Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

DATE CVE VULNERABILITY TITLE RISK
2023-06-16 CVE-2023-35708 SQL Injection vulnerability in Progress Moveit Transfer
In Progress MOVEit Transfer before 2021.0.8 (13.0.8), 2021.1.6 (13.1.6), 2022.0.6 (14.0.6), 2022.1.7 (14.1.7), and 2023.0.3 (15.0.3), a SQL injection vulnerability has been identified in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to MOVEit Transfer's database.
network
low complexity
progress CWE-89
critical
 9.8
9.8
2023-06-15 CVE-2023-2080 SQL Injection vulnerability in Forcepoint Email Security and web Security
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Forcepoint Cloud Security Gateway (CSG) Portal on Web Cloud Security Gateway, Email Security Cloud allows Blind SQL Injection.
network
low complexity
forcepoint CWE-89
critical
 9.8
9.8
2023-06-15 CVE-2023-31672 SQL Injection vulnerability in Prestashop
In the PrestaShop < 2.4.3 module "Length, weight or volume sell" (ailinear) there is a SQL injection vulnerability.
network
low complexity
prestashop CWE-89
critical
 9.8
9.8
2023-06-15 CVE-2023-34626 SQL Injection vulnerability in Piwigo
Piwigo 13.7.0 is vulnerable to SQL Injection via the "Users" function.
network
low complexity
piwigo CWE-89
4.3
4.3
2023-06-14 CVE-2023-30150 SQL Injection vulnerability in Leotheme Leocustomajax 1.0.0
PrestaShop leocustomajax 1.0 and 1.0.0 are vulnerable to SQL Injection via modules/leocustomajax/leoajax.php.
network
low complexity
leotheme CWE-89
critical
 9.8
9.8
2023-06-14 CVE-2023-31671 SQL Injection vulnerability in Webbax Postfinance 17.1.13
PrestaShop postfinance <= 17.1.13 is vulnerable to SQL Injection via PostfinanceValidationModuleFrontController::postProcess().
network
low complexity
webbax CWE-89
critical
 9.8
9.8
2023-06-14 CVE-2023-34750 SQL Injection vulnerability in Bloofox Bloofoxcms 0.5.2.1
bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the cid parameter at admin/index.php?mode=settings&page=projects&action=edit.
network
low complexity
bloofox CWE-89
critical
 9.8
9.8
2023-06-14 CVE-2023-34751 SQL Injection vulnerability in Bloofox Bloofoxcms 0.5.2.1
bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the gid parameter at admin/index.php?mode=user&page=groups&action=edit.
network
low complexity
bloofox CWE-89
critical
 9.8
9.8
2023-06-14 CVE-2023-34752 SQL Injection vulnerability in Bloofox Bloofoxcms 0.5.2.1
bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the lid parameter at admin/index.php?mode=settings&page=lang&action=edit.
network
low complexity
bloofox CWE-89
critical
 9.8
9.8
2023-06-14 CVE-2023-34753 SQL Injection vulnerability in Bloofox Bloofoxcms 0.5.2.1
bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the tid parameter at admin/index.php?mode=settings&page=tmpl&action=edit.
network
low complexity
bloofox CWE-89
critical
 9.8
9.8