Search
Total
8599 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-27385 | 1 Mariadb | 1 Mariadb | 2022-06-07 | 5.0 MEDIUM | 7.5 HIGH |
| An issue in the component Used_tables_and_const_cache::used_tables_and_const_cache_join of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. | |||||
| CVE-2022-1361 | 1 Cambiumnetworks | 1 Cnmaestro | 2022-06-07 | 5.0 MEDIUM | 7.5 HIGH |
| The affected On-Premise cnMaestro is vulnerable to a pre-auth data exfiltration through improper neutralization of special elements used in an SQL command. This could allow an attacker to exfiltrate data about other user’s accounts and devices. | |||||
| CVE-2022-1358 | 1 Cambiumnetworks | 1 Cnmaestro | 2022-06-06 | 5.0 MEDIUM | 7.5 HIGH |
| The affected On-Premise is vulnerable to data exfiltration through improper neutralization of special elements used in an SQL command. This could allow an attacker to exfiltrate and dump all data held in the cnMaestro database. | |||||
| CVE-2017-4972 | 2 Cloudfoundry, Pivotal Software | 3 Cf-release, Cloud Foundry Uaa Bosh, Cloud Foundry Uaa | 2022-06-03 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v257; UAA release 2.x versions prior to v2.7.4.14, 3.6.x versions prior to v3.6.8, 3.9.x versions prior to v3.9.10, and other versions prior to v3.15.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.12, 24.x versions prior to v24.7, and other versions prior to v30. An attacker can use a blind SQL injection attack to query the contents of the UAA database. | |||||
| CVE-2022-28862 | 1 Archibus | 1 Web Central | 2022-06-03 | 7.5 HIGH | 9.8 CRITICAL |
| In Archibus Web Central before 26.2, multiple SQL Injection vulnerabilities occur in dwr/call/plaincall/workflow.runWorkflowRule.dwr. Through the injection of arbitrary SQL statements, a potential attacker can modify query syntax and perform unauthorized (and unexpected) operations against the remote database. This is fixed in all recent versions, such as version 26.2. | |||||
| CVE-2022-1883 | 1 Camptocamp | 1 Terraboard | 2022-06-03 | 6.5 MEDIUM | 8.8 HIGH |
| SQL Injection in GitHub repository camptocamp/terraboard prior to 2.2.0. | |||||
| CVE-2021-38694 | 1 Softvibe | 1 Saraban | 2022-06-03 | 5.0 MEDIUM | 7.5 HIGH |
| SoftVibe SARABAN for INFOMA 1.1 allows SQL Injection. | |||||
| CVE-2022-30493 | 1 Automotive Shop Management System Project | 1 Automotive Shop Management System | 2022-06-03 | 10.0 HIGH | 9.8 CRITICAL |
| In oretnom23 Automotive Shop Management System v1.0, the product id parameter suffers from a blind SQL Injection Vulnerability allowing remote attackers to dump all database credential and gain admin access(privilege escalation). | |||||
| CVE-2021-21465 | 1 Sap | 1 Business Warehouse | 2022-06-03 | 6.5 MEDIUM | 9.9 CRITICAL |
| The BW Database Interface allows an attacker with low privileges to execute any crafted database queries, exposing the backend database. An attacker can include their own SQL commands which the database will execute without properly sanitizing the untrusted data leading to SQL injection vulnerability which can fully compromise the affected SAP system. | |||||
| CVE-2022-29650 | 1 Online Food Ordering System Project | 1 Online Food Ordering System | 2022-06-03 | 7.5 HIGH | 9.8 CRITICAL |
| Online Food Ordering System v1.0 was discovered to contain a SQL injection vulnerability via the Search parameter at /online-food-order/food-search.php. | |||||
| CVE-2022-30516 | 1 Hospital Management System Project | 1 Hospital Management System | 2022-06-03 | 7.5 HIGH | 9.8 CRITICAL |
| In Hospital-Management-System v1.0, the editid parameter in the doctor.php page is vulnerable to SQL injection attacks. | |||||
| CVE-2022-30500 | 1 Jflyfox | 1 Jfinal Cms | 2022-06-03 | 7.5 HIGH | 9.8 CRITICAL |
