Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-01-24 | CVE-2023-23331 | SQL Injection vulnerability in Amano Xoffice 7.1.3879 Amano Xoffice parking solutions 7.1.3879 is vulnerable to SQL Injection. | 9.8 |
| 2023-01-23 | CVE-2023-22630 | SQL Injection vulnerability in Izybat Orange Casiers 202209161 IzyBat Orange casiers before 20221102_1 allows SQL Injection via a getCasier.php?taille= URI. | 4.3 |
| 2023-01-23 | CVE-2022-4230 | SQL Injection vulnerability in Veronalabs WP Statistics The WP Statistics WordPress plugin before 13.2.9 does not escape a parameter, which could allow authenticated users to perform SQL Injection attacks. | 8.8 |
| 2023-01-20 | CVE-2020-21152 | SQL Injection vulnerability in Inxedu 2.0.6 SQL Injection vulnerability in inxedu 2.0.6 allows attackers to execute arbitrary commands via the functionIds parameter to /saverolefunction. | 9.8 |
| 2023-01-20 | CVE-2020-29297 | SQL Injection vulnerability in Online Food Ordering System Project Online Food Ordering System 1.0 Multiple SQL Injection vulnerabilities in tourist5 Online-food-ordering-system 1.0. | 9.8 |
| 2023-01-20 | CVE-2022-48120 | SQL Injection vulnerability in Hospital Management System Project Hospital Management System 1.0/20210313/4.0 SQL Injection vulnerability in kishan0725 Hospital Management System thru commit 4770d740f2512693ef8fd9aa10a8d17f79fad9bd (on March 13, 2021), allows attackers to execute arbitrary commands via the contact and doctor parameters to /search.php. | 9.8 |
| 2023-01-20 | CVE-2022-48152 | SQL Injection vulnerability in Remoteclinic Remote Clinic 2.0 SQL Injection vulnerability in RemoteClinic 2.0 allows attackers to execute arbitrary commands and gain sensitive information via the id parameter to /medicines/profile.php. | 9.8 |
| 2023-01-20 | CVE-2023-23490 | SQL Injection vulnerability in Ays-Pro Survey Maker The Survey Maker WordPress Plugin, version < 3.1.2, is affected by an authenticated SQL injection vulnerability in the 'surveys_ids' parameter of its 'ays_surveys_export_json' action. | 8.8 |
| 2023-01-20 | CVE-2023-23492 | SQL Injection vulnerability in Idehweb Login With Phone Number The Login with Phone Number WordPress Plugin, version < 1.4.2, is affected by an authenticated SQL injection vulnerability in the 'ID' parameter of its 'lwp_forgot_password' action. | 8.8 |
| 2023-01-20 | CVE-2023-23488 | SQL Injection vulnerability in Strangerstudios Paid Memberships PRO The Paid Memberships Pro WordPress Plugin, version < 2.9.8, is affected by an unauthenticated SQL injection vulnerability in the 'code' parameter of the '/pmpro/v1/order' REST route. | 9.8 |