Search
Total
1733 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-31982 | 1 Online Fire Reporting System Project | 1 Online Fire Reporting System | 2022-06-10 | 6.5 MEDIUM | 7.2 HIGH |
| Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=requests/view_request&id=. | |||||
| CVE-2022-31984 | 1 Online Fire Reporting System Project | 1 Online Fire Reporting System | 2022-06-10 | 6.5 MEDIUM | 7.2 HIGH |
| Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/requests/take_action.php?id=. | |||||
| CVE-2022-31339 | 1 Simple Inventory System Project | 1 Simple Inventory System | 2022-06-10 | 6.5 MEDIUM | 7.2 HIGH |
| Simple Inventory System v1.0 is vulnerable to SQL Injection via /inventory/login.php. | |||||
| CVE-2022-30835 | 1 Wedding Management System Project | 1 Wedding Management System | 2022-06-10 | 6.5 MEDIUM | 7.2 HIGH |
| Wedding Management System v1.0 is vulnerable to SQL Injection. via /Wedding-Management/admin/budget.php?booking_id=. | |||||
| CVE-2022-31971 | 1 Chatbot App With Suggestion Project | 1 Chatbot App With Suggestion | 2022-06-10 | 6.5 MEDIUM | 7.2 HIGH |
| ChatBot App with Suggestion v1.0 is vulnerable to SQL Injection via /simple_chat_bot/admin/?page=responses/view_response&id=. | |||||
| CVE-2022-30834 | 1 Wedding Management System Project | 1 Wedding Management System | 2022-06-10 | 6.5 MEDIUM | 7.2 HIGH |
| Wedding Management System v1.0 is vulnerable to SQL Injection via /Wedding-Management/admin/client_manage_account_details.php?booking_id=31&user_id= | |||||
| CVE-2022-30832 | 1 Wedding Management System Project | 1 Wedding Management System | 2022-06-10 | 6.5 MEDIUM | 7.2 HIGH |
| Wedding Management System v1.0 is vulnerable to SQL Injection via /Wedding-Management/admin/client_assign.php?booking=31&user_id=. | |||||
| CVE-2022-30831 | 1 Wedding Management System Project | 1 Wedding Management System | 2022-06-10 | 6.5 MEDIUM | 7.2 HIGH |
| Wedding Management System v1.0 is vulnerable to SQL Injection via Wedding-Management/wedding_details.php. | |||||
| CVE-2022-30830 | 1 Wedding Management System Project | 1 Wedding Management System | 2022-06-10 | 6.5 MEDIUM | 7.2 HIGH |
| Wedding Management System v1.0 is vulnerable to SQL Injection via \admin\feature_edit.php. | |||||
| CVE-2022-30829 | 1 Wedding Management System Project | 1 Wedding Management System | 2022-06-10 | 6.5 MEDIUM | 7.2 HIGH |
| Wedding Management System v1.0 is vulnerable to SQL Injection via \admin\users_edit.php. | |||||
| CVE-2022-31970 | 1 Chatbot App With Suggestion Project | 1 Chatbot App With Suggestion | 2022-06-10 | 6.5 MEDIUM | 7.2 HIGH |
| ChatBot App with Suggestion v1.0 is vulnerable to SQL Injection via /simple_chat_bot/admin/?page=responses/manage_response&id=. | |||||
| CVE-2022-30833 | 1 Wedding Management System Project | 1 Wedding Management System | 2022-06-10 | 6.5 MEDIUM | 7.2 HIGH |
| Wedding Management System v1.0 is vulnerable to SQL Injection via /Wedding-Management/admin/client_edit.php?booking=31&user_id=. | |||||
| CVE-2022-30836 | 1 Wedding Management System Project | 1 Wedding Management System | 2022-06-10 | 6.5 MEDIUM | 7.2 HIGH |
| Wedding Management System v1.0 is vulnerable to SQL Injection. via Wedding-Management/admin/select.php. | |||||
| CVE-2022-30828 | 1 Wedding Management System Project | 1 Wedding Management System | 2022-06-10 | 6.5 MEDIUM | 7.2 HIGH |
| Wedding Management System v1.0 is vulnerable to SQL Injection via \admin\photos_edit.php. | |||||
| CVE-2022-30827 | 1 Wedding Management System Project | 1 Wedding Management System | 2022-06-10 | 6.5 MEDIUM | 7.2 HIGH |
| Wedding Management System v1.0 is vulnerable to SQL Injection via \admin\package_edit.php. | |||||