| Jfinal cms 5.1.0 is vulnerable to SQL Injection. | |||||
| CVE-2022-1838 | 1 Home Clean Services Management System Project | 1 Home Clean Services Management System | 2022-06-02 | 6.5 MEDIUM | 7.2 HIGH |
| A vulnerability classified as critical has been found in Home Clean Services Management System 1.0. This affects an unknown part of admin/login.php. The manipulation of the argument username with the input admin%'/**/AND/**/(SELECT/**/5383/**/FROM/**/(SELECT(SLEEP(5)))JPeh)/**/AND/**/'frfq%'='frfq leads to sql injection. It is possible to initiate the attack remotely but it requires authentication. Exploit details have been disclosed to the public. | |||||
| CVE-2022-1839 | 1 Home Clean Services Management System Project | 1 Home Clean Services Management System | 2022-06-02 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability classified as critical was found in Home Clean Services Management System 1.0. This vulnerability affects the file login.php. The manipulation of the argument email with the input admin%'/**/AND/**/(SELECT/**/5383/**/FROM/**/(SELECT(SLEEP(2)))JPeh)/**/AND/**/'frfq%'='frfq leads to sql injection. The attack can be initiated remotely but it requires authentication. Exploit details have been disclosed to the public. | |||||
| CVE-2021-37413 | 1 Grandcom | 1 Dynweb | 2022-06-01 | 7.5 HIGH | 9.8 CRITICAL |
| GRANDCOM DynWEB before 4.2 contains a SQL Injection vulnerability in the admin login interface. A remote unauthenticated attacker can exploit this vulnerability to obtain administrative access to the webpage, access the user database, modify web content and upload custom files. The backend login script does not verify and sanitize user-provided strings. | |||||
| CVE-2021-42655 | 1 Sscms | 1 Siteserver Cms | 2022-06-01 | 6.5 MEDIUM | 8.8 HIGH |
| SiteServer CMS V6.15.51 is affected by a SQL injection vulnerability. | |||||
| CVE-2022-29721 | 1 74cms | 1 74cmsse | 2022-05-31 | 5.0 MEDIUM | 7.5 HIGH |
| 74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability via the keyword parameter at /home/jobfairol/resumelist. | |||||
| CVE-2021-40317 | 1 Piwigo | 1 Piwigo | 2022-05-31 | 6.5 MEDIUM | 8.8 HIGH |
| Piwigo 11.5.0 is affected by a SQL injection vulnerability via admin.php and the id parameter. | |||||
| CVE-2020-6125 | 1 Os4ed | 1 Opensis | 2022-05-31 | 6.5 MEDIUM | 8.8 HIGH |
| An exploitable SQL injection vulnerability exists in the GetSchool.php functionality of OS4Ed openSIS 7.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | |||||
| CVE-2020-6126 | 1 Os4ed | 1 Opensis | 2022-05-31 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability exists in the CoursePeriodModal.php page of OS4Ed openSIS 7.3. The course_period_id parameter in the page CoursePeriodModal.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger these vulnerabilities. | |||||
| CVE-2020-6124 | 1 Os4ed | 1 Opensis | 2022-05-31 | 6.5 MEDIUM | 8.8 HIGH |
| An exploitable sql injection vulnerability exists in the email parameter functionality of OS4Ed openSIS 7.3. The email parameter in the page EmailCheckOthers.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | |||||
| CVE-2020-6131 | 1 Os4ed | 1 Opensis | 2022-05-31 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerabilities exist in the course_period_id parameters used in OS4Ed openSIS 7.3 pages. The course_period_id parameter in the page MassScheduleSessionSet.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger these vulnerabilities. | |||||
| CVE-2020-6130 | 1 Os4ed | 1 Opensis | 2022-05-31 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerabilities exist in the course_period_id parameters used in OS4Ed openSIS 7.3 pages. The course_period_id parameter in the page MassDropSessionSet.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger these vulnerabilities. | |||||
