Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by CWE-89

CVSS v3 Filter

ALL
NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 2383 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-28426 1 Baby Care System Project 1 Baby Care System 2022-04-29 7.5 HIGH 9.8 CRITICAL
Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/pagerole.php&action=edit&roleid=.
CVE-2022-28425 1 Baby Care System Project 1 Baby Care System 2022-04-29 7.5 HIGH 9.8 CRITICAL
Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/pagerole.php&action=display&value=1&roleid=.
CVE-2020-27241 1 Openclinic Ga Project 1 Openclinic Ga 2022-04-29 7.5 HIGH 9.8 CRITICAL
An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. The serialnumber parameter in the getAssets.jsp page is vulnerable to unauthenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.
CVE-2022-28420 1 Baby Care System Project 1 Baby Care System 2022-04-29 7.5 HIGH 9.8 CRITICAL
Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via BabyCare/admin.php?id=theme&setid=.
CVE-2022-28417 1 Home Owners Collection Management System Project 1 Home Owners Collection Management System 2022-04-29 7.5 HIGH 9.8 CRITICAL
Home Owners Collection Management System v1.0 was discovered to contain a SQL injection vulnerability via /hocms/classes/Master.php?f=delete_phase.
CVE-2020-27238 1 Openclinic Ga Project 1 Openclinic Ga 2022-04-28 7.5 HIGH 9.8 CRITICAL
An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. The code parameter in the getAssets.jsp page is vulnerable to unauthenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.
CVE-2020-27240 1 Openclinic Ga Project 1 Openclinic Ga 2022-04-28 7.5 HIGH 9.8 CRITICAL
An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. The componentStatus parameter in the getAssets.jsp page is vulnerable to unauthenticated SQL injection An attacker can make an authenticated HTTP request to trigger this vulnerability.
CVE-2020-27239 1 Openclinic Ga Project 1 Openclinic Ga 2022-04-28 7.5 HIGH 9.8 CRITICAL
An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. The assetStatus parameter in the getAssets.jsp page is vulnerable to unauthenticated SQL injection An attacker can make an authenticated HTTP request to trigger this vulnerability.
CVE-2020-27234 1 Openclinic Ga Project 1 Openclinic Ga 2022-04-28 7.5 HIGH 9.8 CRITICAL
An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3 in the serviceUID parameter. An attacker can make an authenticated HTTP request to trigger this vulnerability.
CVE-2020-27233 1 Openclinic Ga Project 1 Openclinic Ga 2022-04-28 7.5 HIGH 9.8 CRITICAL
An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3 in the supplierUID parameter. An attacker can make an authenticated HTTP request to trigger this vulnerability.
CVE-2020-27235 1 Openclinic Ga Project 1 Openclinic Ga 2022-04-28 7.5 HIGH 9.8 CRITICAL
An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3 in the description parameter. An attacker can make an authenticated HTTP request to trigger this vulnerability.
CVE-2020-27236 1 Openclinic Ga Project 1 Openclinic Ga 2022-04-28 7.5 HIGH 9.8 CRITICAL
An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3 in the compnomenclature parameter. An attacker can make an authenticated HTTP request to trigger this vulnerability.
CVE-2020-27237 1 Openclinic Ga Project 1 Openclinic Ga 2022-04-28 7.5 HIGH 9.8 CRITICAL
An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. The code parameter in the The nomenclature parameter in the getAssets.jsp page is vulnerable to unauthenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.
CVE-2022-28427 1 Baby Care System Project 1 Baby Care System 2022-04-28 7.5 HIGH 9.8 CRITICAL
Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/inbox.php&action=read&msgid=.
CVE-2022-28431 1 Baby Care System Project 1 Baby Care System 2022-04-28 7.5 HIGH 9.8 CRITICAL
Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/siteoptions.php&social=remove&sid=2.
CVE-2022-28429 1 Baby Care System Project 1 Baby Care System 2022-04-28 7.5 HIGH 9.8 CRITICAL
Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/inbox.php&action=delete&msgid=.
CVE-2022-28023 1 Purchase Order Management System Project 1 Purchase Order Management System 2022-04-28 7.5 HIGH 9.8 CRITICAL
Purchase Order Management System v1.0 was discovered to contain a SQL injection vulnerability via /purchase_order/classes/Master.php?f=delete_supplier.
CVE-2022-28432 1 Baby Care System Project 1 Baby Care System 2022-04-28 7.5 HIGH 9.8 CRITICAL
Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin.php?id=siteoptions&social=display&value=0&sid=2.
