Search
Total
2383 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-29750 | 1 Simple Client Management System Project | 1 Simple Client Management System | 2022-05-19 | 7.5 HIGH | 9.8 CRITICAL |
| Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/classes/Master.php?f=delete_service. | |||||
| CVE-2022-29749 | 1 Simple Client Management System Project | 1 Simple Client Management System | 2022-05-19 | 7.5 HIGH | 9.8 CRITICAL |
| Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/classes/Master.php?f=delete_invoice. | |||||
| CVE-2022-29748 | 1 Simple Client Management System Project | 1 Simple Client Management System | 2022-05-19 | 7.5 HIGH | 9.8 CRITICAL |
| Simple Client Management System 1.0 is vulnerable to SQL Injection via \cms\admin?page=client/manage_client&id=. | |||||
| CVE-2022-29747 | 1 Simple Client Management System Project | 1 Simple Client Management System | 2022-05-19 | 7.5 HIGH | 9.8 CRITICAL |
| Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/admin/?page=invoice/manage_invoice&id= // Leak place ---> id. | |||||
| CVE-2022-29981 | 1 Simple Client Management System Project | 1 Simple Client Management System | 2022-05-19 | 7.5 HIGH | 9.8 CRITICAL |
| Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/classes/Users.php?f=delete. | |||||
| CVE-2022-29986 | 1 Online Sports Complex Booking System Project | 1 Online Sports Complex Booking System | 2022-05-19 | 7.5 HIGH | 9.8 CRITICAL |
| Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via \scbs\classes\Master.php?f=delete_facility. | |||||
| CVE-2022-29979 | 1 Simple Client Management System Project | 1 Simple Client Management System | 2022-05-19 | 7.5 HIGH | 9.8 CRITICAL |
| Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/classes/Master.php?f=delete_designation. | |||||
| CVE-2022-29985 | 1 Online Sports Complex Booking System Project | 1 Online Sports Complex Booking System | 2022-05-19 | 7.5 HIGH | 9.8 CRITICAL |
| Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via \scbs\classes\Master.php?f=delete_category. | |||||
| CVE-2022-29982 | 1 Simple Client Management System Project | 1 Simple Client Management System | 2022-05-19 | 7.5 HIGH | 9.8 CRITICAL |
| Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/admin/maintenance/manage_service.php?id=. | |||||
| CVE-2022-29984 | 1 Simple Client Management System Project | 1 Simple Client Management System | 2022-05-19 | 7.5 HIGH | 9.8 CRITICAL |
| Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/admin/?page=client/view_client&id=. | |||||
| CVE-2022-29987 | 1 Online Sports Complex Booking System Project | 1 Online Sports Complex Booking System | 2022-05-19 | 7.5 HIGH | 9.8 CRITICAL |
| Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/admin/?page=user/manage_user&id=. | |||||
| CVE-2022-29992 | 1 Online Sports Complex Booking System Project | 1 Online Sports Complex Booking System | 2022-05-19 | 7.5 HIGH | 9.8 CRITICAL |
| Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/admin/categories/manage_category.php?id=. | |||||
| CVE-2022-29993 | 1 Online Sports Complex Booking System Project | 1 Online Sports Complex Booking System | 2022-05-19 | 7.5 HIGH | 9.8 CRITICAL |
| Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/admin/bookings/view_booking.php?id=. | |||||
| CVE-2022-29995 | 1 Online Sports Complex Booking System Project | 1 Online Sports Complex Booking System | 2022-05-19 | 7.5 HIGH | 9.8 CRITICAL |
| Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/admin/?page=clients/manage_client&id=. | |||||
| CVE-2022-29306 | 1 Ionizecms | 1 Ionize | 2022-05-19 | 7.5 HIGH | 9.8 CRITICAL |
| IonizeCMS v1.0.8.1 was discovered to contain a SQL injection vulnerability via the id_page parameter in application/models/article_model.php. | |||||
| CVE-2022-29988 | 1 Online Sports Complex Booking System Project | 1 Online Sports Complex Booking System | 2022-05-19 | 7.5 HIGH | 9.8 CRITICAL |
| Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via \scbs\classes\Master.php?f=delete. | |||||
| CVE-2022-29746 | 1 Money Transfer Management System Project | 1 Money Transfer Management System | 2022-05-19 | 7.5 HIGH | 9.8 CRITICAL |
| Money Transfer Management System 1.0 is vulnerable to SQL Injection via /mtms/classes/Users.php?f=delete. | |||||
| CVE-2022-29994 | 1 Online Sports Complex Booking System Project | 1 Online Sports Complex Booking System | 2022-05-19 | 7.5 HIGH | 9.8 CRITICAL |
| Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/admin/?page=facilities/manage_facility&id=. | |||||
| CVE-2022-29990 | 1 Online Sports Complex Booking System Project | 1 Online Sports Complex Booking System | 2022-05-19 | 7.5 HIGH | 9.8 CRITICAL |
| Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/admin/categories/view_category.php?id=. | |||||
| CVE-2022-29989 | 1 Online Sports Complex Booking System Project | 1 Online Sports Complex Booking System | 2022-05-19 | 7.5 HIGH | 9.8 CRITICAL |
| Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via \scbs\classes\Master.php?f=delete_booking. | |||||
| CVE-2022-29739 | 1 Money Transfer Management System Project | 1 Money Transfer Management System | 2022-05-19 | 7.5 HIGH | 9.8 CRITICAL |
| Money Transfer Management System 1.0 is vulnerable to SQL Injection via /mtms/admin/?page=user/manage_user&id=. | |||||
| CVE-2022-29738 | 1 Money Transfer Management System Project | 1 Money Transfer Management System | 2022-05-19 | 7.5 HIGH | 9.8 CRITICAL |
| Money Transfer Management System 1.0 is vulnerable to SQL Injection via /mtms/admin/?page=transaction/send&id=, id. | |||||
| CVE-2022-29741 | 1 Money Transfer Management System Project | 1 Money Transfer Management System | 2022-05-19 | 7.5 HIGH | 9.8 CRITICAL |
| Money Transfer Management System 1.0 is vulnerable to SQL Injection via \mtms\classes\Master.php?f=delete_fee. | |||||
| CVE-2022-29983 | 1 Simple Client Management System Project | 1 Simple Client Management System | 2022-05-19 | 7.5 HIGH | 9.8 CRITICAL |
| Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/admin/?page=invoice/view_invoice&id=. | |||||
| CVE-2022-29980 | 1 Simple Client Management System Project | 1 Simple Client Management System | 2022-05-19 | 7.5 HIGH | 9.8 CRITICAL |
| Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/admin/?page=user/manage_user&id=. | |||||
| CVE-2022-29999 | 1 Insurance Management System Project | 1 Insurance Management System | 2022-05-19 | 7.5 HIGH | 9.8 CRITICAL |
| Insurance Management System 1.0 is vulnerable to SQL Injection via /insurance/editClient.php?client_id=. | |||||
| CVE-2022-29745 | 1 Money Transfer Management System Project | 1 Money Transfer Management System | 2022-05-19 | 7.5 HIGH | 9.8 CRITICAL |
| Money Transfer Management System 1.0 is vulnerable to SQL Injection via \mtms\classes\Master.php?f=delete_transaction. | |||||
| CVE-2022-30000 | 1 Insurance Management System Project | 1 Insurance Management System | 2022-05-19 | 7.5 HIGH | 9.8 CRITICAL |
| Insurance Management System 1.0 is vulnerable to SQL Injection via /insurance/editPayment.php?recipt_no=. | |||||
| CVE-2022-29998 | 1 Insurance Management System Project | 1 Insurance Management System | 2022-05-19 | 7.5 HIGH | 9.8 CRITICAL |
| Insurance Management System 1.0 is vulnerable to SQL Injection via /insurance/clientStatus.php?client_id=. | |||||
| CVE-2022-30001 | 1 Insurance Management System Project | 1 Insurance Management System | 2022-05-19 | 7.5 HIGH | 9.8 CRITICAL |
| Insurance Management System 1.0 is vulnerable to SQL Injection via /insurance/editAgent.php?agent_id=. | |||||
| CVE-2022-29317 | 1 Simple Bus Ticket Booking System Project | 1 Simple Bus Ticket Booking System | 2022-05-18 | 7.5 HIGH | 9.8 CRITICAL |
| Simple Bus Ticket Booking System v1.0 was discovered to contain multiple SQL injection vulnerbilities via the username and password parameters at /assets/partials/_handleLogin.php. | |||||
| CVE-2022-29316 | 1 Complete Online Job Search System Project | 1 Complete Online Job Search System | 2022-05-18 | 7.5 HIGH | 9.8 CRITICAL |
| Complete Online Job Search System v1.0 was discovered to contain a SQL injection vulnerability via /eris/index.php?q=result&searchfor=advancesearch. | |||||
| CVE-2022-29656 | 1 Wedding Management System Project | 1 Wedding Management System | 2022-05-17 | 7.5 HIGH | 9.8 CRITICAL |
| Wedding Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /Wedding-Management/package_detail.php. | |||||
| CVE-2022-30335 | 1 Wealth | 1 Bonanza Wealth Management System | 2022-05-17 | 7.5 HIGH | 9.8 CRITICAL |
| Bonanza Wealth Management System (BWM) 7.3.2 allows SQL injection via the login form. Users who supply the application with a SQL injection payload in the User Name textbox could collect all passwords in encrypted format from the Microsoft SQL Server component. | |||||
| CVE-2021-43094 | 1 Openmrs | 2 Openmrs, Reference Application | 2022-05-17 | 7.5 HIGH | 9.8 CRITICAL |
