Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-16 | CVE-2022-4012 | SQL Injection vulnerability in Hospital Management Center Project Hospital Management Center A vulnerability classified as critical has been found in Hospital Management Center. | 9.8 |
| 2022-11-16 | CVE-2022-4015 | SQL Injection vulnerability in Sports Club Management System Project Sports Club Management System 119 A vulnerability, which was classified as critical, was found in Sports Club Management System 119. | 9.8 |
| 2022-11-15 | CVE-2022-43279 | SQL Injection vulnerability in Limesurvey 5.4.4 LimeSurvey before v5.0.4 was discovered to contain a SQL injection vulnerability via the component /application/views/themeOptions/update.php. | 7.2 |
| 2022-11-15 | CVE-2022-42120 | SQL Injection vulnerability in Liferay DXP and Liferay Portal A SQL injection vulnerability in the Fragment module in Liferay Portal 7.3.3 through 7.4.3.16, and Liferay DXP 7.3 before update 4, and 7.4 before update 17 allows attackers to execute arbitrary SQL commands via a PortletPreferences' `namespace` attribute. | 9.8 |
| 2022-11-15 | CVE-2022-42121 | SQL Injection vulnerability in Liferay DXP and Liferay Portal A SQL injection vulnerability in the Layout module in Liferay Portal 7.1.3 through 7.4.3.4, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 17, 7.3 before service pack 3, and 7.4 GA allows remote authenticated attackers to execute arbitrary SQL commands via a crafted payload injected into a page template's 'Name' field. | 8.8 |
| 2022-11-15 | CVE-2022-42122 | SQL Injection vulnerability in Liferay DXP and Liferay Portal A SQL injection vulnerability in the Friendly Url module in Liferay Portal 7.3.7, and Liferay DXP 7.3 fix pack 2 through update 4 allows attackers to execute arbitrary SQL commands via a crafted payload injected into the `title` field of a friendly URL. | 9.8 |
| 2022-11-15 | CVE-2022-40405 | SQL Injection vulnerability in Wowonder 4.1.2 WoWonder Social Network Platform v4.1.2 was discovered to contain a SQL injection vulnerability via the offset parameter at requests.php?f=load-my-blogs. | 7.5 |
| 2022-11-15 | CVE-2022-42984 | SQL Injection vulnerability in Wowonder 4.1.4 WoWonder Social Network Platform 4.1.4 was discovered to contain a SQL injection vulnerability via the offset parameter at requests.php?f=search&s=recipients. | 9.8 |
| 2022-11-14 | CVE-2022-43288 | SQL Injection vulnerability in Rukovoditel 3.2.1 Rukovoditel v3.2.1 was discovered to contain a SQL injection vulnerability via the order_by parameter at /rukovoditel/index.php?module=logs/view&type=php. | 8.8 |
| 2022-11-12 | CVE-2022-43671 | SQL Injection vulnerability in Zohocorp products Zoho ManageEngine Password Manager Pro before 12122, PAM360 before 5711, and Access Manager Plus before 4306 allow SQL Injection. | 9.8 |