Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-02-14 | CVE-2023-48987 | SQL Injection vulnerability in Cusg Content Management System Blind SQL Injection vulnerability in CU Solutions Group (CUSG) Content Management System (CMS) before v.7.75 allows a remote attacker to execute arbitrary code, escalate privileges, and obtain sensitive information via a crafted script to the pages.php component. | 7.5 |
2024-02-13 | CVE-2024-22923 | SQL Injection vulnerability in Advradius ADV Radius 2.2.5 SQL injection vulnerability in adv radius v.2.2.5 allows a local attacker to execute arbitrary code via a crafted script. | 9.8 |
2024-02-13 | CVE-2024-23810 | A vulnerability has been identified in SINEC NMS (All versions < V2.0 SP1). low complexity CWE-89 | 8.8 |
2024-02-12 | CVE-2024-23763 | SQL Injection vulnerability in Gambio 4.9.2.0 SQL Injection vulnerability in Gambio through 4.9.2.0 allows attackers to run arbitrary SQL commands via crafted GET request using modifiers[attribute][] parameter. | 9.8 |
2024-02-12 | CVE-2024-22221 | SQL Injection vulnerability in Dell Unity Operating Environment 5.0.7.0.5.008/5.2.0.0.5.173/5.3.0.0.5.120 Dell Unity, versions prior to 5.4, contains SQL Injection vulnerability. | 6.5 |
2024-02-10 | CVE-2024-0594 | SQL Injection vulnerability in Getawesomesupport Awesome Support The Awesome Support – WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to union-based SQL Injection via the 'q' parameter of the wpas_get_users action in all versions up to, and including, 6.1.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 8.8 |
2024-02-09 | CVE-2023-6677 | SQL Injection vulnerability in Oduyo Online Collection 1.0.1 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Oduyo Financial Technology Online Collection allows SQL Injection.This issue affects Online Collection: before v.1.0.2. | 9.8 |
2024-02-09 | CVE-2024-25302 | SQL Injection vulnerability in Remyandrade Event Student Attendance System 1.0 Sourcecodester Event Student Attendance System 1.0, allows SQL Injection via the 'student' parameter. | 9.8 |
2024-02-09 | CVE-2024-25307 | SQL Injection vulnerability in Code-Projects Cinema Seat Reservation System 1.0 Code-projects Cinema Seat Reservation System 1.0 allows SQL Injection via the 'id' parameter at "/Cinema-Reservation/booking.php?id=1." | 9.8 |
2024-02-09 | CVE-2024-25310 | SQL Injection vulnerability in Code-Projects Simple School Management System 1.0 Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'id' parameter at "School/delete.php?id=5." | 8.8 |