Search
Total
2383 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-30500 | 1 Jflyfox | 1 Jfinal Cms | 2022-06-03 | 7.5 HIGH | 9.8 CRITICAL |
| Jfinal cms 5.1.0 is vulnerable to SQL Injection. | |||||
| CVE-2021-37413 | 1 Grandcom | 1 Dynweb | 2022-06-01 | 7.5 HIGH | 9.8 CRITICAL |
| GRANDCOM DynWEB before 4.2 contains a SQL Injection vulnerability in the admin login interface. A remote unauthenticated attacker can exploit this vulnerability to obtain administrative access to the webpage, access the user database, modify web content and upload custom files. The backend login script does not verify and sanitize user-provided strings. | |||||
| CVE-2020-6138 | 1 Os4ed | 1 Opensis | 2022-05-31 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability exists in the password reset functionality of OS4Ed openSIS 7.3. The uname parameter in the password reset page /opensis/ResetUserInfo.php is vulnerable to SQL injection An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2020-6139 | 1 Os4ed | 1 Opensis | 2022-05-31 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability exists in the password reset functionality of OS4Ed openSIS 7.3. The username_stf_email parameter in the password reset page /opensis/ResetUserInfo.php is vulnerable to SQL injection. An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2020-6140 | 1 Os4ed | 1 Opensis | 2022-05-31 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability exists in the password reset functionality of OS4Ed openSIS 7.3. The password_stf_email parameter in the password reset page /opensis/ResetUserInfo.php is vulnerable to SQL injection. An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2020-6141 | 1 Os4ed | 1 Opensis | 2022-05-31 | 7.5 HIGH | 9.8 CRITICAL |
| An exploitable SQL injection vulnerability exists in the login functionality of OS4Ed openSIS 7.3. A specially crafted HTTP request can lead to SQL injection. An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2020-6137 | 1 Os4ed | 1 Opensis | 2022-05-31 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability exists in the password reset functionality of OS4Ed openSIS 7.3. The password_stf_email parameter in the password reset page /opensis/ResetUserInfo.php is vulnerable to SQL injection. An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2022-30838 | 1 Covid 19 Travel Pass Management System Project | 1 Covid 19 Travel Pass Management System | 2022-05-30 | 7.5 HIGH | 9.8 CRITICAL |
| Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL Injection via /ctpms/classes/Master.php?f=update_application_status | |||||
| CVE-2022-1014 | 1 Wp Contacts Manager Project | 1 Wp Contacts Manager | 2022-05-30 | 7.5 HIGH | 9.8 CRITICAL |
| The WP Contacts Manager WordPress plugin through 2.2.4 fails to properly sanitize user supplied POST data before it is being interpolated in an SQL statement and then executed, leading to an SQL injection vulnerability. | |||||
| CVE-2022-30461 | 1 Water Billing System Project | 1 Water Billing System | 2022-05-28 | 7.5 HIGH | 9.8 CRITICAL |
| Water-billing-management-system v1.0 is vulnerable to SQL Injection via /wbms/classes/Master.php?f=delete_client, id | |||||
| CVE-2022-30455 | 1 Badminton Center Management System Project | 1 Badminton Center Management System | 2022-05-28 | 7.5 HIGH | 9.8 CRITICAL |
| Badminton Center Management System 1.0 is vulnerable to SQL Injection via /bcms/classes/Master.php?f=delete_court_rental, id. | |||||
| CVE-2022-30454 | 1 Merchandise Online Store Project | 1 Merchandise Online Store | 2022-05-28 | 7.5 HIGH | 9.8 CRITICAL |
| Merchandise Online Store 1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_product. | |||||
| CVE-2022-29660 | 1 Chshcms | 1 Cscms Music Portal System | 2022-05-28 | 7.5 HIGH | 9.8 CRITICAL |
| CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/pic/del. | |||||
| CVE-2022-0781 | 1 Nirweb | 1 Nirweb Support | 2022-05-28 | 7.5 HIGH | 9.8 CRITICAL |
| The Nirweb support WordPress plugin before 2.8.2 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action (available to unauthenticated users), leading to an SQL injection | |||||
| CVE-2022-26633 | 1 Simple Student Quarterly Result\/grade System Project | 1 Simple Student Quarterly Result\/grade System | 2022-05-26 | 7.5 HIGH | 9.8 CRITICAL |
| Simple Student Quarterly Result/Grade System v1.0 was discovered to contain a SQL injection vulnerability via /sqgs/Actions.php. | |||||
