Search
Total
8599 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-41661 | 1 Church Management System Project | 1 Church Management System | 2022-06-27 | 7.5 HIGH | 9.8 CRITICAL |
| Church Management System version 1.0 is affected by a SQL anjection vulnerability through creating a user with a PHP file as an avatar image, which is accessible through the /uploads directory. This can lead to RCE on the web server by uploading a PHP webshell. | |||||
| CVE-2021-41662 | 1 South Gate Inn Online Reservation System Project | 1 South Gate Inn Online Reservation System | 2022-06-27 | 7.5 HIGH | 9.8 CRITICAL |
| The South Gate Inn Online Reservation System v1.0 contains an SQL injection vulnerability that can be chained with a malicious PHP file upload, which is caused by improper file handling in the editImg function. This vulnerability leads to remote code execution. | |||||
| CVE-2022-23169 | 1 Amodat | 1 Mobile Application Gateway | 2022-06-27 | 6.5 MEDIUM | 7.2 HIGH |
| attacker needs to craft a SQL payload. the vulnerable parameter is "agentid" must be authenticated to the admin panel. | |||||
| CVE-2021-41654 | 1 Wuzhicms | 1 Wuzhicms | 2022-06-27 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerabilities exist in Wuzhicms v4.1.0 which allows attackers to execute arbitrary SQL commands via the $keyValue parameter in /coreframe/app/pay/admin/index.php | |||||
| CVE-2022-31908 | 1 Student Registration And Fee Payment System Project | 1 Student Registration And Fee Payment System | 2022-06-27 | 6.5 MEDIUM | 7.2 HIGH |
| Student Registration and Fee Payment System v1.0 is vulnerable to SQL Injection via /scms/student.php. | |||||
| CVE-2022-31911 | 1 Online Discussion Forum Site Project | 1 Online Discussion Forum Site | 2022-06-27 | 6.5 MEDIUM | 7.2 HIGH |
| Online Discussion Forum Site v1.0 is vulnerable to SQL Injection via /odfs/classes/Master.php?f=delete_team. | |||||
| CVE-2022-31912 | 1 Online Tutor Portal Site Project | 1 Online Tutor Portal Site | 2022-06-27 | 6.5 MEDIUM | 7.2 HIGH |
| Online Tutor Portal Site v1.0 is vulnerable to SQL Injection via /otps/classes/Master.php?f=delete_team. | |||||
| CVE-2022-1691 | 1 Realtyworkstation | 1 Realty Workstation | 2022-06-27 | 4.0 MEDIUM | 4.9 MEDIUM |
| The Realty Workstation WordPress plugin before 1.0.15 does not sanitise and escape the trans_edit parameter before using it in a SQL statement when an agent edit a transaction, leading to an SQL injection | |||||
| CVE-2022-32371 | 1 Advanced School Management System Project | 1 Advanced School Management System | 2022-06-24 | 6.5 MEDIUM | 7.2 HIGH |
| itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_teacher.php?id=. | |||||
| CVE-2022-32370 | 1 Advanced School Management System Project | 1 Advanced School Management System | 2022-06-24 | 6.5 MEDIUM | 7.2 HIGH |
| itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_classroom.php?id=. | |||||
| CVE-2022-32372 | 1 Advanced School Management System Project | 1 Advanced School Management System | 2022-06-24 | 6.5 MEDIUM | 7.2 HIGH |
| itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_subject.php?id=. | |||||
| CVE-2022-32373 | 1 Advanced School Management System Project | 1 Advanced School Management System | 2022-06-24 | 6.5 MEDIUM | 7.2 HIGH |
| itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_exam.php?id=. | |||||
| CVE-2022-32374 | 1 Advanced School Management System Project | 1 Advanced School Management System | 2022-06-24 | 6.5 MEDIUM | 7.2 HIGH |
| itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_subject_routing.php?id=. | |||||
| CVE-2022-32368 | 1 Advanced School Management System Project | 1 Advanced School Management System | 2022-06-24 | 6.5 MEDIUM | 7.2 HIGH |
| itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_grade.php?id=. | |||||
| CVE-2022-32101 | 1 Kkcms Project | 1 Kkcms | 2022-06-24 | 7.5 HIGH | 9.8 CRITICAL |
| kkcms v1.3.7 was discovered to contain a SQL injection vulnerability via the cid parameter at /template/wapian/vlist.php. | |||||
| CVE-2022-32299 | 1 Youdian Software | 1 Youdiancms | 2022-06-24 | 6.5 MEDIUM | 8.8 HIGH |
