Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-02 | CVE-2023-31433 | SQL Injection vulnerability in Evasys 8.2/9.0 A SQL injection issue in Logbuch in evasys before 8.2 Build 2286 and 9.x before 9.0 Build 2401 allows authenticated attackers to execute SQL statements via the welche parameter. | 8.8 |
| 2023-04-28 | CVE-2023-26781 | SQL Injection vulnerability in Chshcms Mccms 2.6 SQL injection vulnerability in mccms 2.6 allows remote attackers to run arbitrary SQL commands via Author Center ->Reader Comments ->Search. | 9.8 |
| 2023-04-28 | CVE-2023-26813 | SQL Injection vulnerability in Wang.Market Wangmarket CMS 4.10 SQL injection vulnerability in com.xnx3.wangmarket.plugin.dataDictionary.controller.DataDictionaryPluginController.java in wangmarket CMS 4.10 allows remote attackers to run arbitrary SQL commands via the TableName parameter to /plugin/dataDictionary/tableView.do. | 9.8 |
| 2023-04-26 | CVE-2023-30211 | SQL Injection vulnerability in Ourphp OURPHP <= 7.2.0 is vulnerable to SQL Injection. | 9.8 |
| 2023-04-26 | CVE-2023-30112 | SQL Injection vulnerability in Medicine Tracker System Project Medicine Tracker System 1.0.0 Medicine Tracker System in PHP 1.0.0 is vulnerable to SQL Injection. | 7.5 |
| 2023-04-26 | CVE-2012-5872 | SQL Injection vulnerability in Arc2 Project Arc2 20111201 ARC (aka ARC2) through 2011-12-01 allows blind SQL Injection in getTriplePatternSQL in ARC2_StoreSelectQueryHandler.php via comments in a SPARQL WHERE clause. | 9.8 |
| 2023-04-26 | CVE-2023-27843 | SQL Injection vulnerability in ASK for a Quote Project ASK for a Quote SQL injection vulnerability found in PrestaShop askforaquote v.5.4.2 and before allow a remote attacker to gain privileges via the QuotesProduct::deleteProduct component. | 9.8 |
| 2023-04-25 | CVE-2023-30839 | SQL Injection vulnerability in Prestashop PrestaShop is an Open Source e-commerce web application. | 8.8 |
| 2023-04-24 | CVE-2023-0388 | SQL Injection vulnerability in Random Text Project Random Text 0.3.0 The Random Text WordPress plugin through 0.3.0 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by any authenticated users, such as subscribers. | 8.8 |
| 2023-04-24 | CVE-2023-26865 | SQL Injection vulnerability in Brandsdistribution Bdroppy SQL injection vulnerability found in PrestaShop bdroppy v.2.2.12 and before allowing a remote attacker to gain privileges via the BdroppyCronModuleFrontController::importProducts component. | 9.8 |