| CVE-2022-26632 | 1 Multi-vendor Online Groceries Management System Project | 1 Multi-vendor Online Groceries Management System | 2022-05-26 | 7.5 HIGH | 9.8 CRITICAL |
| Multi-Vendor Online Groceries Management System v1.0 was discovered to contain a blind SQL injection vulnerability via the id parameter in /products/view_product.php. | |||||
| CVE-2022-28531 | 1 Covid-19 Directory On Vaccination System Project | 1 Covid-19 Directory On Vaccination System | 2022-05-26 | 7.5 HIGH | 9.8 CRITICAL |
| Sourcecodester Covid-19 Directory on Vaccination System1.0 is vulnerable to SQL Injection via the admin/login.php txtusername (aka Username) field. | |||||
| CVE-2022-30518 | 1 Chatbot Application With A Suggestion Feature Project | 1 Chatbot Application With A Suggestion Feature | 2022-05-26 | 7.5 HIGH | 9.8 CRITICAL |
| ChatBot Application with a Suggestion Feature 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /simple_chat_bot/admin/responses/view_response.php. | |||||
| CVE-2022-30886 | 1 School Dormitory Management System Project | 1 School Dormitory Management System | 2022-05-26 | 7.5 HIGH | 9.8 CRITICAL |
| School Dormitory Management System v1.0 was discovered to contain a SQL injection vulnerability via the month parameter at /dms/admin/reports/daily_collection_report.php. | |||||
| CVE-2022-28105 | 1 Online Sports Complex Booking System Project | 1 Online Sports Complex Booking System | 2022-05-26 | 7.5 HIGH | 9.8 CRITICAL |
| Online Sports Complex Booking System v1.0 was discovered to contain a blind SQL injection vulnerability via the id parameter in /scbs/view_facility.php. | |||||
| CVE-2022-28962 | 1 Online Sports Complex Booking System Project | 1 Online Sports Complex Booking System | 2022-05-26 | 7.5 HIGH | 9.8 CRITICAL |
| Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/classes/Users.php?f=delete_client. | |||||
| CVE-2022-30054 | 1 Covid 19 Travel Pass Management Project | 1 Covid 19 Travel Pass Management | 2022-05-25 | 7.5 HIGH | 9.8 CRITICAL |
| In Covid 19 Travel Pass Management 1.0, the code parameter is vulnerable to SQL injection attacks. | |||||
| CVE-2022-30052 | 1 Home Clean Service System Project | 1 Home Clean Service System | 2022-05-25 | 7.5 HIGH | 9.8 CRITICAL |
| In Home Clean Service System 1.0, the password parameter is vulnerable to SQL injection attacks. | |||||
| CVE-2022-30053 | 1 Toll Tax Management System Project | 1 Toll Tax Management System | 2022-05-25 | 7.5 HIGH | 9.8 CRITICAL |
| In Toll Tax Management System 1.0, the id parameter appears to be vulnerable to SQL injection attacks. | |||||
| CVE-2022-1731 | 1 Allgeier | 1 Metasonic Doc Webclient | 2022-05-25 | 6.8 MEDIUM | 9.8 CRITICAL |
| Metasonic Doc WebClient 7.0.14.0 / 7.0.12.0 / 7.0.3.0 is vulnerable to a SQL injection attack in the username field. SSO or System authentication are required to be enabled for vulnerable conditions to exist. | |||||
| CVE-2022-0867 | 1 Reputeinfosystems | 1 Pricing Table | 2022-05-24 | 7.5 HIGH | 9.8 CRITICAL |
| The Pricing Table WordPress plugin before 3.6.1 fails to properly sanitize and escape user supplied POST data before it is being interpolated in an SQL statement and then executed via an AJAX action available to unauthenticated users | |||||
| CVE-2022-30011 | 1 Hospital Managment System Project | 1 Hospital Managment System | 2022-05-24 | 7.5 HIGH | 9.8 CRITICAL |
| In HMS 1.0 when requesting appointment.php through POST, multiple parameters can lead to a SQL injection vulnerability. | |||||
| CVE-2022-30765 | 1 Calibre-web Project | 1 Calibre-web | 2022-05-24 | 7.5 HIGH | 9.8 CRITICAL |
| Calibre-Web before 0.6.18 allows user table SQL Injection. | |||||
| CVE-2022-28930 | 1 Erp-pro Project | 1 Erp-pro | 2022-05-24 | 7.5 HIGH | 9.8 CRITICAL |
| ERP-Pro v3.7.5 was discovered to contain a SQL injection vulnerability via the component /base/SysEveMenuAuthPointMapper.xml.. | |||||
| CVE-2022-24831 | 1 Openclinica | 1 Openclinica | 2022-05-24 | 7.5 HIGH | 9.8 CRITICAL |
| OpenClinica is an open source software for Electronic Data Capture (EDC) and Clinical Data Management (CDM). Versions prior to 3.16.1 are vulnerable to SQL injection due to the use of string concatenation to create SQL queries instead of prepared statements. No known workarounds exist. This issue has been patched in 3.16.1, 3.15.9, 3.14.1, and 3.13.1 and users are advised to upgrade. | |||||
| CVE-2022-29383 | 1 Netgear | 2 Ssl312, Ssl312 Firmware | 2022-05-24 | 7.5 HIGH | 9.8 CRITICAL |
