Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

DATE CVE VULNERABILITY TITLE RISK
2023-02-03 CVE-2021-37316 SQL Injection vulnerability in Asus Rt-Ac68U Firmware
SQL injection vulnerability in Cloud Disk in ASUS RT-AC68U router firmware version before 3.0.0.4.386.41634 allows remote attackers to view sensitive information via /etc/shadow.
network
low complexity
asus CWE-89
7.5
7.5
2023-02-03 CVE-2021-37497 SQL Injection vulnerability in Pbootcms 3.0.5
SQL injection vulnerability in route of PbootCMS 3.0.5 allows remote attackers to run arbitrary SQL commands via crafted GET request.
network
low complexity
pbootcms CWE-89
critical
 9.8
9.8
2023-02-02 CVE-2022-48114 SQL Injection vulnerability in Ruoyi
RuoYi up to v4.7.5 was discovered to contain a SQL injection vulnerability via the component /tool/gen/createTable.
network
low complexity
ruoyi CWE-89
critical
 9.8
9.8
2023-02-02 CVE-2022-48082 SQL Injection vulnerability in Easyone CRM 5.50.02
Easyone CRM v5.50.02 was discovered to contain a SQL Injection vulnerability via the text parameter at /Services/Misc.asmx/SearchTag.
network
low complexity
easyone CWE-89
critical
 9.8
9.8
2023-02-02 CVE-2022-46965 SQL Injection vulnerability in 202-Ecommerce Administrative Mandate 1.7.1
PrestaShop module, totadministrativemandate before v1.7.1 was discovered to contain a SQL injection vulnerability.
network
low complexity
202-ecommerce CWE-89
8.8
8.8
2023-02-01 CVE-2022-47770 SQL Injection vulnerability in Serinf Fast Checkin 1.0
Serenissima Informatica Fast Checkin version v1.0 is vulnerable to Unauthenticated SQL Injection.
network
low complexity
serinf CWE-89
critical
 9.8
9.8
2023-02-01 CVE-2023-24241 SQL Injection vulnerability in Forget Heart Message BOX Project Forget Heart Message BOX 1.1
Forget Heart Message Box v1.1 was discovered to contain a SQL injection vulnerability via the name parameter at /admin/loginpost.php.
network
low complexity
forget-heart-message-box-project CWE-89
critical
 9.8
9.8
2023-02-01 CVE-2023-24956 SQL Injection vulnerability in Forget Heart Message BOX Project Forget Heart Message BOX 1.1
Forget Heart Message Box v1.1 was discovered to contain a SQL injection vulnerability via the name parameter at /cha.php.
network
low complexity
forget-heart-message-box-project CWE-89
8.8
8.8
2023-01-31 CVE-2022-45297 SQL Injection vulnerability in EQ Project EQ
EQ v1.5.31 to v2.2.0 was discovered to contain a SQL injection vulnerability via the UserPwd parameter.
network
low complexity
eq-project CWE-89
critical
 9.8
9.8
2023-01-31 CVE-2022-47780 SQL Injection vulnerability in Bangresto Project Bangresto 1.0
SQL Injection vulnerability in Bangresto 1.0 via the itemID parameter.
network
low complexity
bangresto-project CWE-89
critical
 9.8
9.8