Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-11 | CVE-2021-29378 | SQL Injection vulnerability in Pearadmin Pear Admin Think 2.1.2 SQL Injection in pear-admin-think version 2.1.2, allows attackers to execute arbitrary code and escalate privileges via crafted GET request to Crud.php. | 8.8 |
| 2023-08-11 | CVE-2023-39417 | SQL Injection vulnerability in multiple products IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct (dollar quoting, '', or ""). | 8.8 |
| 2023-08-11 | CVE-2023-3864 | SQL Injection vulnerability in Snowsoftware Snow License Manager 9.27/9.29/9.30 Blind SQL injection in a service running in Snow Software license manager from version 8.0.0 up to and including 9.30.1 on Windows allows a logged in user with high privileges to inject SQL commands via the web portal. | 7.2 |
| 2023-08-10 | CVE-2023-39805 | SQL Injection vulnerability in Idreamsoft Icms 7.0.16 iCMS v7.0.16 was discovered to contain a SQL injection vulnerability via the where parameter at admincp.php. | 9.8 |
| 2023-08-10 | CVE-2023-39806 | SQL Injection vulnerability in Idreamsoft Icms 7.0.16 iCMS v7.0.16 was discovered to contain a SQL injection vulnerability via the bakupdata function. | 9.8 |
| 2023-08-10 | CVE-2023-36311 | SQL Injection vulnerability in PHPjabbers Document Creator 1.0 There is a SQL injection (SQLi) vulnerability in the "column" parameter of index.php in PHPJabbers Document Creator v1.0. | 9.8 |
| 2023-08-10 | CVE-2023-37069 | SQL Injection vulnerability in Online Hospital Management System Project Online Hospital Management System 1.0 Code-Projects Online Hospital Management System V1.0 is vulnerable to SQL Injection (SQLI) attacks, which allow an attacker to manipulate the SQL queries executed by the application. | 9.8 |
| 2023-08-09 | CVE-2023-37068 | SQL Injection vulnerability in Sherlock GYM Management System 1.0 Code-Projects Gym Management System V1.0 allows remote attackers to execute arbitrary SQL commands via the login form, leading to unauthorized access and potential data manipulation. | 9.8 |
| 2023-08-09 | CVE-2022-48591 | SQL Injection vulnerability in Sciencelogic SL1 A SQL injection vulnerability exists in the vendor_state parameter of the “vendor print report” feature of the ScienceLogic SL1 that takes unsanitized user-controlled input and passes it directly to a SQL query. | 8.8 |
| 2023-08-09 | CVE-2022-48592 | SQL Injection vulnerability in Sciencelogic SL1 A SQL injection vulnerability exists in the vendor_country parameter of the “vendor print report” feature of the ScienceLogic SL1 that takes unsanitized user-controlled input and passes it directly to a SQL query. | 8.8 |