| YoudianCMS v9.5.0 was discovered to contain a SQL injection vulnerability via the id parameter at /App/Lib/Action/Admin/SiteAction.class.php. | |||||
| CVE-2022-32300 | 1 Youdian Software | 1 Youdiancms | 2022-06-24 | 6.5 MEDIUM | 8.8 HIGH |
| YoudianCMS v9.5.0 was discovered to contain a SQL injection vulnerability via the MailSendID parameter at /App/Lib/Action/Admin/MailAction.class.php. | |||||
| CVE-2022-32302 | 1 Theme Park Ticketing System Project | 1 Theme Park Ticketing System | 2022-06-24 | 6.5 MEDIUM | 8.8 HIGH |
| Theme Park Ticketing System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at edit_ticket.php. | |||||
| CVE-2022-32301 | 1 Youdian Software | 1 Youdiancms | 2022-06-24 | 7.5 HIGH | 9.8 CRITICAL |
| YoudianCMS v9.5.0 was discovered to contain a SQL injection vulnerability via the IdList parameter at /App/Lib/Action/Home/ApiAction.class.php. | |||||
| CVE-2022-32992 | 1 Online Tours And Travels Management System Project | 1 Online Tours And Travels Management System | 2022-06-24 | 6.5 MEDIUM | 7.2 HIGH |
| Online Tours And Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the tname parameter at /admin/operations/tax.php. | |||||
| CVE-2022-32991 | 1 Web Based Quiz System Project | 1 Web Based Quiz System | 2022-06-24 | 6.5 MEDIUM | 8.8 HIGH |
| Web Based Quiz System v1.0 was discovered to contain a SQL injection vulnerability via the eid parameter at welcome.php. | |||||
| CVE-2022-32375 | 1 Advanced School Management System Project | 1 Advanced School Management System | 2022-06-24 | 6.5 MEDIUM | 7.2 HIGH |
| itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_timetable.php?id=. | |||||
| CVE-2022-32378 | 1 Advanced School Management System Project | 1 Advanced School Management System | 2022-06-24 | 6.5 MEDIUM | 7.2 HIGH |
| itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_teacher_profile.php?my_index=. | |||||
| CVE-2022-32377 | 1 Advanced School Management System Project | 1 Advanced School Management System | 2022-06-24 | 6.5 MEDIUM | 7.2 HIGH |
| itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_exam_timetable.php?id=. | |||||
| CVE-2022-32376 | 1 Advanced School Management System Project | 1 Advanced School Management System | 2022-06-24 | 6.5 MEDIUM | 7.2 HIGH |
| itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_events.php?event_id=. | |||||
| CVE-2022-32380 | 1 Advanced School Management System Project | 1 Advanced School Management System | 2022-06-24 | 6.5 MEDIUM | 7.2 HIGH |
| itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_student_subject.php?index=. | |||||
| CVE-2022-32379 | 1 Advanced School Management System Project | 1 Advanced School Management System | 2022-06-24 | 6.5 MEDIUM | 7.2 HIGH |
| itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_parents_profile.php?my_index=. | |||||
| CVE-2022-32381 | 1 Advanced School Management System Project | 1 Advanced School Management System | 2022-06-24 | 6.5 MEDIUM | 7.2 HIGH |
| itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_admin_profile.php?my_index=. | |||||
| CVE-2022-2086 | 1 Bank Management System Project | 1 Bank Management System | 2022-06-23 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability, which was classified as critical, has been found in SourceCodester Bank Management System 1.0. Affected by this issue is login.php. The manipulation of the argument password with the input 1'and 1=2 union select 1,sleep(10),3,4,5 --+ leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2022-32355 | 1 Product Show Room Site Project | 1 Product Show Room Site | 2022-06-23 | 6.5 MEDIUM | 7.2 HIGH |
| Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/?page=products/view_product&id=. | |||||
| CVE-2022-32363 | 1 Product Show Room Site Project | 1 Product Show Room Site | 2022-06-23 | 6.5 MEDIUM | 7.2 HIGH |
| Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/categories/view_category.php?id=. | |||||
| CVE-2022-32362 | 1 Product Show Room Site Project | 1 Product Show Room Site | 2022-06-23 | 6.5 MEDIUM | 7.2 HIGH |
| Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/categories/manage_category.php?id=. | |||||
| CVE-2022-32354 | 1 Product Show Room Site Project | 1 Product Show Room Site | 2022-06-23 | 6.5 MEDIUM | 7.2 HIGH |
| Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/?page=user/manage_user&id=. | |||||
| CVE-2022-32353 | 1 Product Show Room Site Project | 1 Product Show Room Site | 2022-06-23 | 6.5 MEDIUM | 7.2 HIGH |
| Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/categories/manage_field_order.php?id=. | |||||
| CVE-2019-4575 | 1 Ibm | 1 Financial Transaction Manager | 2022-06-23 | 7.5 HIGH | 9.8 CRITICAL |
| IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.2.0 through 3.2.9 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 166801. | |||||
| CVE-2021-41672 | 1 Peel | 1 Peel Shopping | 2022-06-23 | 5.5 MEDIUM | 6.5 MEDIUM |
| PEEL Shopping CMS 9.4.0 is vulnerable to authenticated SQL injection in utilisateurs.php. A user that belongs to the administrator group can inject a malicious SQL query in order to affect the execution logic of the application and retrive information from the database. | |||||
| CVE-2022-32359 | 1 Product Show Room Site Project | 1 Product Show Room Site | 2022-06-22 | 6.5 MEDIUM | 7.2 HIGH |
| Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/classes/Master.php?f=delete_category. | |||||
| CVE-2022-32358 | 1 Product Show Room Site Project | 1 Product Show Room Site | 2022-06-22 | 6.5 MEDIUM | 7.2 HIGH |
| Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/classes/Master.php?f=delete_inquiry. | |||||
| CVE-2022-32366 | 1 Product Show Room Site Project | 1 Product Show Room Site | 2022-06-22 | 6.5 MEDIUM | 7.2 HIGH |
| Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/fields/view_field.php?id=. | |||||
| CVE-2022-32367 | 1 Product Show Room Site Project | 1 Product Show Room Site | 2022-06-22 | 6.5 MEDIUM | 7.2 HIGH |
| Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/?page=inquiries/view_inquiry&id=. | |||||
| CVE-2022-32337 | 1 Hospital\'s Patient Records Management System Project | 1 Hospital\'s Patient Records Management System | 2022-06-22 | 7.5 HIGH | 9.8 CRITICAL |
| Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/admin/patients/manage_patient.php?id=. | |||||
| CVE-2022-32364 | 1 Product Show Room Site Project | 1 Product Show Room Site | 2022-06-22 | 6.5 MEDIUM | 7.2 HIGH |
| Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/?page=products/manage_product&id=. | |||||
| CVE-2022-32365 | 1 Product Show Room Site Project | 1 Product Show Room Site | 2022-06-22 | 6.5 MEDIUM | 7.2 HIGH |
| Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/fields/manage_field.php?id=. | |||||
| CVE-2022-32352 | 1 Hospital\'s Patient Records Management System Project | 1 Hospital\'s Patient Records Management System | 2022-06-22 | 7.5 HIGH | 9.8 CRITICAL |
| Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/classes/Master.php?f=delete_patient_admission. | |||||
| CVE-2022-32336 | 1 Fast Food Ordering System Project | 1 Fast Food Ordering System | 2022-06-22 | 7.5 HIGH | 9.8 CRITICAL |
| Fast Food Ordering System v1.0 is vulnerable to SQL Injection via /ffos/admin/menus/view_menu.php?id=. | |||||
| CVE-2022-23168 | 1 Amodat | 1 Mobile Application Gateway | 2022-06-22 | 7.5 HIGH | 9.8 CRITICAL |
| The attacker could get access to the database. The SQL injection is in the username parameter at the login panel: username: admin'-- | |||||
| CVE-2022-31415 | 1 Online Fire Reporting System Project | 1 Online Fire Reporting System | 2022-06-22 | 4.0 MEDIUM | 6.5 MEDIUM |
| Online Fire Reporting System v1.0 was discovered to contain a SQL injection vulnerability via the GET parameter in /report/list.php. | |||||
| CVE-2022-2067 | 1 Rosariosis | 1 Rosariosis | 2022-06-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| SQL Injection in GitHub repository francoisjacquet/rosariosis prior to 9.0. | |||||
| CVE-2022-32334 | 1 Fast Food Ordering System Project | 1 Fast Food Ordering System | 2022-06-21 | 6.5 MEDIUM | 7.2 HIGH |
| Fast Food Ordering System v1.0 is vulnerable to SQL Injection via /ffos/admin/categories/manage_category.php?id=. | |||||
| CVE-2022-32335 | 1 Fast Food Ordering System Project | 1 Fast Food Ordering System | 2022-06-21 | 6.5 MEDIUM | 7.2 HIGH |
| Fast Food Ordering System v1.0 is vulnerable to SQL Injection via /ffos/admin/menus/manage_menu.php?id=. | |||||