| CVE-2022-30826 | 1 Wedding Management System Project | 1 Wedding Management System | 2022-06-10 | 6.5 MEDIUM | 7.2 HIGH |
| Wedding Management System v1.0 is vulnerable to SQL Injection via admin\client_assign.php. | |||||
| CVE-2022-30818 | 1 Wedding Management System Project | 1 Wedding Management System | 2022-06-10 | 6.5 MEDIUM | 7.2 HIGH |
| Wedding Management System v1.0 is vulnerable to SQL injection via /Wedding-Management/admin/blog_events_edit.php?id=31. | |||||
| CVE-2022-30825 | 1 Wedding Management System Project | 1 Wedding Management System | 2022-06-10 | 6.5 MEDIUM | 7.2 HIGH |
| Wedding Management System v1.0 is vulnerable to SQL Injection via \admin\client_edit.php. | |||||
| CVE-2022-30823 | 1 Wedding Management System Project | 1 Wedding Management System | 2022-06-10 | 6.5 MEDIUM | 7.2 HIGH |
| Wedding Management System v1.0 is vulnerable to SQL Injection via \admin\blog_events_edit.php. | |||||
| CVE-2022-24848 | 1 Dhis2 | 1 Dhis 2 | 2022-06-08 | 6.5 MEDIUM | 8.8 HIGH |
| DHIS2 is an information system for data capture, management, validation, analytics and visualization. A SQL injection security vulnerability affects the `/api/programs/orgUnits?programs=` API endpoint in DHIS2 versions prior to 2.36.10.1 and 2.37.6.1. The system is vulnerable to attack only from users that are logged in to DHIS2, and there is no known way of exploiting the vulnerability without first being logged in as a DHIS2 user. The vulnerability is not exposed to a non-malicious user and requires a conscious attack to be exploited. A successful exploit of this vulnerability could allow the malicious user to read, edit and delete data in the DHIS2 instance's database. Security patches are now available for DHIS2 versions 2.36.10.1 and 2.37.6.1. One may apply mitigations at the web proxy level as a workaround. More information about these mitigations is available in the GitHub Security Advisory. | |||||
| CVE-2022-22495 | 1 Ibm | 1 I | 2022-06-07 | 6.5 MEDIUM | 8.8 HIGH |
| IBM i 7.3, 7.4, and 7.5 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 226941. | |||||
| CVE-2020-13526 | 1 Processmaker | 1 Processmaker | 2022-06-07 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability exists in the handling of sort parameters in ProcessMaker 3.4.11. A specially crafted HTTP request can cause an SQL injection. The reportTables_Ajax and clientSetupAjax pages are vulnerable to SQL injection in the sort parameter.An attacker can make an authenticated HTTP request to trigger these vulnerabilities. | |||||
| CVE-2020-13525 | 1 Processmaker | 1 Processmaker | 2022-06-07 | 6.5 MEDIUM | 8.8 HIGH |
| The sort parameter in the download page /sysworkflow/en/neoclassic/reportTables/reportTables_Ajax is vulnerable to SQL injection in ProcessMaker 3.4.11. A specially crafted HTTP request can cause an SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | |||||
| CVE-2022-27385 | 1 Mariadb | 1 Mariadb | 2022-06-07 | 5.0 MEDIUM | 7.5 HIGH |
| An issue in the component Used_tables_and_const_cache::used_tables_and_const_cache_join of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. | |||||
| CVE-2022-1361 | 1 Cambiumnetworks | 1 Cnmaestro | 2022-06-07 | 5.0 MEDIUM | 7.5 HIGH |
| The affected On-Premise cnMaestro is vulnerable to a pre-auth data exfiltration through improper neutralization of special elements used in an SQL command. This could allow an attacker to exfiltrate data about other user’s accounts and devices. | |||||
| CVE-2022-1358 | 1 Cambiumnetworks | 1 Cnmaestro | 2022-06-06 | 5.0 MEDIUM | 7.5 HIGH |
