Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-24 | CVE-2022-30025 | SQL Injection vulnerability in Credenceanalytics Ideal - Wealth and Funds 1.0 SQL injection in "/Framewrk/Home.jsp" file (POST method) in tCredence Analytics iDEAL Wealth and Funds - 1.0 iallows authenticated remote attackers to inject payload via "v" parameter. | 6.5 |
| 2023-05-24 | CVE-2023-33945 | SQL Injection vulnerability in Liferay Digital Experience Platform and Liferay Portal SQL injection vulnerability in the upgrade process for SQL Server in Liferay Portal 7.3.1 through 7.4.3.17, and Liferay DXP 7.3 before update 6, and 7.4 before update 18 allows attackers to execute arbitrary SQL commands via the name of a database table's primary key index. | 8.1 |
| 2023-05-23 | CVE-2023-31752 | SQL Injection vulnerability in Oretnom23 Employee and Visitor Gate Pass Logging System 1.0 SourceCodester Employee and Visitor Gate Pass Logging System v1.0 is vulnerable to SQL Injection via /employee_gatepass/classes/Login.php. | 9.8 |
| 2023-05-23 | CVE-2023-33361 | SQL Injection vulnerability in Piwigo 13.6.0 Piwigo 13.6.0 is vulnerable to SQL Injection via /admin/permalinks.php. | 9.8 |
| 2023-05-23 | CVE-2023-33362 | SQL Injection vulnerability in Piwigo 13.6.0 Piwigo 13.6.0 is vulnerable to SQL Injection via in the "profile" function. | 9.8 |
| 2023-05-23 | CVE-2023-33338 | SQL Injection vulnerability in PHPgurukul OLD AGE Home Management System 1.0 Old Age Home Management 1.0 is vulnerable to SQL Injection via the username parameter. | 9.8 |
| 2023-05-19 | CVE-2023-31707 | SQL Injection vulnerability in Sem-Cms Semcms 1.5 SEMCMS 1.5 is vulnerable to SQL Injection via Ant_Rponse.php. | 9.8 |
| 2023-05-18 | CVE-2023-20110 | SQL Injection vulnerability in Cisco Smart Software Manager On-Prem A vulnerability in the web-based management interface of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. | 6.5 |
| 2023-05-18 | CVE-2023-29985 | SQL Injection vulnerability in Oretnom23 Student Study Center Desk Management System 1.0 Sourcecodester Student Study Center Desk Management System v1.0 admin\reports\index.php#date_from has a SQL Injection vulnerability. | 9.8 |
| 2023-05-17 | CVE-2023-27233 | SQL Injection vulnerability in Piwigo Piwigo before 13.6.0 was discovered to contain a SQL injection vulnerability via the order[0][dir] parameter at user_list_backend.php. | 8.8 |