CVE-2022-28434 1 Baby Care System Project 1 Baby Care System 2022-04-28 7.5 HIGH 9.8 CRITICAL
Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin.php?id=siteoptions&social=edit&sid=2.
CVE-2022-28433 1 Baby Care System Project 1 Baby Care System 2022-04-28 7.5 HIGH 9.8 CRITICAL
Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/uesrs.php&action=display&value=Show&userid=.
CVE-2022-28435 1 Baby Care System Project 1 Baby Care System 2022-04-28 7.5 HIGH 9.8 CRITICAL
Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/siteoptions.php&action=displaygoal&value=1&roleid=1.
CVE-2022-28438 1 Baby Care System Project 1 Baby Care System 2022-04-28 7.5 HIGH 9.8 CRITICAL
Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/uesrs.php&action=type&userrole=User&userid=.
CVE-2022-28436 1 Baby Care System Project 1 Baby Care System 2022-04-28 7.5 HIGH 9.8 CRITICAL
Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/uesrs.php&action=display&value=Hide&userid=.
CVE-2022-28439 1 Baby Care System Project 1 Baby Care System 2022-04-28 7.5 HIGH 9.8 CRITICAL
Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/uesrs.php&&action=delete&userid=4.
CVE-2022-28415 1 Home Owners Collection Management System Project 1 Home Owners Collection Management System 2022-04-28 7.5 HIGH 9.8 CRITICAL
Home Owners Collection Management System v1.0 was discovered to contain a SQL injection vulnerability via /hocms/classes/Master.php?f=delete_collection.
CVE-2022-28416 1 Home Owners Collection Management System Project 1 Home Owners Collection Management System 2022-04-28 7.5 HIGH 9.8 CRITICAL
Home Owners Collection Management System v1.0 was discovered to contain a SQL injection vulnerability via /hocms/classes/Master.php?f=delete_phase.
CVE-2022-28414 1 Home Owners Collection Management System Project 1 Home Owners Collection Management System 2022-04-28 7.5 HIGH 9.8 CRITICAL
Home Owners Collection Management System v1.0 was discovered to contain a SQL injection vulnerability via /hocms/classes/Master.php?f=delete_member.
CVE-2022-28413 1 Car Driving School Management System Project 1 Car Driving School Management System 2022-04-28 7.5 HIGH 9.8 CRITICAL
Car Driving School Management System v1.0 was discovered to contain a SQL injection vulnerability via /cdsms/classes/Master.php?f=delete_enrollment.
CVE-2022-28412 1 Car Driving School Management System Project 1 Car Driving School Management System 2022-04-28 7.5 HIGH 9.8 CRITICAL
Car Driving School Managment System v1.0 was discovered to contain a SQL injection vulnerability via /cdsms/classes/Master.php?f=delete_package.
CVE-2022-28029 1 Simple Real Estate Portal System Project 1 Simple Real Estate Portal System 2022-04-28 7.5 HIGH 9.8 CRITICAL
Simple Real Estate Portal System v1.0 was discovered to contain a SQL injection vulnerability via /reps/classes/Master.php?f=delete_type.
CVE-2022-28411 1 Simple Real Estate Portal System Portal 1 Simple Real Estate Portal System 2022-04-28 7.5 HIGH 9.8 CRITICAL
Simple Real Estate Portal System v1.0 was discovered to contain a SQL injection vulnerability via /reps/admin/?page=agents/manage_agent.
CVE-2022-28028 1 Simple Real Estate Portal System Project 1 Simple Real Estate Portal System 2022-04-28 7.5 HIGH 9.8 CRITICAL
Simple Real Estate Portal System v1.0 was discovered to contain a SQL injection vulnerability via /reps/classes/Master.php?f=delete_amenity.
CVE-2022-28030 1 Simple Real Estate Portal System Project 1 Simple Real Estate Portal System 2022-04-28 7.5 HIGH 9.8 CRITICAL
Simple Real Estate Portal System v1.0 was discovered to contain a SQL injection vulnerability via /reps/classes/Master.php?f=delete_estate.
CVE-2022-28410 1 Simple Real Estate Portal System Project 1 Simple Real Estate Portal System 2022-04-28 7.5 HIGH 9.8 CRITICAL
Simple Real Estate Portal System v1.0 was discovered to contain a SQL injection vulnerability via /reps/classes/Users.php?f=delete_agent.
CVE-2022-28026 1 Student Grading System Project 1 Student Grading System 2022-04-28 7.5 HIGH 9.8 CRITICAL
Student Grading System v1.0 was discovered to contain a SQL injection vulnerability via /student-grading-system/rms.php?page=student_p&id=.
