Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-31 | CVE-2023-31171 | SQL Injection vulnerability in Selinc Sel-5030 Acselerator Quickset 7.1.3.0 An Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in the Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software could allow an attacker to embed instructions that could be executed by an authorized device operator. See Instruction Manual Appendix A and Appendix E dated 20230615 for more details. This issue affects SEL-5030 acSELerator QuickSet Software: through 7.1.3.0. | 6.5 |
| 2023-08-31 | CVE-2023-41636 | SQL Injection vulnerability in Grupposcai Realgimm 1.1.37 A SQL injection vulnerability in the Data Richiesta dal parameter of GruppoSCAI RealGimm v1.1.37p38 allows attackers to access the database and execute arbitrary commands via a crafted SQL query. | 9.8 |
| 2023-08-31 | CVE-2023-41640 | SQL Injection vulnerability in Grupposcai Realgimm 1.1.37 An improper error handling vulnerability in the component ErroreNonGestito.aspx of GruppoSCAI RealGimm 1.1.37p38 allows attackers to obtain sensitive technical information via a crafted SQL query. | 8.8 |
| 2023-08-30 | CVE-2023-31714 | SQL Injection vulnerability in Waqaskanju Chitor-Cms Chitor-CMS before v1.1.2 was discovered to contain multiple SQL injection vulnerabilities. | 9.8 |
| 2023-08-30 | CVE-2023-41539 | SQL Injection vulnerability in PHPjabbers Business Directory Script 3.2 phpjabbers Business Directory Script 3.2 is vulnerable to SQL Injection via the column parameter. | 7.5 |
| 2023-08-29 | CVE-2021-3262 | SQL Injection vulnerability in Trispark Novusedu and VEO Transportation TripSpark VEO Transportation-2.2.x-XP_BB-20201123-184084 NovusEDU-2.2.x-XP_BB-20201123-184084 allows unsafe data inputs in POST body parameters from end users without sanitizing using server-side logic. | 9.8 |
| 2023-08-29 | CVE-2023-40787 | SQL Injection vulnerability in Bladex Springblade 3.6.0 In SpringBlade V3.6.0 when executing SQL query, the parameters submitted by the user are not wrapped in quotation marks, which leads to SQL injection. | 9.8 |
| 2023-08-28 | CVE-2023-39650 | SQL Injection vulnerability in Themevolty Theme Volty CMS Blog Theme Volty CMS Blog up to version v4.0.1 was discovered to contain a SQL injection vulnerability via the id parameter at /tvcmsblog/single. | 9.8 |
| 2023-08-28 | CVE-2023-39652 | SQL Injection vulnerability in Themevolty Theme Volty Video TAB 4.0.0 theme volty tvcmsvideotab up to v4.0.0 was discovered to contain a SQL injection vulnerability via the component TvcmsVideoTabConfirmDeleteModuleFrontController::run(). | 9.8 |
| 2023-08-28 | CVE-2023-39560 | SQL Injection vulnerability in Ectouch 2.0 ECTouch v2 was discovered to contain a SQL injection vulnerability via the $arr['id'] parameter at \default\helpers\insert.php. | 9.8 |