Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-02-17 | CVE-2023-23007 | SQL Injection vulnerability in Ecisp Espcms P8.21120101 An issue was discovered in ESPCMS P8.21120101 after logging in to the background, there is a SQL injection vulnerability in the function node where members are added. | 7.2 |
| 2023-02-17 | CVE-2020-29168 | SQL Injection vulnerability in Online Doctor Appointment Booking System PHP and Mysql Project Online Doctor Appointment Booking System PHP and Mysql 1.0 SQL Injection vulnerability in Projectworlds Online Doctor Appointment Booking System, allows attackers to gain sensitive information via the q parameter to the getuser.php endpoint. network low complexity online-doctor-appointment-booking-system-php-and-mysql-project CWE-89 critical | 9.8 |
| 2023-02-17 | CVE-2022-40032 | SQL Injection vulnerability in Simple Task Managing System Project Simple Task Managing System 1.0 SQL Injection vulnerability in Simple Task Managing System version 1.0 in login.php in 'username' and 'password' parameters, allows attackers to execute arbitrary code and gain sensitive information. | 9.8 |
| 2023-02-17 | CVE-2022-40347 | SQL Injection vulnerability in Intern Record System Project Intern Record System 1.0 SQL Injection vulnerability in Intern Record System version 1.0 in /intern/controller.php in 'phone', 'email', 'deptType' and 'name' parameters, allows attackers to execute arbitrary code and gain sensitive information. | 9.8 |
| 2023-02-17 | CVE-2023-24219 | SQL Injection vulnerability in Luckyframe Luckyframeweb 3.5 LuckyframeWEB v3.5 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /system/UserMapper.xml. | 9.8 |
| 2023-02-17 | CVE-2023-24220 | SQL Injection vulnerability in Luckyframe Luckyframeweb 3.5 LuckyframeWEB v3.5 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /system/RoleMapper.xml. | 9.8 |
| 2023-02-17 | CVE-2023-24221 | SQL Injection vulnerability in Luckyframe Luckyframeweb 3.5 LuckyframeWEB v3.5 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /system/DeptMapper.xml. | 9.8 |
| 2023-02-15 | CVE-2020-21119 | SQL Injection vulnerability in Kliqqi CMS 2.0.2 SQL Injection vulnerability in Kliqqi-CMS 2.0.2 in admin/admin_update_module_widgets.php in recordIDValue parameter, allows attackers to gain escalated privileges and execute arbitrary code. | 9.8 |
| 2023-02-15 | CVE-2020-21120 | SQL Injection vulnerability in Uqcms 2.1.3 SQL Injection vulnerability in file home\controls\cart.class.php in UQCMS 2.1.3, allows attackers execute arbitrary commands via the cookie_cart parameter to /index.php/cart/num. | 9.8 |
| 2023-02-15 | CVE-2021-33925 | SQL Injection vulnerability in Cms-Corephp Project Cms-Corephp 20210519 SQL Injection vulnerability in nitinparashar30 cms-corephp through commit bdabe52ef282846823bda102728a35506d0ec8f9 (May 19, 2021) allows unauthenticated attackers to gain escilated privledges via a crafted login. | 9.8 |