| CVE-2020-6129 | 1 Os4ed | 1 Opensis | 2022-05-31 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerabilities exist in the course_period_id parameters used in OS4Ed openSIS 7.3 pages. The course_period_id parameter in the page CpSessionSet.php is vulnerable to SQL injection.An attacker can make an authenticated HTTP request to trigger these vulnerabilities. | |||||
| CVE-2020-6133 | 1 Os4ed | 1 Opensis | 2022-05-31 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerabilities exist in the ID parameters of OS4Ed openSIS 7.3 pages. The id parameter in the page CourseMoreInfo.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | |||||
| CVE-2020-6138 | 1 Os4ed | 1 Opensis | 2022-05-31 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability exists in the password reset functionality of OS4Ed openSIS 7.3. The uname parameter in the password reset page /opensis/ResetUserInfo.php is vulnerable to SQL injection An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2020-6132 | 1 Os4ed | 1 Opensis | 2022-05-31 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability exists in the ID parameters of OS4Ed openSIS 7.3 pages. The id parameter in the page ChooseCP.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | |||||
| CVE-2020-6127 | 1 Os4ed | 1 Opensis | 2022-05-31 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability exists in the CoursePeriodModal.php page of OS4Ed openSIS 7.3. The id parameter in the page CoursePeriodModal.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | |||||
| CVE-2020-6128 | 1 Os4ed | 1 Opensis | 2022-05-31 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability exists in the CoursePeriodModal.php page of OS4Ed openSIS 7.3. A specially crafted HTTP request can lead to SQL injection. The meet_date parameter in the page CoursePeriodModal.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | |||||
| CVE-2020-6140 | 1 Os4ed | 1 Opensis | 2022-05-31 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability exists in the password reset functionality of OS4Ed openSIS 7.3. The password_stf_email parameter in the password reset page /opensis/ResetUserInfo.php is vulnerable to SQL injection. An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2020-6139 | 1 Os4ed | 1 Opensis | 2022-05-31 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability exists in the password reset functionality of OS4Ed openSIS 7.3. The username_stf_email parameter in the password reset page /opensis/ResetUserInfo.php is vulnerable to SQL injection. An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2020-6136 | 1 Os4ed | 1 Opensis | 2022-05-31 | 6.5 MEDIUM | 8.8 HIGH |
| An exploitable SQL injection vulnerability exists in the DownloadWindow.php functionality of OS4Ed openSIS 7.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | |||||
| CVE-2020-6141 | 1 Os4ed | 1 Opensis | 2022-05-31 | 7.5 HIGH | 9.8 CRITICAL |
| An exploitable SQL injection vulnerability exists in the login functionality of OS4Ed openSIS 7.3. A specially crafted HTTP request can lead to SQL injection. An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2020-6134 | 1 Os4ed | 1 Opensis | 2022-05-31 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerabilities exist in the ID parameters of OS4Ed openSIS 7.3 pages. The id parameter in the page MassDropModal.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | |||||
| CVE-2020-6135 | 1 Os4ed | 1 Opensis | 2022-05-31 | 6.5 MEDIUM | 8.8 HIGH |
| An exploitable SQL injection vulnerability exists in the Validator.php functionality of OS4Ed openSIS 7.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | |||||
