Search
Total
2383 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-31338 | 1 Online Ordering System Project | 1 Online Ordering System | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| Online Ordering System 2.3.2 is vulnerable to SQL Injection via /ordering/admin/user/index.php?view=edit&id=. | |||||
| CVE-2022-31965 | 1 Rescue Dispatch Management System Project | 1 Rescue Dispatch Management System | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/admin/respondent_types/manage_respondent_type.php?id=. | |||||
| CVE-2022-31340 | 1 Simple Inventory System Project | 1 Simple Inventory System | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| Simple Inventory System v1.0 is vulnerable to SQL Injection via /inventory/table_edit_ajax.php. | |||||
| CVE-2022-31964 | 1 Rescue Dispatch Management System Project | 1 Rescue Dispatch Management System | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via rdms/admin/respondent_types/view_respondent_type.php?id=. | |||||
| CVE-2022-31961 | 1 Rescue Dispatch Management System Project | 1 Rescue Dispatch Management System | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/admin/incidents/manage_incident.php?id=. | |||||
| CVE-2022-31962 | 1 Rescue Dispatch Management System Project | 1 Rescue Dispatch Management System | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/admin/incidents/view_incident.php?id=. | |||||
| CVE-2022-31343 | 1 Online Car Wash Booking System Project | 1 Online Car Wash Booking System | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/admin/?page=bookings/view_details&id=. | |||||
| CVE-2022-31344 | 1 Online Car Wash Booking System Project | 1 Online Car Wash Booking System | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/classes/Master.php?f=delete_booking. | |||||
| CVE-2022-31345 | 1 Online Car Wash Booking System Project | 1 Online Car Wash Booking System | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/admin/?page=user/manage_user&id=. | |||||
| CVE-2022-31346 | 1 Online Car Wash Booking System Project | 1 Online Car Wash Booking System | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/classes/Master.php?f=delete_service. | |||||
| CVE-2022-31347 | 1 Online Car Wash Booking System Project | 1 Online Car Wash Booking System | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/classes/Master.php?f=delete_vehicle. | |||||
| CVE-2022-31348 | 1 Online Car Wash Booking System Project | 1 Online Car Wash Booking System | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/admin/bookings/update_status.php?id=. | |||||
| CVE-2022-31350 | 1 Online Car Wash Booking System Project | 1 Online Car Wash Booking System | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/admin/vehicles/manage_vehicle.php?id=. | |||||
| CVE-2022-31351 | 1 Online Car Wash Booking System Project | 1 Online Car Wash Booking System | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| Online Car Wash Booking System v1.0 by oretnom23 has SQL injection via /ocwbs/admin/services/manage_price.php?id=. | |||||
| CVE-2022-31352 | 1 Online Car Wash Booking System Project | 1 Online Car Wash Booking System | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| Online Car Wash Booking System v1.0 by oretnom23 has SQL injection in /ocwbs/admin/services/manage_service.php?id=. | |||||
| CVE-2022-31353 | 1 Online Car Wash Booking System Project | 1 Online Car Wash Booking System | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/admin/services/view_service.php?id=. | |||||
| CVE-2022-31354 | 1 Online Car Wash Booking System Project | 1 Online Car Wash Booking System | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/classes/Master.php?f=get_vehicle_service. | |||||
| CVE-2022-31327 | 1 Online Ordering System Project | 1 Online Ordering System | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| Online Ordering System By janobe 2.3.2 is vulneranle to SQL Injection via /ordering/index.php?q=products&id=. | |||||
| CVE-2022-31969 | 1 Chatbot App With Suggestion Project | 1 Chatbot App With Suggestion | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| ChatBot App with Suggestion v1.0 is vulnerable to SQL Injection via /simple_chat_bot/admin/?page=user/manage_user&id=. | |||||
| CVE-2022-30809 | 1 Elitecms | 1 Elite Cms | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| elitecms 1.01 is vulnerable to SQL Injection via /admin/edit_page.php?page=. | |||||
| CVE-2022-30817 | 1 Simple Bus Ticket Booking System Project | 1 Simple Bus Ticket Booking System | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| Simple Bus Ticket Booking System 1.0 is vulnerable to SQL Injection via /SimpleBusTicket/index.php. | |||||
