Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-02 | CVE-2022-44291 | SQL Injection vulnerability in Webtareas Project Webtareas 2.4 webTareas 2.4p5 was discovered to contain a SQL injection vulnerability via the id parameter in phasesets.php. | 9.8 |
| 2022-12-02 | CVE-2022-44945 | SQL Injection vulnerability in Rukovoditel 3.2.1 Rukovoditel v3.2.1 was discovered to contain a SQL injection vulnerability via the heading_field_id parameter. | 9.8 |
| 2022-12-02 | CVE-2022-44277 | SQL Injection vulnerability in Sanitization Management System Project Sanitization Management System 1.0 Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/classes/Master.php?f=delete_product. | 7.2 |
| 2022-12-02 | CVE-2022-44345 | SQL Injection vulnerability in Sanitization Management System Project Sanitization Management System 1.0 Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/?page=quotes/view_quote&id=. | 7.2 |
| 2022-12-02 | CVE-2022-44347 | SQL Injection vulnerability in Sanitization Management System Project Sanitization Management System 1.0 Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/?page=inquiries/view_inquiry&id=. | 7.2 |
| 2022-12-02 | CVE-2022-44348 | SQL Injection vulnerability in Sanitization Management System Project Sanitization Management System 1.0 Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/orders/update_status.php?id=. | 7.2 |
| 2022-12-01 | CVE-2022-3710 | SQL Injection vulnerability in Sophos XG Firewall Firmware 17.0/17.5/18.0 A post-auth read-only SQL injection vulnerability allows API clients to read non-sensitive configuration database contents in the API controller of Sophos Firewall releases older than version 19.5 GA. | 2.7 |
| 2022-12-01 | CVE-2022-3711 | SQL Injection vulnerability in Sophos XG Firewall Firmware 17.0/17.5/18.0 A post-auth read-only SQL injection vulnerability allows users to read non-sensitive configuration database contents in the User Portal of Sophos Firewall releases older than version 19.5 GA. | 4.3 |
| 2022-12-01 | CVE-2022-30528 | SQL Injection vulnerability in Isic.Lk Project Isic.Lk SQL Injection vulnerability in asith-eranga ISIC tour booking through version published on Feb 13th 2018, allows attackers to execute arbitrary commands via the username parameter to /system/user/modules/mod_users/controller.php. | 9.8 |
| 2022-11-30 | CVE-2022-44294 | SQL Injection vulnerability in Sanitization Management System Project Sanitization Management System 1.0 Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/?page=services/manage_service&id=. | 7.2 |