Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-01-20 | CVE-2023-23489 | SQL Injection vulnerability in Sandhillsdev Easy Digital Downloads The Easy Digital Downloads WordPress Plugin, versions 3.1.0.2 & 3.1.0.3, is affected by an unauthenticated SQL injection vulnerability in the 's' parameter of its 'edd_download_search' action. | 9.8 |
| 2023-01-20 | CVE-2021-26644 | SQL Injection vulnerability in Mangboard WP 2.0.3 SQL-Injection vulnerability caused by the lack of verification of input values for the table name of DB used by the Mangboard bulletin board. | 9.8 |
| 2023-01-20 | CVE-2023-20010 | SQL Injection vulnerability in Cisco Unified Communications Manager A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability exists because the web-based management interface inadequately validates user input. | 8.8 |
| 2023-01-19 | CVE-2022-46887 | SQL Injection vulnerability in Nexusphp 1.5 Multiple SQL injection vulnerabilities in NexusPHP before 1.7.33 allow remote attackers to execute arbitrary SQL commands via the conuser[] parameter in takeconfirm.php; the delcheater parameter in cheaterbox.php; or the usernw parameter in nowarn.php. | 9.8 |
| 2023-01-19 | CVE-2022-47740 | SQL Injection vulnerability in Seltmann-Webdesign Content Management System 6.0 Seltmann GmbH Content Management System 6 is vulnerable to SQL Injection via /index.php. | 9.8 |
| 2023-01-19 | CVE-2022-47745 | SQL Injection vulnerability in Easycorp Zentao ZenTao 16.4 to 18.0.beta1 is vulnerable to SQL injection. | 8.8 |
| 2023-01-19 | CVE-2022-47105 | SQL Injection vulnerability in Jeecg Boot 3.4.4 Jeecg-boot v3.4.4 was discovered to contain a SQL injection vulnerability via the component /sys/dict/queryTableData. | 9.8 |
| 2023-01-18 | CVE-2020-35326 | SQL Injection vulnerability in Inxedu 2.0.6 SQL Injection vulnerability in file /inxedu/demo_inxedu_open/src/main/resources/mybatis/inxedu/website/WebsiteImagesMapper.xml in inxedu 2.0.6 via the id value. | 9.8 |
| 2023-01-17 | CVE-2017-20171 | SQL Injection vulnerability in Apersistence Project Apersistence A vulnerability classified as critical has been found in PrivateSky apersistence. | 9.8 |
| 2023-01-17 | CVE-2017-20170 | SQL Injection vulnerability in Parontalli Project Parontalli A vulnerability was found in ollpu parontalli. | 9.8 |