Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-14 | CVE-2024-25217 | SQL Injection vulnerability in Oretnom23 Online Medicine Ordering System 1.0 Online Medicine Ordering System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /omos/?p=products/view_product. | 9.8 |
| 2024-02-14 | CVE-2024-25220 | SQL Injection vulnerability in Task Manager in PHP With Source Code Project Task Manager in PHP With Source Code 1.0 Task Manager App v1.0 was discovered to contain a SQL injection vulnerability via the taskID parameter at /TaskManager/EditTask.php. | 9.8 |
| 2024-02-14 | CVE-2024-25222 | SQL Injection vulnerability in Task Manager in PHP With Source Code Project Task Manager in PHP With Source Code 1.0 Task Manager App v1.0 was discovered to contain a SQL injection vulnerability via the projectID parameter at /TaskManager/EditProject.php. | 9.8 |
| 2024-02-14 | CVE-2024-25223 | SQL Injection vulnerability in Code-Projects Simple Admin Panel 1.0 Simple Admin Panel App v1.0 was discovered to contain a SQL injection vulnerability via the orderID parameter at /adminView/viewEachOrder.php. | 9.8 |
| 2024-02-14 | CVE-2023-48987 | SQL Injection vulnerability in Cusg Content Management System Blind SQL Injection vulnerability in CU Solutions Group (CUSG) Content Management System (CMS) before v.7.75 allows a remote attacker to execute arbitrary code, escalate privileges, and obtain sensitive information via a crafted script to the pages.php component. | 7.5 |
| 2024-02-13 | CVE-2024-24142 | SQL Injection vulnerability in Rems School Task Manager 1.0 Sourcecodester School Task Manager 1.0 allows SQL Injection via the 'subject' parameter. | 9.8 |
| 2024-02-13 | CVE-2024-22923 | SQL Injection vulnerability in Advradius ADV Radius 2.2.5 SQL injection vulnerability in adv radius v.2.2.5 allows a local attacker to execute arbitrary code via a crafted script. | 9.8 |
| 2024-02-12 | CVE-2024-23763 | SQL Injection vulnerability in Gambio 4.9.2.0 SQL Injection vulnerability in Gambio through 4.9.2.0 allows attackers to run arbitrary SQL commands via crafted GET request using modifiers[attribute][] parameter. | 9.8 |
| 2024-02-12 | CVE-2024-22221 | SQL Injection vulnerability in Dell Unity Operating Environment Dell Unity, versions prior to 5.4, contains SQL Injection vulnerability. | 6.5 |
| 2024-02-12 | CVE-2024-0566 | SQL Injection vulnerability in Storeapps Smart Manager The Smart Manager WordPress plugin before 8.28.0 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin. | 7.2 |