Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

DATE	CVE	VULNERABILITY TITLE	RISK
2022-11-07	CVE-2022-43352	SQL Injection vulnerability in Sanitization Management System Project Sanitization Management System 1.0 Sanitization Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /php-sms/classes/Master.php?f=delete_quote. network low complexity sanitization-management-system-project CWE-89	7.2
2022-11-07	CVE-2022-3481	SQL Injection vulnerability in Opmc Woocommerce Dropshipping The WooCommerce Dropshipping WordPress plugin before 4.4 does not properly sanitise and escape a parameter before using it in a SQL statement via a REST endpoint available to unauthenticated users, leading to a SQL injection network low complexity opmc CWE-89 critical	9.8
2022-11-04	CVE-2022-20867	SQL Injection vulnerability in Cisco Asyncos A vulnerability in web-based management interface of the of Cisco Email Security Appliance and Cisco Secure Email and Web Manager could allow an authenticated, remote attacker to conduct SQL injection attacks as root on an affected system. network low complexity cisco CWE-89	6.5
2022-11-03	CVE-2022-42744	SQL Injection vulnerability in Auieo Candidats 3.0.0 CandidATS version 3.0.0 allows an external attacker to perform CRUD operations on the application databases. network low complexity auieo CWE-89 critical	9.8
2022-11-03	CVE-2022-43062	SQL Injection vulnerability in Online Diagnostic LAB Management System Project Online Diagnostic LAB Management System 1.0 Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_appointment. network low complexity online-diagnostic-lab-management-system-project CWE-89	7.2
2022-11-03	CVE-2022-43063	SQL Injection vulnerability in Online Diagnostic LAB Management System Project Online Diagnostic LAB Management System 1.0 Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Users.php?f=delete_client. network low complexity online-diagnostic-lab-management-system-project CWE-89	7.2
2022-11-03	CVE-2020-22818	SQL Injection vulnerability in Mkcms Project Mkcms 6.2 MKCMS V6.2 has SQL injection via /ucenter/reg.php name parameter. network low complexity mkcms-project CWE-89 critical	9.8
2022-11-03	CVE-2020-22819	SQL Injection vulnerability in Mkcms Project Mkcms 6.2 MKCMS V6.2 has SQL injection via the /ucenter/active.php verify parameter. network low complexity mkcms-project CWE-89 critical	9.8
2022-11-03	CVE-2020-22820	SQL Injection vulnerability in Mkcms Project Mkcms 6.2 MKCMS V6.2 has SQL injection via the /ucenter/repass.php name parameter. network low complexity mkcms-project CWE-89 critical	9.8
2022-11-03	CVE-2021-37823	SQL Injection vulnerability in Opencart 3.0.3.7 OpenCart 3.0.3.7 allows users to obtain database information or read server files through SQL injection in the background. network low complexity opencart CWE-89	4.9