.8 |
| 2023-09-15 | CVE-2023-40958 | SQL Injection vulnerability in Didotech Engineering & Lifecycle Management 14.0/15.0/16.0 A SQL injection vulnerability in Didotech srl Engineering & Lifecycle Management (aka pdm) v.14.0, v.15.0 and v.16.0 fixed in pdm-14.0.1.0.0, pdm-15.0.1.0.0, and pdm-16.0.1.0.0 allows a remote authenticated attacker to execute arbitrary code via the query parameter in models/base_client.py component. | 8.8 |
| 2023-09-14 | CVE-2023-38891 | SQL Injection vulnerability in Vtiger CRM 7.5.0 SQL injection vulnerability in Vtiger CRM v.7.5.0 allows a remote authenticated attacker to escalate privileges via the getQueryColumnsList function in ReportRun.php. | 8.8 |
| 2023-09-14 | CVE-2023-42405 | SQL Injection vulnerability in Fit2Cloud Rackshift 1.7.1 SQL injection vulnerability in FIT2CLOUD RackShift v1.7.1 allows attackers to execute arbitrary code via the `sort` parameter to taskService.list(), bareMetalService.list(), and switchService.list(). | 9.8 |
| 2023-09-14 | CVE-2023-38912 | SQL Injection vulnerability in Superstorefinder PHP Script 3.6 SQL injection vulnerability in Super Store Finder PHP Script v.3.6 allows a remote attacker to execute arbitrary code via a crafted payload to the username parameter. | 9.8 |
| 2023-09-14 | CVE-2023-42178 | SQL Injection vulnerability in Lenosp Lenosp 1.0.0-1.2.0 is vulnerable to SQL Injection via the log query module. | 6.5 |
| 2023-09-12 | CVE-2023-21521 | SQL Injection vulnerability in Blackberry Athoc 7.15 An SQL Injection vulnerability in the Management Console? (Operator Audit Trail) of BlackBerry AtHoc version 7.15 could allow an attacker to potentially read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database, recover the content of a given file present on the DBMS file system and in some cases issue commands to the operating system. | 7.2 |
| 2023-09-11 | CVE-2023-35683 | SQL Injection vulnerability in Google Android In bindSelection of DatabaseUtils.java, there is a possible way to access files from other applications due to SQL injection. | 5.5 |
| 2023-09-11 | CVE-2023-40944 | SQL Injection vulnerability in Schoolmate Project Schoolmate 1.3 Schoolmate 1.3 is vulnerable to SQL Injection in the variable $schoolname from Database at ~\header.php. | 9.8 |