Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-06 | CVE-2023-4485 | SQL Injection vulnerability in Ardereg Sistemas Scada 2.203 ARDEREG ?Sistema SCADA Central versions 2.203 and prior login page are vulnerable to an unauthenticated blind SQL injection attack. | 9.8 |
| 2023-09-05 | CVE-2023-41507 | SQL Injection vulnerability in Superstorefinder Super Store Finder 3.6 Super Store Finder v3.6 was discovered to contain multiple SQL injection vulnerabilities in the store locator component via the products, distance, lat, and lng parameters. | 9.8 |
| 2023-09-05 | CVE-2023-39654 | SQL Injection vulnerability in Abuquant Abupy 0.4.0 abupy up to v0.4.0 was discovered to contain a SQL injection vulnerability via the component abupy.MarketBu.ABuSymbol.search_to_symbol_dict. | 9.8 |
| 2023-09-05 | CVE-2023-36361 | SQL Injection vulnerability in Web-Audimex Audimexee 14.1.7 Audimexee v14.1.7 was discovered to contain a SQL injection vulnerability via the p_table_name parameter. | 9.8 |
| 2023-09-02 | CVE-2023-39980 | SQL Injection vulnerability in Moxa Mxsecurity 1.0/1.0.1 A vulnerability that allows the unauthorized disclosure of authenticated information has been identified in MXsecurity versions prior to v1.0.1. | 8.1 |
| 2023-09-01 | CVE-2023-36076 | SQL Injection vulnerability in Pocketmanga Smanga SQL Injection vulnerability in smanga version 3.1.9 and earlier, allows remote attackers to execute arbitrary code and gain sensitive information via mediaId, mangaId, and userId parameters in php/history/add.php. | 9.8 |
| 2023-09-01 | CVE-2023-39582 | SQL Injection vulnerability in Chamilo LMS SQL Injection vulnerability in Chamilo LMS v.1.11 thru v.1.11.20 allows a remote privileged attacker to obtain sensitive information via the import sessions functions. | 4.9 |
| 2023-09-01 | CVE-2023-40771 | SQL Injection vulnerability in Dataease 1.18.9 SQL injection vulnerability in DataEase v.1.18.9 allows a remote attacker to obtain sensitive information via a crafted string outside of the blacklist function. | 7.5 |
| 2023-09-01 | CVE-2023-40970 | SQL Injection vulnerability in Slims Senayan Library Management System 9.6.1 Senayan Library Management Systems SLIMS 9 Bulian v 9.6.1 is vulnerable to SQL Injection via admin/modules/circulation/loan_rules.php. | 8.8 |
| 2023-09-01 | CVE-2023-41364 | SQL Injection vulnerability in Metaways Tine 2023.01.14.325 In tine through 2023.01.14.325, the sort parameter of the /index.php endpoint allows SQL Injection. | 9.8 |