Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-26 | CVE-2023-32529 | SQL Injection vulnerability in Trendmicro Apex Central 2019 Vulnerable modules of Trend Micro Apex Central (on-premise) contain vulnerabilities which would allow authenticated users to perform a SQL injection that could lead to remote code execution. Please note: an attacker must first obtain authentication on the target system in order to exploit these vulnerabilities. This is similar to, but not identical to CVE-2023-32530. | 8.8 |
| 2023-06-26 | CVE-2023-32530 | SQL Injection vulnerability in Trendmicro Apex Central 2019 Vulnerable modules of Trend Micro Apex Central (on-premise) contain vulnerabilities which would allow authenticated users to perform a SQL injection that could lead to remote code execution. Please note: an attacker must first obtain authentication on the target system in order to exploit these vulnerabilities. This is similar to, but not identical to CVE-2023-32529. | 8.8 |
| 2023-06-26 | CVE-2023-34418 | SQL Injection vulnerability in Lenovo Xclarity Administrator A valid, authenticated LXCA user may be able to gain unauthorized access to events and other data stored in LXCA due to a SQL injection vulnerability in a specific web API. | 8.1 |
| 2023-06-25 | CVE-2023-36663 | SQL Injection vulnerability in It-Novum Openitcockpit 4.6.4 it-novum openITCOCKPIT (aka open IT COCKPIT) 4.6.4 before 4.6.5 allows SQL Injection (by authenticated users) via the sort parameter of the API interface. | 8.8 |
| 2023-06-23 | CVE-2023-36284 | SQL Injection vulnerability in Webkul Qloapps 1.6.0 An unauthenticated Time-Based SQL injection found in Webkul QloApps 1.6.0 via GET parameter date_from, date_to, and id_product allows a remote attacker to bypass a web application's authentication and authorization mechanisms and retrieve the contents of an entire database. | 7.5 |
| 2023-06-22 | CVE-2023-35132 | SQL Injection vulnerability in Moodle A limited SQL injection risk was identified on the Mnet SSO access control page. | 6.3 |
| 2023-06-22 | CVE-2023-34601 | SQL Injection vulnerability in Jeesite Jeesite before commit 10742d3 was discovered to contain a SQL injection vulnerability via the component ${businessTable} at /act/ActDao.xml. | 9.8 |
| 2023-06-21 | CVE-2023-33584 | SQL Injection vulnerability in Enrollment System Project Enrollment System 1.0 Sourcecodester Enrollment System Project V1.0 is vulnerable to SQL Injection (SQLI) attacks, which allow an attacker to manipulate the SQL queries executed by the application. | 9.8 |
| 2023-06-20 | CVE-2020-20413 | SQL Injection vulnerability in Wuzhicms 4.1.0 SQL injection vulnerability found in WUZHICMS v.4.1.0 allows a remote attacker to execute arbitrary code via the checktitle() function in admin/content.php. | 9.8 |
| 2023-06-20 | CVE-2020-20491 | SQL Injection vulnerability in Opencart SQL injection vulnerability in OpenCart v.2.2.00 thru 3.0.3.2 allows a remote attacker to execute arbitrary code via the Fba plugin function in upload/admin/index.php. | 7.2 |