Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

DATE	CVE	VULNERABILITY TITLE	RISK
2023-01-05	CVE-2022-43523	SQL Injection vulnerability in Arubanetworks Aruba Edgeconnect Enterprise Orchestrator Multiple vulnerabilities in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the Aruba EdgeConnect Enterprise Orchestrator instance. network low complexity arubanetworks CWE-89	8.8
2023-01-05	CVE-2022-43530	SQL Injection vulnerability in Arubanetworks Clearpass Policy Manager Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. network low complexity arubanetworks CWE-89	8.8
2023-01-05	CVE-2022-43531	SQL Injection vulnerability in Arubanetworks Clearpass Policy Manager Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. network low complexity arubanetworks CWE-89	8.8
2023-01-04	CVE-2022-22338	SQL Injection vulnerability in IBM Sterling B2B Integrator IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 is vulnerable to SQL injection. network low complexity ibm CWE-89 critical	9.8
2023-01-03	CVE-2022-38627	SQL Injection vulnerability in Niceforyou Linear Emerge E3 Access Control Firmware Nortek Linear eMerge E3-Series 0.32-08f, 0.32-07p, 0.32-07e, 0.32-09c, 0.32-09b, 0.32-09a, and 0.32-08e were discovered to contain a SQL injection vulnerability via the idt parameter. network low complexity niceforyou CWE-89 critical	9.8
2023-01-03	CVE-2022-4871	SQL Injection vulnerability in Nflpick-Em A vulnerability classified as problematic was found in ummmmm nflpick-em.com up to 2.2.x. network low complexity nflpick-em CWE-89	7.2
2023-01-02	CVE-2022-4059	SQL Injection vulnerability in Blocksera Cryptocurrency Widgets Pack 1.8.1 The Cryptocurrency Widgets Pack WordPress plugin before 2.0 does not sanitise and escape some parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection. network low complexity blocksera CWE-89 critical	9.8
2023-01-02	CVE-2022-4360	SQL Injection vulnerability in WP RSS BY Publishers Project WP RSS BY Publishers The WP RSS By Publishers WordPress plugin through 0.1 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin network low complexity wp-rss-by-publishers-project CWE-89	7.2
2023-01-01	CVE-2022-34324	SQL Injection vulnerability in Sage XRT Business Exchange 12.4.302 Multiple SQL injections in Sage XRT Business Exchange 12.4.302 allow an authenticated attacker to inject malicious data in SQL queries: Add Currencies, Payment Order, and Transfer History. network low complexity sage CWE-89	8.8
2022-12-30	CVE-2022-4860	SQL Injection vulnerability in Kbase Metrics A vulnerability was found in KBase Metrics. network low complexity kbase CWE-89 critical	9.8