Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

DATE	CVE	VULNERABILITY TITLE	RISK
2023-08-16	CVE-2023-33663	SQL Injection vulnerability in Ai-Dev Aicustomfee In the module “Customization fields fee for your store” (aicustomfee) from ai-dev module for PrestaShop, an attacker can perform SQL injection up to 0.2.0. network low complexity ai-dev CWE-89 critical	9.8
2023-08-15	CVE-2023-39850	SQL Injection vulnerability in Schoolmate Project Schoolmate 1.3 Schoolmate v1.3 was discovered to contain multiple SQL injection vulnerabilities via the $courseid and $teacherid parameters at DeleteFunctions.php. network low complexity schoolmate-project CWE-89 critical	9.8
2023-08-15	CVE-2023-39851	SQL Injection vulnerability in Webchess Project Webchess 1.0 webchess v1.0 was discovered to contain a SQL injection vulnerability via the $playerID parameter at mainmenu.php. network low complexity webchess-project CWE-89 critical	9.8
2023-08-15	CVE-2023-39852	SQL Injection vulnerability in Doctor Appointment System Project Doctor Appointment System 1.0 Doctormms v1.0 was discovered to contain a SQL injection vulnerability via the $userid parameter at myAppoinment.php. network low complexity doctor-appointment-system-project CWE-89 critical	9.8
2023-08-15	CVE-2023-38916	SQL Injection vulnerability in Mohammad-Ajazuddin Evotingsystem-PHP 1.0 SQL Injection vulnerability in eVotingSystem-PHP v.1.0 allows a remote attacker to execute arbitrary code and obtain sensitive information via the user input fields. network low complexity mohammad-ajazuddin CWE-89	8.8
2023-08-14	CVE-2023-39292	SQL Injection vulnerability in Mitel products A SQL Injection vulnerability has been identified in the MiVoice Office 400 SMB Controller through 1.2.5.23 which could allow a malicious actor to access sensitive information and execute arbitrary database and management operations. network low complexity mitel CWE-89 critical	9.8
2023-08-14	CVE-2023-37847	SQL Injection vulnerability in Novel-Plus 3.6.2 novel-plus v3.6.2 was discovered to contain a SQL injection vulnerability. network low complexity novel-plus CWE-89 critical	9.8
2023-08-11	CVE-2020-24950	SQL Injection vulnerability in Thedaylightstudio Fuel CMS 1.4.9 SQL Injection vulnerability in file Base_module_model.php in Daylight Studio FUEL-CMS version 1.4.9, allows remote attackers to execute arbitrary code via the col parameter to function list_items. network low complexity thedaylightstudio CWE-89	8.8
2023-08-11	CVE-2020-36034	SQL Injection vulnerability in School Faculty Scheduling System Project School Faculty Scheduling System 1.0 SQL Injection vulnerability in oretnom23 School Faculty Scheduling System version 1.0, allows remote attacker to execute arbitrary code, escalate privilieges, and gain sensitive information via crafted payload to id parameter in manage_user.php. network low complexity school-faculty-scheduling-system-project CWE-89 critical	9.8
2023-08-11	CVE-2020-36136	SQL Injection vulnerability in Cskaza Cszcms 1.2.9 SQL Injection vulnerability in cskaza cszcms version 1.2.9, allows attackers to gain sensitive information via pm_sendmail parameter in csz_model.php. network low complexity cskaza CWE-89	7.5