| CVE-2020-6137 | 1 Os4ed | 1 Opensis | 2022-05-31 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability exists in the password reset functionality of OS4Ed openSIS 7.3. The password_stf_email parameter in the password reset page /opensis/ResetUserInfo.php is vulnerable to SQL injection. An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2021-21937 | 1 Advantech | 1 R-seenet | 2022-05-31 | 4.0 MEDIUM | 6.5 MEDIUM |
| A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘host_alt_filter’ parameter. This can be done as any authenticated user or through cross-site request forgery. | |||||
| CVE-2022-30838 | 1 Covid 19 Travel Pass Management System Project | 1 Covid 19 Travel Pass Management System | 2022-05-30 | 7.5 HIGH | 9.8 CRITICAL |
| Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL Injection via /ctpms/classes/Master.php?f=update_application_status | |||||
| CVE-2022-29305 | 1 Imgurl Project | 1 Imgurl | 2022-05-30 | 6.8 MEDIUM | 8.1 HIGH |
| imgurl v2.31 was discovered to contain a Blind SQL injection vulnerability via /upload/localhost. | |||||
| CVE-2022-31488 | 1 Inoutscripts | 1 Blockchain Altexchanger | 2022-05-30 | 5.0 MEDIUM | 7.5 HIGH |
| Inout Blockchain AltExchanger 1.2.1 allows index.php/coins/update_marketboxslider marketcurrency SQL injection. | |||||
| CVE-2022-31489 | 1 Inoutscripts | 1 Blockchain Altexchanger | 2022-05-30 | 5.0 MEDIUM | 7.5 HIGH |
| Inout Blockchain AltExchanger 1.2.1 allows index.php/home/about inoutio_language cookie SQL injection. | |||||
| CVE-2022-31487 | 1 Inoutscripts | 2 Blockchain Altexchanger, Blockchain Fiatexchanger | 2022-05-30 | 5.0 MEDIUM | 7.5 HIGH |
| Inout Blockchain AltExchanger 1.2.1 and Inout Blockchain FiatExchanger 2.2.1 allow Chart/TradingView/chart_content/master.php symbol SQL injection. | |||||
| CVE-2022-1014 | 1 Wp Contacts Manager Project | 1 Wp Contacts Manager | 2022-05-30 | 7.5 HIGH | 9.8 CRITICAL |
| The WP Contacts Manager WordPress plugin through 2.2.4 fails to properly sanitize user supplied POST data before it is being interpolated in an SQL statement and then executed, leading to an SQL injection vulnerability. | |||||
| CVE-2022-30463 | 1 Automotive Shop Management System Project | 1 Automotive Shop Management System | 2022-05-28 | 6.5 MEDIUM | 8.8 HIGH |
| Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/classes/Master.php?f=delete_product. | |||||
| CVE-2022-30461 | 1 Water Billing System Project | 1 Water Billing System | 2022-05-28 | 7.5 HIGH | 9.8 CRITICAL |
| Water-billing-management-system v1.0 is vulnerable to SQL Injection via /wbms/classes/Master.php?f=delete_client, id | |||||
| CVE-2022-30459 | 1 Chatbot App With Suggestion In Php\/oop Project | 1 Chatbot App With Suggestion In Php\/oop | 2022-05-28 | 6.5 MEDIUM | 8.8 HIGH |
| ChatBot App with Suggestion in PHP/OOP v1.0 is vulnerable to SQL Injection via /simple_chat_bot/classes/Master.php?f=delete_response, id. | |||||
| CVE-2022-30455 | 1 Badminton Center Management System Project | 1 Badminton Center Management System | 2022-05-28 | 7.5 HIGH | 9.8 CRITICAL |
| Badminton Center Management System 1.0 is vulnerable to SQL Injection via /bcms/classes/Master.php?f=delete_court_rental, id. | |||||
| CVE-2022-30454 | 1 Merchandise Online Store Project | 1 Merchandise Online Store | 2022-05-28 | 7.5 HIGH | 9.8 CRITICAL |
| Merchandise Online Store 1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_product. | |||||
| CVE-2022-30843 | 1 Room Rent Portal Site Project | 1 Room Rent Portal Site | 2022-05-28 | 6.5 MEDIUM | 8.8 HIGH |
| Room-rent-portal-site v1.0 is vulnerable to SQL Injection via /rrps/classes/Master.php?f=delete_category, id. | |||||
| CVE-2022-29688 | 1 Chshcms | 1 Cscms Music Portal System | 2022-05-28 | 6.5 MEDIUM | 7.2 HIGH |
| CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/singer/admin/singer/hy. | |||||