| An SQL Injection vulnerability exists in OpenMRS Reference Application Standalone Edition <=2.11 and Platform Standalone Edition <=2.4.0 via GET requests on arbitrary parameters in patient.page. | |||||
| CVE-2022-28110 | 1 Hotel Management System Project | 1 Hotel Management System | 2022-05-17 | 7.5 HIGH | 9.8 CRITICAL |
| Hotel Management System v1.0 was discovered to contain a SQL injection vulnerability via the username parameter at the login page. | |||||
| CVE-2022-27412 | 1 Exploreit | 1 Explore Cms | 2022-05-17 | 7.5 HIGH | 9.8 CRITICAL |
| Explore CMS v1.0 was discovered to contain a SQL injection vulnerability via a /page.php?id= request. | |||||
| CVE-2022-29535 | 1 Zohocorp | 1 Manageengine Opmanager | 2022-05-17 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine OPManager through 125588 allows SQL Injection via a few default reports. | |||||
| CVE-2022-0814 | 1 Ubigeo De Peru Para Woocommerce Project | 1 Ubigeo De Peru Para Woocommerce | 2022-05-17 | 7.5 HIGH | 9.8 CRITICAL |
| The Ubigeo de Perú para Woocommerce WordPress plugin before 3.6.4 does not properly sanitise and escape some parameters before using them in SQL statements via various AJAX actions, some of which are available to unauthenticated users, leading to SQL Injections | |||||
| CVE-2022-1013 | 1 Ays-pro | 1 Personal Dictionary | 2022-05-17 | 7.5 HIGH | 9.8 CRITICAL |
| The Personal Dictionary WordPress plugin before 1.3.4 fails to properly sanitize user supplied POST data before it is being interpolated in an SQL statement and then executed, leading to a blind SQL injection vulnerability. | |||||
| CVE-2022-0948 | 1 Pluginbazaar | 1 Order Listener For Woocommerce | 2022-05-17 | 7.5 HIGH | 9.8 CRITICAL |
| The Order Listener for WooCommerce WordPress plugin before 3.2.2 does not sanitise and escape the id parameter before using it in a SQL statement via a REST route available to unauthenticated users, leading to an SQL injection | |||||
| CVE-2022-29411 | 1 Hermit Project | 1 Hermit | 2022-05-16 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection (SQLi) vulnerability in Mufeng's Hermit ????? plugin <= 3.1.6 on WordPress allows attackers to execute SQLi attack via (&id). | |||||
| CVE-2021-41080 | 1 Zohocorp | 1 Manageengine Network Configuration Manager | 2022-05-16 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine Network Configuration Manager before ??125465 is vulnerable to SQL Injection in a hardware details search. | |||||
| CVE-2021-41081 | 1 Zohocorp | 1 Manageengine Network Configuration Manager | 2022-05-16 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine Network Configuration Manager before ??125465 is vulnerable to SQL Injection in a configuration search. | |||||
| CVE-2022-0592 | 1 Mapsvg | 1 Mapsvg | 2022-05-16 | 7.5 HIGH | 9.8 CRITICAL |
| The MapSVG WordPress plugin before 6.2.20 does not validate and escape a parameter via a REST endpoint before using it in a SQL statement, leading to a SQL Injection exploitable by unauthenticated users. | |||||
| CVE-2022-0783 | 1 Themehigh | 1 Multiple Shipping Addresses For Woocommerce | 2022-05-16 | 7.5 HIGH | 9.8 CRITICAL |
| The Multiple Shipping Address Woocommerce WordPress plugin before 2.0 does not properly sanitise and escape numerous parameters before using them in SQL statements via some AJAX actions available to unauthenticated users, leading to unauthenticated SQL injections | |||||
| CVE-2022-0826 | 1 Wp-video-gallery-free Project | 1 Wp-video-gallery-free | 2022-05-16 | 7.5 HIGH | 9.8 CRITICAL |
| The WP Video Gallery WordPress plugin through 1.7.1 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action, leading to an SQL Injection exploitable by unauthenticated users | |||||
| CVE-2022-0817 | 1 Badgeos | 1 Badgeos | 2022-05-16 | 7.5 HIGH | 9.8 CRITICAL |
| The BadgeOS WordPress plugin through 3.7.0 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action, leading to an SQL Injection exploitable by unauthenticated users | |||||
| CVE-2022-28163 | 1 Broadcom | 1 Sannav | 2022-05-13 | 7.5 HIGH | 9.8 CRITICAL |
| In Brocade SANnav before Brocade SANnav 2.2.0, multiple endpoints associated with Zone management are susceptible to SQL injection, allowing an attacker to run arbitrary SQL commands. | |||||
| CVE-2020-19213 | 1 Piwigo | 1 Piwigo | 2022-05-13 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection vulnerability in cat_move.php in piwigo v2.9.5, via the selection parameter to move_categories. | |||||