| The affected On-Premise is vulnerable to data exfiltration through improper neutralization of special elements used in an SQL command. This could allow an attacker to exfiltrate and dump all data held in the cnMaestro database. | |||||
| CVE-2017-4972 | 2 Cloudfoundry, Pivotal Software | 3 Cf-release, Cloud Foundry Uaa Bosh, Cloud Foundry Uaa | 2022-06-03 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v257; UAA release 2.x versions prior to v2.7.4.14, 3.6.x versions prior to v3.6.8, 3.9.x versions prior to v3.9.10, and other versions prior to v3.15.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.12, 24.x versions prior to v24.7, and other versions prior to v30. An attacker can use a blind SQL injection attack to query the contents of the UAA database. | |||||
| CVE-2022-1883 | 1 Camptocamp | 1 Terraboard | 2022-06-03 | 6.5 MEDIUM | 8.8 HIGH |
| SQL Injection in GitHub repository camptocamp/terraboard prior to 2.2.0. | |||||
| CVE-2021-38694 | 1 Softvibe | 1 Saraban | 2022-06-03 | 5.0 MEDIUM | 7.5 HIGH |
| SoftVibe SARABAN for INFOMA 1.1 allows SQL Injection. | |||||
| CVE-2022-1838 | 1 Home Clean Services Management System Project | 1 Home Clean Services Management System | 2022-06-02 | 6.5 MEDIUM | 7.2 HIGH |
| A vulnerability classified as critical has been found in Home Clean Services Management System 1.0. This affects an unknown part of admin/login.php. The manipulation of the argument username with the input admin%'/**/AND/**/(SELECT/**/5383/**/FROM/**/(SELECT(SLEEP(5)))JPeh)/**/AND/**/'frfq%'='frfq leads to sql injection. It is possible to initiate the attack remotely but it requires authentication. Exploit details have been disclosed to the public. | |||||
| CVE-2022-1839 | 1 Home Clean Services Management System Project | 1 Home Clean Services Management System | 2022-06-02 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability classified as critical was found in Home Clean Services Management System 1.0. This vulnerability affects the file login.php. The manipulation of the argument email with the input admin%'/**/AND/**/(SELECT/**/5383/**/FROM/**/(SELECT(SLEEP(2)))JPeh)/**/AND/**/'frfq%'='frfq leads to sql injection. The attack can be initiated remotely but it requires authentication. Exploit details have been disclosed to the public. | |||||
| CVE-2021-42655 | 1 Sscms | 1 Siteserver Cms | 2022-06-01 | 6.5 MEDIUM | 8.8 HIGH |
| SiteServer CMS V6.15.51 is affected by a SQL injection vulnerability. | |||||
| CVE-2022-29721 | 1 74cms | 1 74cmsse | 2022-05-31 | 5.0 MEDIUM | 7.5 HIGH |
| 74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability via the keyword parameter at /home/jobfairol/resumelist. | |||||
| CVE-2021-40317 | 1 Piwigo | 1 Piwigo | 2022-05-31 | 6.5 MEDIUM | 8.8 HIGH |
| Piwigo 11.5.0 is affected by a SQL injection vulnerability via admin.php and the id parameter. | |||||
| CVE-2020-6126 | 1 Os4ed | 1 Opensis | 2022-05-31 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability exists in the CoursePeriodModal.php page of OS4Ed openSIS 7.3. The course_period_id parameter in the page CoursePeriodModal.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger these vulnerabilities. | |||||
| CVE-2020-6125 | 1 Os4ed | 1 Opensis | 2022-05-31 | 6.5 MEDIUM | 8.8 HIGH |
| An exploitable SQL injection vulnerability exists in the GetSchool.php functionality of OS4Ed openSIS 7.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | |||||
| CVE-2020-6130 | 1 Os4ed | 1 Opensis | 2022-05-31 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerabilities exist in the course_period_id parameters used in OS4Ed openSIS 7.3 pages. The course_period_id parameter in the page MassDropSessionSet.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger these vulnerabilities. | |||||