| CVE-2022-30816 | 1 Elitecms | 1 Elite Cms | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| elitecms 1.01 is vulnerable to SQL Injection via /admin/edit_sidebar.php. | |||||
| CVE-2022-30815 | 1 Elitecms | 1 Elite Cms | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| elitecms 1.01 is vulnerable to SQL Injection via admin/edit_sidebar.php?page=2&sidebar= | |||||
| CVE-2022-30814 | 1 Elitecms | 1 Elite Cms | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| elitecms v1.01 is vulnerable to SQL Injection via /admin/add_sidebar.php. | |||||
| CVE-2022-30813 | 1 Elitecms | 1 Elite Cms | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| elitecms 1.01 is vulnerable to SQL Injection via /admin/add_post.php. | |||||
| CVE-2022-30810 | 1 Elitecms | 1 Elite Cms | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| elitecms v1.01 is vulnerable to SQL Injection via admin/edit_post.php. | |||||
| CVE-2022-30352 | 1 Phpabook Project | 1 Phpabook | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| phpABook 0.9i is vulnerable to SQL Injection due to insufficient sanitization of user-supplied data in the "auth_user" parameter in index.php script. | |||||
| CVE-2022-29659 | 1 Responsive Online Blog Project | 1 Responsive Online Blog | 2022-06-09 | 7.5 HIGH | 9.8 CRITICAL |
| Responsive Online Blog v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at single.php. | |||||
| CVE-2022-28346 | 2 Debian, Djangoproject | 2 Debian Linux, Django | 2022-06-09 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. QuerySet.annotate(), aggregate(), and extra() methods are subject to SQL injection in column aliases via a crafted dictionary (with dictionary expansion) as the passed **kwargs. | |||||
| CVE-2022-29155 | 1 Openldap | 1 Openldap | 2022-06-09 | 7.5 HIGH | 9.8 CRITICAL |
| In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerability exists in the experimental back-sql backend to slapd, via a SQL statement within an LDAP query. This can occur during an LDAP search operation when the search filter is processed, due to a lack of proper escaping. | |||||
| CVE-2021-26633 | 2 Linux, Maxb | 2 Linux Kernel, Maxboard | 2022-06-09 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection and Local File Inclusion (LFI) vulnerabilities in MaxBoard can cause information leakage and privilege escalation. This vulnerabilities can be exploited by manipulating a variable with a desired value and inserting and arbitrary file. | |||||
| CVE-2019-12351 | 1 Zzcms | 1 Zzcms | 2022-06-09 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in zzcms 2019. SQL Injection exists in dl/dl_print.php via an id parameter value with a trailing comma. | |||||
| CVE-2019-12350 | 1 Zzcms | 1 Zzcms | 2022-06-09 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in zzcms 2019. SQL Injection exists in dl/dl_download.php via an id parameter value with a trailing comma. | |||||
| CVE-2019-12349 | 1 Zzcms | 1 Zzcms | 2022-06-09 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in zzcms 2019. SQL Injection exists in /admin/dl_sendsms.php via the id parameter. | |||||
| CVE-2021-44095 | 1 Hospital Management System Project | 1 Hospital Management System | 2022-06-08 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL injection vulnerability exists in ProjectWorlds Hospital Management System in php 1.0 on login page that allows a remote attacker to compromise Application SQL database. | |||||
| CVE-2021-44096 | 1 Egavilanmedia | 1 User Registration And Login System With Admin Panel | 2022-06-08 | 7.5 HIGH | 9.8 CRITICAL |
| EGavilan Media User-Registration-and-Login-System-With-Admin-Panel 1.0 is vulnerable to SQL Injection via profile_action - update_user. This allows a remote attacker to compromise Application SQL database. | |||||
| CVE-2021-44097 | 1 Contact-form-with-messages-entry-management Project | 1 Contact-form-with-messages-entry-management | 2022-06-08 | 7.5 HIGH | 9.8 CRITICAL |
| EGavilan Media Contact-Form-With-Messages-Entry-Management 1.0 is vulnerable to SQL Injection via Addmessage.php. This allows a remote attacker to compromise Application SQL database. | |||||
| CVE-2021-44098 | 1 Egavilanmedia | 1 Expense Management System | 2022-06-08 | 7.5 HIGH | 9.8 CRITICAL |
| EGavilan Media Expense-Management-System 1.0 is vulnerable to SQL Injection via /expense_action.php. This allows a remote attacker to compromise Application SQL database. | |||||
