Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-18 | CVE-2023-30153 | SQL Injection vulnerability in Prestashop Payplug An SQL injection vulnerability in the Payplug (payplug) module for PrestaShop, in versions 3.6.0, 3.6.1, 3.6.2, 3.6.3, 3.7.0 and 3.7.1, allows remote attackers to execute arbitrary SQL commands via the ajax.php front controller. | 9.8 |
| 2023-07-18 | CVE-2021-37522 | SQL Injection vulnerability in Locke-Bot Project Locke-Bot 2.0.2 SQL injection vulnerability in HKing2802 Locke-Bot 2.0.2 allows remote attackers to run arbitrary SQL commands via crafted string to /src/db.js, /commands/mute.js, /modules/event/messageDelete.js. | 9.8 |
| 2023-07-18 | CVE-2023-28019 | SQL Injection vulnerability in Hcltech Bigfix Webui Insufficient validation in Bigfix WebUI API App site version < 14 allows an authenticated WebUI user to issue SQL queries via an unparameterized SQL query. | 8.8 |
| 2023-07-18 | CVE-2023-3743 | SQL Injection vulnerability in Leothemes AP Page Builder Ap Page Builder, in versions lower than 1.7.8.2, could allow a remote attacker to send a specially crafted SQL query to the product_one_img parameter to retrieve the information stored in the database. | 7.5 |
| 2023-07-17 | CVE-2023-2636 | SQL Injection vulnerability in AN Gradebook Project AN Gradebook The AN_GradeBook WordPress plugin through 5.0.1 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as subscriber | 8.8 |
| 2023-07-16 | CVE-2023-3687 | SQL Injection vulnerability in Bylancer Quickvcard 2.1 A vulnerability was found in Bylancer QuickVCard 2.1. | 9.8 |
| 2023-07-13 | CVE-2023-30151 | SQL Injection vulnerability in Prestashop A SQL injection vulnerability in the Boxtal (envoimoinscher) module for PrestaShop, after version 3.1.10, allows remote attackers to execute arbitrary SQL commands via the `key` GET parameter. | 9.8 |
| 2023-07-13 | CVE-2023-34133 | SQL Injection vulnerability in Sonicwall Analytics and Global Management System Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SonicWall GMS and Analytics allows an unauthenticated attacker to extract sensitive information from the application database. | 7.5 |
| 2023-07-12 | CVE-2023-3644 | SQL Injection vulnerability in Oretnom23 Service Provider Management System 1.0 A vulnerability was found in SourceCodester Service Provider Management System 1.0. | 9.8 |
| 2023-07-12 | CVE-2023-37628 | SQL Injection vulnerability in Simple Online Piggery Management System Project Simple Online Piggery Management System 1.0 Online Piggery Management System 1.0 is vulnerable to SQL Injection. | 9.8 |