Search
Total
2383 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-32337 | 1 Hospital\'s Patient Records Management System Project | 1 Hospital\'s Patient Records Management System | 2022-06-22 | 7.5 HIGH | 9.8 CRITICAL |
| Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/admin/patients/manage_patient.php?id=. | |||||
| CVE-2022-32352 | 1 Hospital\'s Patient Records Management System Project | 1 Hospital\'s Patient Records Management System | 2022-06-22 | 7.5 HIGH | 9.8 CRITICAL |
| Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/classes/Master.php?f=delete_patient_admission. | |||||
| CVE-2022-32336 | 1 Fast Food Ordering System Project | 1 Fast Food Ordering System | 2022-06-22 | 7.5 HIGH | 9.8 CRITICAL |
| Fast Food Ordering System v1.0 is vulnerable to SQL Injection via /ffos/admin/menus/view_menu.php?id=. | |||||
| CVE-2022-23168 | 1 Amodat | 1 Mobile Application Gateway | 2022-06-22 | 7.5 HIGH | 9.8 CRITICAL |
| The attacker could get access to the database. The SQL injection is in the username parameter at the login panel: username: admin'-- | |||||
| CVE-2022-2067 | 1 Rosariosis | 1 Rosariosis | 2022-06-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| SQL Injection in GitHub repository francoisjacquet/rosariosis prior to 9.0. | |||||
| CVE-2022-28452 | 1 Redplanetcomputers | 1 Laundry Management System | 2022-06-21 | 7.5 HIGH | 9.8 CRITICAL |
| Red Planet Laundry Management System 1.0 is vulnerable to SQL Injection. | |||||
| CVE-2022-0786 | 1 Iqonic | 1 Kivicare | 2022-06-17 | 7.5 HIGH | 9.8 CRITICAL |
| The KiviCare WordPress plugin before 2.3.9 does not sanitise and escape some parameters before using them in SQL statements via the ajax_post AJAX action with the get_doctor_details route, leading to SQL Injections exploitable by unauthenticated users | |||||
| CVE-2022-0827 | 1 Presspage | 1 Bestbooks | 2022-06-17 | 7.5 HIGH | 9.8 CRITICAL |
| The Bestbooks WordPress plugin through 2.6.3 does not sanitise and escape some parameters before using them in a SQL statement via an AJAX action, leading to an SQL Injection exploitable by unauthenticated users | |||||
| CVE-2022-31788 | 1 Ideaco | 1 Idealms | 2022-06-17 | 7.5 HIGH | 9.8 CRITICAL |
| IdeaLMS 2022 allows SQL injection via the IdeaLMS/ChatRoom/ClassAccessControl/6?isBigBlueButton=0&ClassID= pathname. | |||||
| CVE-2017-20029 | 1 Phplist | 1 Phplist | 2022-06-17 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability was found in PHPList 3.2.6 and classified as critical. This issue affects some unknown processing of the file /lists/index.php of the component Edit Subscription. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.3.1 is able to address this issue. It is recommended to upgrade the affected component. | |||||
| CVE-2017-20032 | 1 Phplist | 1 Phplist | 2022-06-17 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability was found in PHPList 3.2.6. It has been rated as critical. Affected by this issue is some unknown functionality of the component Subscription. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.3.1 is able to address this issue. It is recommended to upgrade the affected component. | |||||
| CVE-2021-41754 | 1 Dynamicvision | 1 Dynamicmarkt | 2022-06-17 | 7.5 HIGH | 9.8 CRITICAL |
| dynamicMarkt <= 3.10 is affected by SQL injection in the parent parameter of index.php. | |||||
| CVE-2021-41755 | 1 Dynamicvision | 1 Dynamicmarkt | 2022-06-17 | 7.5 HIGH | 9.8 CRITICAL |
| dynamicMarkt <= 3.10 is affected by SQL injection in the kat1 parameter of index.php. | |||||
| CVE-2021-41756 | 1 Dynamicvision | 1 Dynamicmarkt | 2022-06-17 | 7.5 HIGH | 9.8 CRITICAL |
| dynamicMarkt <= 3.10 is affected by SQL injection in the kat parameter of index.php. | |||||
| CVE-2022-1692 | 1 Dwbooster | 1 Cp Image Store With Slideshow | 2022-06-15 | 7.5 HIGH | 9.8 CRITICAL |
| The CP Image Store with Slideshow WordPress plugin before 1.0.68 does not sanitise and escape the ordering_by query parameter before using it in a SQL statement in pages where the [codepeople-image-store] is embed, allowing unauthenticated users to perform an SQL injection attack | |||||
