Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

DATE CVE VULNERABILITY TITLE RISK
2023-04-04 CVE-2020-20913 SQL Injection vulnerability in Mingsoft Mcms 4.7.2
SQL Injection vulnerability found in Ming-Soft MCMS v.4.7.2 allows a remote attacker to execute arbitrary code via basic_title parameter.
network
low complexity
mingsoft CWE-89
critical
 9.8
9.8
2023-04-04 CVE-2020-20914 SQL Injection vulnerability in Publiccms 4.0
SQL Injection vulnerability found in San Luan PublicCMS v.4.0 allows a remote attacker to execute arbitrary code via the sql parameter.
network
low complexity
publiccms CWE-89
critical
 9.8
9.8
2023-04-04 CVE-2020-20915 SQL Injection vulnerability in Publiccms 4.0
SQL Injection vulnerability found in PublicCMS v.4.0 allows a remote attacker to execute arbitrary code via sql parameter of the the SysSiteAdminControl.
network
low complexity
publiccms CWE-89
critical
 9.8
9.8
2023-04-04 CVE-2020-21060 SQL Injection vulnerability in PHPmywind 5.6
SQL injection vulnerability found in PHPMyWind v.5.6 allows a remote attacker to gain privileges via the delete function of the administrator management page.
network
low complexity
phpmywind CWE-89
8.8
8.8
2023-04-04 CVE-2023-26750 SQL Injection vulnerability in Yiiframework YII
SQL injection vulnerability found in Yii Framework Yii 2 Framework before v.2.0.47 allows the a remote attacker to execute arbitrary code via the runAction function.
network
low complexity
yiiframework CWE-89
critical
 9.8
9.8
2023-04-03 CVE-2022-38922 SQL Injection vulnerability in Iss-Oberlausitz Bluepage CMS 3.9
BluePage CMS thru 3.9 processes an insufficiently sanitized HTTP Header Cookie value allowing MySQL Injection in the 'users-cookie-settings' token using a Time-based blind SLEEP payload.
network
low complexity
iss-oberlausitz CWE-89
critical
 9.8
9.8
2023-04-03 CVE-2022-38923 SQL Injection vulnerability in Iss-Oberlausitz Bluepage CMS 3.9
BluePage CMS thru v3.9 processes an insufficiently sanitized HTTP Header allowing MySQL Injection in the 'User-Agent' field using a Time-based blind SLEEP payload.
network
low complexity
iss-oberlausitz CWE-89
critical
 9.8
9.8
2023-04-02 CVE-2023-1793 SQL Injection vulnerability in Police Crime Record Management System Project Police Crime Record Management System 1.0
A vulnerability was found in SourceCodester Police Crime Record Management System 1.0.
network
low complexity
police-crime-record-management-system-project CWE-89
critical
 9.8
9.8
2023-04-02 CVE-2023-1791 SQL Injection vulnerability in Simple Task Allocation System Project Simple Task Allocation System 1.0
A vulnerability has been found in SourceCodester Simple Task Allocation System 1.0 and classified as critical.
network
low complexity
simple-task-allocation-system-project CWE-89
critical
 9.8
9.8
2023-04-02 CVE-2023-1792 SQL Injection vulnerability in Simple Mobile Comparison Website Project Simple Mobile Comparison Website 1.0
A vulnerability was found in SourceCodester Simple Mobile Comparison Website 1.0 and classified as critical.
network
low complexity
simple-mobile-comparison-website-project CWE-89
critical
 9.8
9.8