Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-03 | CVE-2023-33666 | SQL Injection vulnerability in Ai-Dev Aioptimizedcombinations ai-dev aioptimizedcombinations before v0.1.3 was discovered to contain a SQL injection vulnerability via the component /includes/ajax.php. | 9.8 |
| 2023-08-03 | CVE-2023-39121 | SQL Injection vulnerability in Emlog 2.1.9 emlog v2.1.9 was discovered to contain a SQL injection vulnerability via the component /admin/user.php. | 7.2 |
| 2023-08-03 | CVE-2023-36213 | SQL Injection vulnerability in Motocms 3.4.3 SQL injection vulnerability in MotoCMS v.3.4.3 allows a remote attacker to gain privileges via the keyword parameter of the search function. | 9.8 |
| 2023-08-03 | CVE-2023-33366 | SQL Injection vulnerability in Supremainc Biostar 2 A SQL injection vulnerability exists in Suprema BioStar 2 before 2.9.1, which allows authenticated users to inject arbitrary SQL directives into an SQL statement and execute arbitrary SQL commands. | 8.8 |
| 2023-08-03 | CVE-2023-21412 | SQL Injection vulnerability in Axis License Plate Verifier 2.8.3 User provided input is not sanitized on the AXIS License Plate Verifier specific “search.cgi” allowing for SQL injections. | 8.8 |
| 2023-08-03 | CVE-2023-38954 | SQL Injection vulnerability in Zkteco Bioaccess IVS 3.3.1 ZKTeco BioAccess IVS v3.3.1 was discovered to contain a SQL injection vulnerability. | 9.8 |
| 2023-08-02 | CVE-2023-26439 | SQL Injection vulnerability in Open-Xchange Appsuite Office 7.8.3 The cacheservice API could be abused to inject parameters with SQL syntax which was insufficiently sanitized before getting executed as SQL statement. | 7.8 |
| 2023-08-02 | CVE-2023-26440 | SQL Injection vulnerability in Open-Xchange Appsuite Office 7.8.3 The cacheservice API could be abused to indirectly inject parameters with SQL syntax which was insufficiently sanitized and would later be executed when creating new cache groups. | 7.8 |
| 2023-08-02 | CVE-2023-26443 | SQL Injection vulnerability in Open-Xchange Appsuite Backend Full-text autocomplete search allows user-provided SQL syntax to be injected to SQL statements. | 9.8 |
| 2023-08-01 | CVE-2023-37772 | SQL Injection vulnerability in PHPgurukul Online Shopping Portal 3.1 Online Shopping Portal Project v3.1 was discovered to contain a SQL injection vulnerability via the Email parameter at /shopping/login.php. | 8.8 |