Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-09 | CVE-2022-48589 | SQL Injection vulnerability in Sciencelogic SL1 A SQL injection vulnerability exists in the “reporting job editor” feature of the ScienceLogic SL1 that takes unsanitized user-controlled input and passes it directly to a SQL query. | 8.8 |
| 2023-08-09 | CVE-2022-48590 | SQL Injection vulnerability in Sciencelogic SL1 A SQL injection vulnerability exists in the “admin dynamic app mib errors” feature of the ScienceLogic SL1 that takes unsanitized user-controlled input and passes it directly to a SQL query. | 8.8 |
| 2023-08-09 | CVE-2023-34545 | SQL Injection vulnerability in Cskaza Cszcms 1.3.0 A SQL injection vulnerability in CSZCMS 1.3.0 allows remote attackers to run arbitrary SQL commands via p parameter or the search URL. | 9.8 |
| 2023-08-09 | CVE-2023-22378 | SQL Injection vulnerability in Nozominetworks CMC and Guardian A blind SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in the sorting parameter, allows an authenticated attacker to execute arbitrary SQL statements on the DBMS used by the web application. Authenticated users may be able to extract arbitrary information from the DBMS in an uncontrolled way, alter its structure and data, and/or affect its availability. | 6.5 |
| 2023-08-09 | CVE-2023-23574 | SQL Injection vulnerability in Nozominetworks CMC and Guardian A blind SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in the alerts_count component, allows an authenticated attacker to execute arbitrary SQL statements on the DBMS used by the web application. Authenticated users may be able to extract arbitrary information from the DBMS in an uncontrolled way, alter its structure and data, and/or affect its availability. | 8.8 |
| 2023-08-08 | CVE-2023-38760 | SQL Injection vulnerability in Churchcrm 5.0.0 SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the role and gender parameters within the /QueryView.php component. | 7.5 |
| 2023-08-08 | CVE-2023-38762 | SQL Injection vulnerability in Churchcrm 5.0.0 SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the friendmonths parameter within the /QueryView.php. | 7.5 |
| 2023-08-08 | CVE-2023-38763 | SQL Injection vulnerability in Churchcrm 5.0.0 SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the FundRaiserID parameter within the /FundRaiserEditor.php endpoint. | 6.5 |
| 2023-08-08 | CVE-2023-38764 | SQL Injection vulnerability in Churchcrm 5.0.0 SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the birthmonth and percls parameters within the /QueryView.php. | 7.5 |
| 2023-08-08 | CVE-2023-38765 | SQL Injection vulnerability in Churchcrm 5.0.0 SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the membermonth parameter within the /QueryView.php. | 7.5 |