| CVE-2022-30927 | 1 Simple Task Scheduling System Project | 1 Simple Task Scheduling System | 2022-06-14 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL injection vulnerability exists in Simple Task Scheduling System 1.0 when MySQL is being used as the application database. An attacker can issue SQL commands to the MySQL database through the vulnerable "id" parameter. | |||||
| CVE-2022-31768 | 1 Ibm | 1 Infosphere Information Server | 2022-06-14 | 7.5 HIGH | 9.8 CRITICAL |
| IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. | |||||
| CVE-2022-30599 | 3 Fedoraproject, Moodle, Redhat | 3 Fedora, Moodle, Enterprise Linux | 2022-06-13 | 7.5 HIGH | 9.8 CRITICAL |
| A flaw was found in moodle where an SQL injection risk was identified in Badges code relating to configuring criteria. | |||||
| CVE-2020-36541 | 1 Demokratian | 1 Demokratian | 2022-06-11 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability was found in Demokratian. It has been rated as critical. Affected by this issue is some unknown functionality of the file basicos_php/genera_select.php. The manipulation of the argument id_provincia with the input -1%20union%20all%20select%201,2,3,4,database() leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. | |||||
| CVE-2020-36539 | 1 Logicoycreativo | 1 Logico Y Creativo | 2022-06-11 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability was found in Lógico y Creativo 1.0 and classified as critical. This issue affects some unknown processing. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. | |||||
| CVE-2020-36540 | 1 Neetai | 1 Neetai Tech | 2022-06-11 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, was found in Neetai Tech. Affected is an unknown function of the file /product.php. The manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2022-29704 | 1 Browsbox | 1 Brows Box | 2022-06-11 | 7.5 HIGH | 9.8 CRITICAL |
| BrowsBox CMS v4.0 was discovered to contain a SQL injection vulnerability. | |||||
| CVE-2022-30797 | 1 Online Ordering System Project | 1 Online Ordering System | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| Online Ordering System 1.0 by oretnom23 is vulnerable to SQL Injection via admin/vieworders.php. | |||||
| CVE-2022-30512 | 1 School Dormitory Management System Project | 1 School Dormitory Management System | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| School Dormitory Management System 1.0 is vulnerable to SQL Injection via accounts/payment_history.php:31. | |||||
| CVE-2022-30511 | 1 School Dormitory Management System Project | 1 School Dormitory Management System | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| School Dormitory Management System 1.0 is vulnerable to SQL Injection via accounts/view_details.php:4. | |||||
| CVE-2022-30510 | 1 School Dormitory Management System Project | 1 School Dormitory Management System | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| School Dormitory Management System 1.0 is vulnerable to SQL Injection via reports/daily_collection_report.php:59. | |||||
| CVE-2022-30490 | 1 Badminton Center Management System Project | 1 Badminton Center Management System | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| Badminton Center Management System V1.0 is vulnerable to SQL Injection via parameter 'id' in /bcms/admin/court_rentals/update_status.php. | |||||
| CVE-2022-30481 | 1 Food-order-and-table-reservation-system Project | 1 Food-order-and-table-reservation-system | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| Food-order-and-table-reservation-system- 1.0 is vulnerable to SQL Injection in categorywise-menu.php via the catid parameters. | |||||
| CVE-2022-30478 | 1 Ecommerce-project-with-php-and-mysqli-fruits-bazar Project | 1 Ecommerce-project-with-php-and-mysqli-fruits-bazar | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| Ecommerce-project-with-php-and-mysqli-Fruits-Bazar 1.0 is vulnerable to SQL Injection in \search_product.php via the keyword parameters. | |||||
| CVE-2022-31946 | 1 Rescue Dispatch Management System Project | 1 Rescue Dispatch Management System | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/classes/Master.php?f=delete_team. | |||||
| CVE-2022-31948 | 1 Rescue Dispatch Management System Project | 1 Rescue Dispatch Management System | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/classes/Master.php?f=delete_report. | |||||