CVE-2022-28024 1 Student Grading System Project 1 Student Grading System 2022-04-28 7.5 HIGH 9.8 CRITICAL
Student Grading System v1.0 was discovered to contain a SQL injection vulnerability via /student-grading-system/rms.php?page=grade.
CVE-2022-28025 1 Student Grading System Project 1 Student Grading System 2022-04-28 7.5 HIGH 9.8 CRITICAL
Student Grading System v1.0 was discovered to contain a SQL injection vulnerability via /student-grading-system/rms.php?page=school_year.
CVE-2022-28437 1 Baby Care System Project 1 Baby Care System 2022-04-28 7.5 HIGH 9.8 CRITICAL
Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/uesrs.php&action=type&userrole=Admin&userid=3.
CVE-2022-28022 1 Purchase Order Management System Project 1 Purchase Order Management System 2022-04-28 7.5 HIGH 9.8 CRITICAL
Purchase Order Management System v1.0 was discovered to contain a SQL injection vulnerability via /purchase_order/classes/Master.php?f=delete_item.
CVE-2022-24231 1 Simple Student Information System Project 1 Simple Student Information System 2022-04-27 10.0 HIGH 9.8 CRITICAL
Simple Student Information System v1.0 was discovered to contain a SQL injection vulnerability via add/Student.
CVE-2020-12720 1 Vbulletin 1 Vbulletin 2022-04-27 7.5 HIGH 9.8 CRITICAL
vBulletin before 5.5.6pl1, 5.6.0 before 5.6.0pl1, and 5.6.1 before 5.6.1pl1 has incorrect access control.
CVE-2022-27104 1 Formalms 1 Formalms 2022-04-27 7.5 HIGH 9.8 CRITICAL
An Unauthenticated time-based blind SQL injection vulnerability exists in Forma LMS prior to v.1.4.3.
CVE-2022-26651 1 Digium 2 Asterisk, Certified Asterisk 2022-04-27 7.5 HIGH 9.8 CRITICAL
An issue was discovered in Asterisk through 19.x and Certified Asterisk through 16.8-cert13. The func_odbc module provides possibly inadequate escaping functionality for backslash characters in SQL queries, resulting in user-provided data creating a broken SQL query or possibly a SQL injection. This is fixed in 16.25.2, 18.11.2, and 19.3.2, and 16.8-cert14.
CVE-2022-0785 1 Daily Prayer Time Project 1 Daily Prayer Time 2022-04-27 7.5 HIGH 9.8 CRITICAL
The Daily Prayer Time WordPress plugin before 2022.03.01 does not sanitise and escape the month parameter before using it in a SQL statement via the get_monthly_timetable AJAX action (available to unauthenticated users), leading to an unauthenticated SQL injection
CVE-2020-13567 2 Open-emr, Phpgacl Project 2 Openemr, Phpgacl 2022-04-26 7.5 HIGH 9.8 CRITICAL
Multiple SQL injection vulnerabilities exist in phpGACL 3.3.7. A specially crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability.
CVE-2022-26631 1 Automatic Question Paper Generator Project 1 Automatic Question Paper Generator 2022-04-26 7.5 HIGH 9.8 CRITICAL
Automatic Question Paper Generator v1.0 contains a Time-Based Blind SQL injection vulnerability via the id GET parameter.
CVE-2021-3278 1 Local Services Search Engine Management System Project 1 Local Services Search Engine Management System 2022-04-26 7.5 HIGH 9.8 CRITICAL
Local Service Search Engine Management System 1.0 has a vulnerability through authentication bypass using SQL injection . Using this vulnerability, an attacker can bypass the login page.
CVE-2022-27423 1 Chamilo 1 Chamilo Lms 2022-04-25 7.5 HIGH 9.8 CRITICAL
Chamilo LMS v1.11.13 was discovered to contain a SQL injection vulnerability via the blog_id parameter at /blog/blog.php.
CVE-2021-29114 1 Esri 1 Arcgis Server 2022-02-28 7.5 HIGH 9.8 CRITICAL
A SQL injection vulnerability in feature services provided by Esri ArcGIS Server 10.9 and below allows a remote, unauthenticated attacker to impact the confidentiality, integrity and availability of targeted services via specifically crafted queries.
CVE-2022-23366 1 Hms Project 1 Hms 2022-02-28 7.5 HIGH 9.8 CRITICAL
HMS v1.0 was discovered to contain a SQL injection vulnerability via patientlogin.php.