| CVE-2020-6124 | 1 Os4ed | 1 Opensis | 2022-05-31 | 6.5 MEDIUM | 8.8 HIGH |
| An exploitable sql injection vulnerability exists in the email parameter functionality of OS4Ed openSIS 7.3. The email parameter in the page EmailCheckOthers.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | |||||
| CVE-2020-6131 | 1 Os4ed | 1 Opensis | 2022-05-31 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerabilities exist in the course_period_id parameters used in OS4Ed openSIS 7.3 pages. The course_period_id parameter in the page MassScheduleSessionSet.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger these vulnerabilities. | |||||
| CVE-2020-6129 | 1 Os4ed | 1 Opensis | 2022-05-31 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerabilities exist in the course_period_id parameters used in OS4Ed openSIS 7.3 pages. The course_period_id parameter in the page CpSessionSet.php is vulnerable to SQL injection.An attacker can make an authenticated HTTP request to trigger these vulnerabilities. | |||||
| CVE-2020-6133 | 1 Os4ed | 1 Opensis | 2022-05-31 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerabilities exist in the ID parameters of OS4Ed openSIS 7.3 pages. The id parameter in the page CourseMoreInfo.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | |||||
| CVE-2020-6128 | 1 Os4ed | 1 Opensis | 2022-05-31 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability exists in the CoursePeriodModal.php page of OS4Ed openSIS 7.3. A specially crafted HTTP request can lead to SQL injection. The meet_date parameter in the page CoursePeriodModal.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | |||||
| CVE-2020-6132 | 1 Os4ed | 1 Opensis | 2022-05-31 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability exists in the ID parameters of OS4Ed openSIS 7.3 pages. The id parameter in the page ChooseCP.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | |||||
| CVE-2020-6127 | 1 Os4ed | 1 Opensis | 2022-05-31 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability exists in the CoursePeriodModal.php page of OS4Ed openSIS 7.3. The id parameter in the page CoursePeriodModal.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | |||||
| CVE-2020-6136 | 1 Os4ed | 1 Opensis | 2022-05-31 | 6.5 MEDIUM | 8.8 HIGH |
| An exploitable SQL injection vulnerability exists in the DownloadWindow.php functionality of OS4Ed openSIS 7.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | |||||
| CVE-2020-6135 | 1 Os4ed | 1 Opensis | 2022-05-31 | 6.5 MEDIUM | 8.8 HIGH |
| An exploitable SQL injection vulnerability exists in the Validator.php functionality of OS4Ed openSIS 7.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | |||||
| CVE-2020-6134 | 1 Os4ed | 1 Opensis | 2022-05-31 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerabilities exist in the ID parameters of OS4Ed openSIS 7.3 pages. The id parameter in the page MassDropModal.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | |||||
| CVE-2022-29305 | 1 Imgurl Project | 1 Imgurl | 2022-05-30 | 6.8 MEDIUM | 8.1 HIGH |
| imgurl v2.31 was discovered to contain a Blind SQL injection vulnerability via /upload/localhost. | |||||
| CVE-2022-31488 | 1 Inoutscripts | 1 Blockchain Altexchanger | 2022-05-30 | 5.0 MEDIUM | 7.5 HIGH |
| Inout Blockchain AltExchanger 1.2.1 allows index.php/coins/update_marketboxslider marketcurrency SQL injection. | |||||
| CVE-2022-31489 | 1 Inoutscripts | 1 Blockchain Altexchanger | 2022-05-30 | 5.0 MEDIUM | 7.5 HIGH |
| Inout Blockchain AltExchanger 1.2.1 allows index.php/home/about inoutio_language cookie SQL injection. | |||||