Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-09-29 | CVE-2020-35674 | SQL Injection vulnerability in Bigprof Online Invoicing System BigProf Online Invoicing System before 2.9 suffers from an unauthenticated SQL Injection found in /membership_passwordReset.php (the endpoint that is responsible for issuing self-service password resets). | 9.8 |
| 2022-09-29 | CVE-2021-45788 | SQL Injection vulnerability in Metersphere 1.15.4 Time-based SQL Injection vulnerabilities were found in Metersphere v1.15.4 via the "orders" parameter. | 8.8 |
| 2022-09-27 | CVE-2021-41433 | SQL Injection vulnerability in Resumes Management and JOB Application Website Application Project Resumes Management and JOB Application Website Application 1.0 SQL Injection vulnerability exists in version 1.0 of the Resumes Management and Job Application Website application login form by EGavilan Media that allows authentication bypass through login.php. network low complexity resumes-management-and-job-application-website-application-project CWE-89 critical | 9.8 |
| 2022-09-27 | CVE-2022-31367 | SQL Injection vulnerability in Strapi Strapi before 3.6.10 and 4.x before 4.1.10 mishandles hidden attributes within admin API responses. | 8.8 |
| 2022-09-27 | CVE-2022-37209 | SQL Injection vulnerability in Jflyfox Jfinal CMS 5.1.0 JFinal CMS 5.1.0 is affected by: SQL Injection. | 8.8 |
| 2022-09-27 | CVE-2022-3323 | SQL Injection vulnerability in Advantech Iview 5.7.04.6469 An SQL injection vulnerability in Advantech iView 5.7.04.6469. | 7.5 |
| 2022-09-27 | CVE-2022-40352 | SQL Injection vulnerability in Online Tours & Travels Management System Project Online Tours & Travels Management System 1.0 Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/update_traveller.php. | 7.2 |
| 2022-09-27 | CVE-2022-40353 | SQL Injection vulnerability in Online Tours & Travels Management System Project Online Tours & Travels Management System 1.0 Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/up_booking.php. | 7.2 |
| 2022-09-27 | CVE-2022-40354 | SQL Injection vulnerability in Online Tours & Travels Management System Project Online Tours & Travels Management System 1.0 Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/update_booking.php. | 7.2 |
| 2022-09-27 | CVE-2022-40877 | SQL Injection vulnerability in Exam Reviewer Management System Project Exam Reviewer Management System 1.0 Exam Reviewer Management System 1.0 is vulnerable to SQL Injection via the ‘id’ parameter. | 9.8 |