Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

DATE CVE VULNERABILITY TITLE RISK
2023-03-19 CVE-2023-26905 SQL Injection vulnerability in Alphaware - Simple E-Commerce System Project Alphaware - Simple E-Commerce System 1.0
An issue was discovered in Alphaware - Simple E-Commerce System v1.0.
network
low complexity
alphaware-simple-e-commerce-system-project CWE-89
critical
 9.8
9.8
2023-03-19 CVE-2023-1495 SQL Injection vulnerability in Ruifang-Tech Rebuild
A vulnerability classified as critical was found in Rebuild up to 3.2.3.
network
low complexity
ruifang-tech CWE-89
8.8
8.8
2023-03-17 CVE-2023-1152 SQL Injection vulnerability in Utarit Persolus
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Utarit Information Technologies Persolus allows SQL Injection. This issue affects Persolus: before 2.03.93.
network
low complexity
utarit CWE-89
critical
 9.8
9.8
2023-03-16 CVE-2023-27041 SQL Injection vulnerability in School Registration and FEE System Project School Registration and FEE System 1.0
School Registration and Fee System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at/bilal final/edit_user.php.
network
low complexity
school-registration-and-fee-system-project CWE-89
critical
 9.8
9.8
2023-03-16 CVE-2023-27037 SQL Injection vulnerability in Qibosoft Qibocms V7
Qibosoft QiboCMS v7 was discovered to contain a remote code execution (RCE) vulnerability via the Get_Title function at label_set_rs.php
network
low complexity
qibosoft CWE-89
8.8
8.8
2023-03-16 CVE-2023-27707 SQL Injection vulnerability in Dedecms
SQL injection vulnerability found in DedeCMS v.5.7.106 allows a remote attacker to execute arbitrary code via the rank_* parameter in the /dede/group_store.php endpoint.
network
low complexity
dedecms CWE-89
7.2
7.2
2023-03-16 CVE-2023-27709 SQL Injection vulnerability in Dedecms
SQL injection vulnerability found in DedeCMS v.5.7.106 allows a remote attacker to execute arbitrary code via the rank_* parameter in the /dedestory_catalog.php endpoint.
network
low complexity
dedecms CWE-89
7.2
7.2
2023-03-16 CVE-2023-27250 SQL Injection vulnerability in Online Book Store Project Online Book Store Project 1.0
Online Book Store Project v1.0 is vulnerable to SQL Injection via /bookstore/bookPerPub.php.
network
low complexity
online-book-store-project-project CWE-89
critical
 9.8
9.8
2023-03-16 CVE-2023-26784 SQL Injection vulnerability in Tosec Kirin Fortress Machine 1.720200610
SQL Injection vulnerability found in Kirin Fortress Machine v.1.7-2020-0610 allows attackers to execute arbitrary code via the /admin.php?controller=admin_commonuser parameter.
network
low complexity
tosec CWE-89
critical
 9.8
9.8
2023-03-15 CVE-2023-24726 SQL Injection vulnerability in PHPgurukul ART Gallery Management System 1.0
Art Gallery Management System v1.0 was discovered to contain a SQL injection vulnerability via the viewid parameter on the enquiry page.
network
low complexity
phpgurukul CWE-89
critical
 9.8
9.8