| CVE-2013-10003 | 1 Telecomsoftware | 2 Samwin Agent, Samwin Contact Center | 2022-06-08 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability classified as critical has been found in Telecommunication Software SAMwin Contact Center Suite 5.1. This affects the function getCurrentDBVersion in the library SAMwinLIBVB.dll of the database handler. The manipulation leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 6.2 is able to address this issue. It is recommended to upgrade the affected component. | |||||
| CVE-2022-1556 | 1 Era404 | 1 Stafflist | 2022-06-08 | 7.5 HIGH | 9.8 CRITICAL |
| The StaffList WordPress plugin before 3.1.5 does not properly sanitise and escape a parameter before using it in a SQL statement when searching for Staff in the admin dashboard, leading to an SQL Injection | |||||
| CVE-2022-0836 | 1 Semadatacoop | 1 Sema Api | 2022-06-08 | 7.5 HIGH | 9.8 CRITICAL |
| The SEMA API WordPress plugin before 4.02 does not properly sanitise and escape some parameters before using them in SQL statements via an AJAX action, leading to SQL Injections exploitable by unauthenticated users | |||||
| CVE-2020-13499 | 1 Aveva | 1 Edna Enterprise Data Historian | 2022-06-07 | 7.5 HIGH | 9.8 CRITICAL |
| An SQL injection vulnerability exists in the CHaD.asmx web service functionality of eDNA Enterprise Data Historian 3.0.1.2/7.5.4989.33053. Specially crafted SOAP web requests can cause SQL injections resulting in data compromise. Parameter InstancePath in CHaD.asmx is vulnerable to unauthenticated SQL injection attacks. | |||||
| CVE-2020-13500 | 1 Aveva | 1 Edna Enterprise Data Historian | 2022-06-07 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability exists in the CHaD.asmx web service functionality of eDNA Enterprise Data Historian 3.0.1.2/7.5.4989.33053. Specially crafted SOAP web requests can cause SQL injections resulting in data compromise. Parameter ClassName in CHaD.asmx is vulnerable to unauthenticated SQL injection attacks. | |||||
| CVE-2020-13501 | 1 Aveva | 1 Edna Enterprise Data Historian | 2022-06-07 | 7.5 HIGH | 9.8 CRITICAL |
| An SQL injection vulnerability exists in the CHaD.asmx web service functionality of eDNA Enterprise Data Historian 3.0.1.2/7.5.4989.33053. Specially crafted SOAP web requests can cause SQL injections resulting in data compromise. Parameter InstanceName in CHaD.asmx is vulnerable to unauthenticated SQL injection attacks. | |||||
| CVE-2018-4056 | 2 Coturn Project, Debian | 2 Coturn, Debian Linux | 2022-06-07 | 7.5 HIGH | 9.8 CRITICAL |
| An exploitable SQL injection vulnerability exists in the administrator web portal function of coTURN prior to version 4.5.0.9. A login message with a specially crafted username can cause an SQL injection, resulting in authentication bypass, which could give access to the TURN server administrator web portal. An attacker can log in via the external interface of the TURN server to trigger this vulnerability. | |||||
| CVE-2022-28862 | 1 Archibus | 1 Web Central | 2022-06-03 | 7.5 HIGH | 9.8 CRITICAL |
| In Archibus Web Central before 26.2, multiple SQL Injection vulnerabilities occur in dwr/call/plaincall/workflow.runWorkflowRule.dwr. Through the injection of arbitrary SQL statements, a potential attacker can modify query syntax and perform unauthorized (and unexpected) operations against the remote database. This is fixed in all recent versions, such as version 26.2. | |||||
| CVE-2022-30493 | 1 Automotive Shop Management System Project | 1 Automotive Shop Management System | 2022-06-03 | 10.0 HIGH | 9.8 CRITICAL |
| In oretnom23 Automotive Shop Management System v1.0, the product id parameter suffers from a blind SQL Injection Vulnerability allowing remote attackers to dump all database credential and gain admin access(privilege escalation). | |||||
| CVE-2021-21465 | 1 Sap | 1 Business Warehouse | 2022-06-03 | 6.5 MEDIUM | 9.9 CRITICAL |
| The BW Database Interface allows an attacker with low privileges to execute any crafted database queries, exposing the backend database. An attacker can include their own SQL commands which the database will execute without properly sanitizing the untrusted data leading to SQL injection vulnerability which can fully compromise the affected SAP system. | |||||
| CVE-2022-29650 | 1 Online Food Ordering System Project | 1 Online Food Ordering System | 2022-06-03 | 7.5 HIGH | 9.8 CRITICAL |
| Online Food Ordering System v1.0 was discovered to contain a SQL injection vulnerability via the Search parameter at /online-food-order/food-search.php. | |||||
| CVE-2022-30516 | 1 Hospital Management System Project | 1 Hospital Management System | 2022-06-03 | 7.5 HIGH | 9.8 CRITICAL |
| In Hospital-Management-System v1.0, the editid parameter in the doctor.php page is vulnerable to SQL injection attacks. | |||||