| CVE-2022-31952 | 1 Rescue Dispatch Management System Project | 1 Rescue Dispatch Management System | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| Rescue Dispatch Management System v1.0 is vulnerable to SQL injection via /rdms/classes/Master.php?f=delete_incident. | |||||
| CVE-2022-31951 | 1 Rescue Dispatch Management System Project | 1 Rescue Dispatch Management System | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/classes/Master.php?f=delete_respondent_type. | |||||
| CVE-2022-31959 | 1 Rescue Dispatch Management System Project | 1 Rescue Dispatch Management System | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/admin/teams/manage_team.php?id=. | |||||
| CVE-2022-32002 | 1 Badminton Center Management System Project | 1 Badminton Center Management System | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/courts/manage_court.php?id=. | |||||
| CVE-2022-31989 | 1 Badminton Center Management System Project | 1 Badminton Center Management System | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/?page=user/manage_user&id=. | |||||
| CVE-2022-31991 | 1 Badminton Center Management System Project | 1 Badminton Center Management System | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| Badminton Center Management System v1.0 is vulnerable to SQL Injection via bcms/classes/Master.php?f=delete_court. | |||||
| CVE-2022-31990 | 1 Badminton Center Management System Project | 1 Badminton Center Management System | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| Badminton Center Management System v1.0 is vulnerable to SQL Injection via bcms/classes/Master.php?f=delete_product. | |||||
| CVE-2022-31993 | 1 Badminton Center Management System Project | 1 Badminton Center Management System | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/classes/Master.php?f=delete_service. | |||||
| CVE-2022-31976 | 1 Online Fire Reporting System Project | 1 Online Fire Reporting System | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/classes/Master.php?f=delete_request. | |||||
| CVE-2022-31977 | 1 Online Fire Reporting System Project | 1 Online Fire Reporting System | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/classes/Master.php?f=delete_team. | |||||
| CVE-2022-31978 | 1 Online Fire Reporting System Project | 1 Online Fire Reporting System | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/classes/Master.php?f=delete_inquiry. | |||||
| CVE-2022-31957 | 1 Rescue Dispatch Management System Project | 1 Rescue Dispatch Management System | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via rdms/admin/teams/view_team.php?id=. | |||||
| CVE-2022-31956 | 1 Rescue Dispatch Management System Project | 1 Rescue Dispatch Management System | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/admin/incident_reports/manage_report.php?id=. | |||||
| CVE-2022-31328 | 1 Online Ordering System Project | 1 Online Ordering System | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| Online Ordering System By janobe 2.3.2 has SQL Injection via /ordering/admin/products/index.php?view=edit&id=. | |||||
| CVE-2022-31953 | 1 Rescue Dispatch Management System Project | 1 Rescue Dispatch Management System | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/admin/incident_reports/view_report.php?id=. | |||||
| CVE-2022-31329 | 1 Online Ordering System Project | 1 Online Ordering System | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| Online Ordering System By janobe 2.3.2 is vulnerable to SQL Injection via /ordering/admin/orders/loaddata.php. | |||||
| CVE-2022-31335 | 1 Online Ordering System Project | 1 Online Ordering System | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| Online Ordering System 2.3.2 is vulnerable to SQL Injection via /ordering/admin/stockin/index.php?view=edit&id=. | |||||
| CVE-2022-31336 | 1 Online Ordering System Project | 1 Online Ordering System | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| Online Ordering System 2.3.2 is vulnerable to SQL Injection via /ordering/admin/stockin/loaddata.php. | |||||
| CVE-2022-31337 | 1 Online Ordering System Project | 1 Online Ordering System | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| Online Ordering System 2.3.2 is vulnerable to SQL Injection via /ordering/admin/category/index.php?view=edit&id=. | |||||