| NETGEAR ProSafe SSL VPN firmware FVS336Gv2 and FVS336Gv3 was discovered to contain a SQL injection vulnerability via USERDBDomains.Domainname at cgi-bin/platform.cgi. | |||||
| CVE-2022-28929 | 1 Hospital Management System Project | 1 Hospital Management System | 2022-05-23 | 7.5 HIGH | 9.8 CRITICAL |
| Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the delid parameter at viewtreatmentrecord.php. | |||||
| CVE-2022-30413 | 1 Covid 19 Travel Pass Management System Project | 1 Covid 19 Travel Pass Management System | 2022-05-23 | 7.5 HIGH | 9.8 CRITICAL |
| Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL Injection via /ctpms/classes/Master.php?f=delete_application. | |||||
| CVE-2022-30407 | 1 Pharmacy Sales And Inventory System Project | 1 Pharmacy Sales And Inventory System | 2022-05-23 | 7.5 HIGH | 9.8 CRITICAL |
| Pharmacy Sales And Inventory System v1.0 is vulnerable to SQL Injection via /pharmacy-sales-and-inventory-system/manage_user.php?id=. | |||||
| CVE-2022-30392 | 1 Merchandise Online Store Project | 1 Merchandise Online Store | 2022-05-23 | 7.5 HIGH | 9.8 CRITICAL |
| Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_sub_category. | |||||
| CVE-2022-30395 | 1 Merchandise Online Store Project | 1 Merchandise Online Store | 2022-05-23 | 7.5 HIGH | 9.8 CRITICAL |
| Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_cart. | |||||
| CVE-2022-30387 | 1 Merchandise Online Store Project | 1 Merchandise Online Store | 2022-05-23 | 7.5 HIGH | 9.8 CRITICAL |
| Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=pay_order. | |||||
| CVE-2022-30391 | 1 Merchandise Online Store Project | 1 Merchandise Online Store | 2022-05-23 | 7.5 HIGH | 9.8 CRITICAL |
| Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_category. | |||||
| CVE-2022-30385 | 1 Merchandise Online Store Project | 1 Merchandise Online Store | 2022-05-23 | 7.5 HIGH | 9.8 CRITICAL |
| Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_order. | |||||
| CVE-2022-30384 | 1 Merchandise Online Store Project | 1 Merchandise Online Store | 2022-05-23 | 7.5 HIGH | 9.8 CRITICAL |
| Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_inventory. | |||||
| CVE-2022-30386 | 1 Merchandise Online Store Project | 1 Merchandise Online Store | 2022-05-23 | 7.5 HIGH | 9.8 CRITICAL |
| Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_featured. | |||||
| CVE-2022-30370 | 1 Air Cargo Management System Project | 1 Air Cargo Management System | 2022-05-23 | 7.5 HIGH | 9.8 CRITICAL |
| Air Cargo Management System 1.0 is vulnerable to SQL Injection via /acms/classes/Master.php?f=delete_cargo_type. | |||||
| CVE-2022-29009 | 1 Cyber Cafe Management System Project | 1 Cyber Cafe Management System | 2022-05-23 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Cyber Cafe Management System Project v1.0 allows attackers to bypass authentication. | |||||
| CVE-2022-29007 | 1 Dairy Farm Shop Management System Project | 1 Dairy Farm Shop Management System | 2022-05-23 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Dairy Farm Shop Management System v1.0 allows attackers to bypass authentication. | |||||
| CVE-2022-29006 | 1 Phpgurukul | 1 Directory Management System | 2022-05-23 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Directory Management System v1.0 allows attackers to bypass authentication. | |||||
| CVE-2022-22413 | 1 Ibm | 1 Robotic Process Automation | 2022-05-21 | 7.5 HIGH | 9.8 CRITICAL |
| IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 223022. | |||||
| CVE-2022-30449 | 1 Hospital Management System Project | 1 Hospital Management System | 2022-05-20 | 7.5 HIGH | 9.8 CRITICAL |
| Hospital Management System in PHP with Source Code (HMS) 1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in room.php. | |||||
| CVE-2022-30048 | 1 Mingsoft | 1 Mcms | 2022-05-20 | 7.5 HIGH | 9.8 CRITICAL |
| Mingsoft MCMS 5.2.7 was discovered to contain a SQL injection vulnerability in /mdiy/dict/list URI via orderBy parameter. | |||||
| CVE-2022-30047 | 1 Mingsoft | 1 Mcms | 2022-05-20 | 7.5 HIGH | 9.8 CRITICAL |
| Mingsoft MCMS v5.2.7 was discovered to contain a SQL injection vulnerability in /mdiy/dict/listExcludeApp URI via orderBy parameter. | |||||
| CVE-2022-29751 | 1 Simple Client Management System Project | 1 Simple Client Management System | 2022-05-19 | 7.5 HIGH | 9.8 CRITICAL |
| Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/classes/Master.php?f=delete_client. | |||||