Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

DATE CVE VULNERABILITY TITLE RISK
2023-02-15 CVE-2021-34117 SQL Injection vulnerability in Seopanel SEO Panel 4.9.0
SQL Injection vulnerability in SEO Panel 4.9.0 in api/user.api.php in function getUserName in the username parameter, allows attackers to gain sensitive information.
network
low complexity
seopanel CWE-89
7.5
7.5
2023-02-15 CVE-2021-38239 SQL Injection vulnerability in Dataease
SQL Injection vulnerability in dataease before 1.2.0, allows attackers to gain sensitive information via the orders parameter to /api/sys_msg/list/1/10.
network
low complexity
dataease CWE-89
7.5
7.5
2023-02-15 CVE-2022-38867 SQL Injection vulnerability in Rttys Project Rttys 4.0.0/4.0.1/4.0.2
SQL Injection vulnerability in rttys versions 4.0.0, 4.0.1, and 4.0.2 in api.go, allows attackers to execute arbitrary code.
network
low complexity
rttys-project CWE-89
8.8
8.8
2023-02-15 CVE-2022-38868 SQL Injection vulnerability in Ehoney Project Ehoney 2.0.0
SQL Injection vulnerability in Ehoney version 2.0.0 in models/protocol.go and models/images.go, allows attackers to execute arbitrary code.
network
low complexity
ehoney-project CWE-89
7.2
7.2
2023-02-15 CVE-2023-23459 SQL Injection vulnerability in Priority-Software Priority 19.1.0.68/22.0
Priority Windows may allow Command Execution via SQL Injection using an unspecified method.
network
low complexity
priority-software CWE-89
critical
 9.8
9.8
2023-02-13 CVE-2022-45962 SQL Injection vulnerability in Os4Ed Opensis 7.3/7.6/8.0
Open Solutions for Education, Inc openSIS Community Edition v8.0 and earlier is vulnerable to SQL Injection via CalendarModal.php.
network
low complexity
os4ed CWE-89
6.5
6.5
2023-02-13 CVE-2023-24084 SQL Injection vulnerability in Chikoi Project Chikoi 1.0
ChiKoi v1.0 was discovered to contain a SQL injection vulnerability via the load_file function.
network
low complexity
chikoi-project CWE-89
critical
 9.8
9.8
2023-02-13 CVE-2023-24647 SQL Injection vulnerability in Online Food Ordering System Project Online Food Ordering System 2.0
Food Ordering System v2.0 was discovered to contain a SQL injection vulnerability via the email parameter. 		7.5
7.5
2023-02-13 CVE-2023-23948 SQL Injection vulnerability in Owncloud
The ownCloud Android app allows ownCloud users to access, share, and edit files and folders.
local
low complexity
owncloud CWE-89
5.5
5.5
2023-02-13 CVE-2022-4546 SQL Injection vulnerability in Conceptbeans Mapwiz 1.0.1
The Mapwiz WordPress plugin through 1.0.1 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin.
network
low complexity
conceptbeans CWE-89
7.2
7.2