Search
Total
8599 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-29689 | 1 Chshcms | 1 Cscms Music Portal System | 2022-05-28 | 6.5 MEDIUM | 7.2 HIGH |
| CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/singer/admin/singer/del. | |||||
| CVE-2022-29685 | 1 Chshcms | 1 Cscms Music Portal System | 2022-05-28 | 6.5 MEDIUM | 8.8 HIGH |
| CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/User/level_sort. | |||||
| CVE-2022-29686 | 1 Chshcms | 1 Cscms Music Portal System | 2022-05-28 | 6.5 MEDIUM | 7.2 HIGH |
| CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/singer/admin/lists/zhuan. | |||||
| CVE-2022-29687 | 1 Chshcms | 1 Cscms Music Portal System | 2022-05-28 | 6.5 MEDIUM | 7.2 HIGH |
| CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/user/level_del. | |||||
| CVE-2022-29683 | 1 Chshcms | 1 Cscms Music Portal System | 2022-05-28 | 6.5 MEDIUM | 7.2 HIGH |
| CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/Label/page_del. | |||||
| CVE-2022-29684 | 1 Chshcms | 1 Cscms Music Portal System | 2022-05-28 | 6.5 MEDIUM | 7.2 HIGH |
| CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/Label/js_del. | |||||
| CVE-2022-29676 | 1 Chshcms | 1 Cscms Music Portal System | 2022-05-28 | 6.5 MEDIUM | 7.2 HIGH |
| CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/lists/zhuan. | |||||
| CVE-2022-29670 | 1 Chshcms | 1 Cscms Music Portal System | 2022-05-28 | 6.5 MEDIUM | 7.2 HIGH |
| CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/type/del. | |||||
| CVE-2022-29680 | 1 Chshcms | 1 Cscms Music Portal System | 2022-05-28 | 6.5 MEDIUM | 7.2 HIGH |
| CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/user/zu_del. | |||||
| CVE-2022-29682 | 1 Chshcms | 1 Cscms Music Portal System | 2022-05-28 | 6.5 MEDIUM | 7.2 HIGH |
| CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/vod/admin/topic/del. | |||||
| CVE-2022-29681 | 1 Chshcms | 1 Cscms Music Portal System | 2022-05-28 | 6.5 MEDIUM | 7.2 HIGH |
| CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/Links/del. | |||||
| CVE-2022-29667 | 1 Chshcms | 1 Cscms Music Portal System | 2022-05-28 | 6.5 MEDIUM | 8.8 HIGH |
| CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via /admin.php/pic/admin/pic/hy. This vulnerability is exploited via restoring deleted photos. | |||||
| CVE-2022-29669 | 1 Chshcms | 1 Cscms Music Portal System | 2022-05-28 | 6.5 MEDIUM | 8.8 HIGH |
| CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/news/admin/lists/zhuan. | |||||
| CVE-2022-29664 | 1 Chshcms | 1 Cscms Music Portal System | 2022-05-28 | 6.5 MEDIUM | 8.8 HIGH |
| CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/type/pl_save. | |||||
| CVE-2022-29666 | 1 Chshcms | 1 Cscms Music Portal System | 2022-05-28 | 6.5 MEDIUM | 7.2 HIGH |
| CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/lists/zhuan. | |||||
| CVE-2022-29665 | 1 Chshcms | 1 Cscms Music Portal System | 2022-05-28 | 6.5 MEDIUM | 7.2 HIGH |
| CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/news/admin/topic/save. | |||||
| CVE-2022-29663 | 1 Chshcms | 1 Cscms Music Portal System | 2022-05-28 | 6.5 MEDIUM | 7.2 HIGH |
| CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/type/hy. | |||||
| CVE-2022-29662 | 1 Chshcms | 1 Cscms Music Portal System | 2022-05-28 | 6.5 MEDIUM | 7.2 HIGH |
| CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/news/admin/news/save. | |||||
| CVE-2022-29661 | 1 Chshcms | 1 Cscms Music Portal System | 2022-05-28 | 6.5 MEDIUM | 7.2 HIGH |
| CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/pic/admin/type/save. | |||||
| CVE-2022-29660 | 1 Chshcms | 1 Cscms Music Portal System | 2022-05-28 | 7.5 HIGH | 9.8 CRITICAL |
| CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/pic/del. | |||||
| CVE-2022-0781 | 1 Nirweb | 1 Nirweb Support | 2022-05-28 | 7.5 HIGH | 9.8 CRITICAL |
| The Nirweb support WordPress plugin before 2.8.2 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action (available to unauthenticated users), leading to an SQL injection | |||||
| CVE-2021-24125 | 1 Contact Form Submissions Project | 1 Contact Form Submissions | 2022-05-27 | 6.5 MEDIUM | 7.2 HIGH |
| Unvalidated input in the Contact Form Submissions WordPress plugin before 1.7.1, could lead to SQL injection in the wpcf7_contact_form GET parameter when submitting a filter request as a high privilege user (admin+) | |||||
| CVE-2022-26633 | 1 Simple Student Quarterly Result\/grade System Project | 1 Simple Student Quarterly Result\/grade System | 2022-05-26 | 7.5 HIGH | 9.8 CRITICAL |
| Simple Student Quarterly Result/Grade System v1.0 was discovered to contain a SQL injection vulnerability via /sqgs/Actions.php. | |||||
| CVE-2022-26632 | 1 Multi-vendor Online Groceries Management System Project | 1 Multi-vendor Online Groceries Management System | 2022-05-26 | 7.5 HIGH | 9.8 CRITICAL |
| Multi-Vendor Online Groceries Management System v1.0 was discovered to contain a blind SQL injection vulnerability via the id parameter in /products/view_product.php. | |||||
| CVE-2022-28531 | 1 Covid-19 Directory On Vaccination System Project | 1 Covid-19 Directory On Vaccination System | 2022-05-26 | 7.5 HIGH | 9.8 CRITICAL |
| Sourcecodester Covid-19 Directory on Vaccination System1.0 is vulnerable to SQL Injection via the admin/login.php txtusername (aka Username) field. | |||||
| CVE-2022-30518 | 1 Chatbot Application With A Suggestion Feature Project | 1 Chatbot Application With A Suggestion Feature | 2022-05-26 | 7.5 HIGH | 9.8 CRITICAL |
| ChatBot Application with a Suggestion Feature 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /simple_chat_bot/admin/responses/view_response.php. | |||||
| CVE-2022-30886 | 1 School Dormitory Management System Project | 1 School Dormitory Management System | 2022-05-26 | 7.5 HIGH | 9.8 CRITICAL |
| School Dormitory Management System v1.0 was discovered to contain a SQL injection vulnerability via the month parameter at /dms/admin/reports/daily_collection_report.php. | |||||
| CVE-2022-28105 | 1 Online Sports Complex Booking System Project | 1 Online Sports Complex Booking System | 2022-05-26 | 7.5 HIGH | 9.8 CRITICAL |
| Online Sports Complex Booking System v1.0 was discovered to contain a blind SQL injection vulnerability via the id parameter in /scbs/view_facility.php. | |||||
| CVE-2020-9402 | 3 Debian, Djangoproject, Fedoraproject | 3 Debian Linux, Django, Fedora | 2022-05-26 | 6.5 MEDIUM | 8.8 HIGH |
| Django 1.11 before 1.11.29, 2.2 before 2.2.11, and 3.0 before 3.0.4 allows SQL Injection if untrusted data is used as a tolerance parameter in GIS functions and aggregates on Oracle. By passing a suitably crafted tolerance to GIS functions and aggregates on Oracle, it was possible to break escaping and inject malicious SQL. | |||||
| CVE-2022-29304 | 1 Online Sports Complex Booking System Project | 1 Online Sports Complex Booking System | 2022-05-26 | 6.5 MEDIUM | 8.8 HIGH |
| Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /classes/master.php?f=delete_ Facility. | |||||
| CVE-2022-28962 | 1 Online Sports Complex Booking System Project | 1 Online Sports Complex Booking System | 2022-05-26 | 7.5 HIGH | 9.8 CRITICAL |
| Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/classes/Users.php?f=delete_client. | |||||
| CVE-2022-27378 | 1 Mariadb | 1 Mariadb | 2022-05-26 | 5.0 MEDIUM | 7.5 HIGH |
| An issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. | |||||
| CVE-2022-27379 | 1 Mariadb | 1 Mariadb | 2022-05-26 | 5.0 MEDIUM | 7.5 HIGH |
| An issue in the component Arg_comparator::compare_real_fixed of MariaDB Server v10.6.2 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. | |||||
| CVE-2022-28961 | 1 Spip | 1 Spip | 2022-05-26 | 6.5 MEDIUM | 8.8 HIGH |
| Spip Web Framework v3.1.13 and below was discovered to contain multiple SQL injection vulnerabilities at /ecrire via the lier_trad and where parameters. | |||||
| CVE-2022-24391 | 1 Fidelissecurity | 2 Deception, Network | 2022-05-26 | 6.5 MEDIUM | 8.8 HIGH |
| Vulnerability in Fidelis Network and Deception CommandPost enables SQL injection through the web interface by an attacker with user level access. The vulnerability is present in Fidelis Network and Deception versions prior to 9.4.5. Patches and updates are available to address this vulnerability. | |||||
| CVE-2020-3937 | 1 Sysjust | 1 Syuan-gu-da-shin | 2022-05-25 | 5.0 MEDIUM | 7.5 HIGH |
| SQL Injection in SysJust Syuan-Gu-Da-Shih, versions before 20191223, allowing attackers to perform unwanted SQL queries and access arbitrary file in the database. | |||||
| CVE-2022-30054 | 1 Covid 19 Travel Pass Management Project | 1 Covid 19 Travel Pass Management | 2022-05-25 | 7.5 HIGH | 9.8 CRITICAL |
| In Covid 19 Travel Pass Management 1.0, the code parameter is vulnerable to SQL injection attacks. | |||||
| CVE-2022-30052 | 1 Home Clean Service System Project | 1 Home Clean Service System | 2022-05-25 | 7.5 HIGH | 9.8 CRITICAL |
| In Home Clean Service System 1.0, the password parameter is vulnerable to SQL injection attacks. | |||||
| CVE-2022-30053 | 1 Toll Tax Management System Project | 1 Toll Tax Management System | 2022-05-25 | 7.5 HIGH | 9.8 CRITICAL |
| In Toll Tax Management System 1.0, the id parameter appears to be vulnerable to SQL injection attacks. | |||||
| CVE-2022-1182 | 1 Visual Slide Box Builder Project | 1 Visual Slide Box Builder | 2022-05-25 | 6.5 MEDIUM | 8.8 HIGH |
| The Visual Slide Box Builder WordPress plugin through 3.2.9 does not sanitise and escape various parameters before using them in SQL statements via some of its AJAX actions available to any authenticated users (such as subscriber), leading to SQL Injections | |||||
| CVE-2022-1731 | 1 Allgeier | 1 Metasonic Doc Webclient | 2022-05-25 | 6.8 MEDIUM | 9.8 CRITICAL |
| Metasonic Doc WebClient 7.0.14.0 / 7.0.12.0 / 7.0.3.0 is vulnerable to a SQL injection attack in the username field. SSO or System authentication are required to be enabled for vulnerable conditions to exist. | |||||
| CVE-2022-0867 | 1 Reputeinfosystems | 1 Pricing Table | 2022-05-24 | 7.5 HIGH | 9.8 CRITICAL |
| The Pricing Table WordPress plugin before 3.6.1 fails to properly sanitize and escape user supplied POST data before it is being interpolated in an SQL statement and then executed via an AJAX action available to unauthenticated users | |||||
| CVE-2022-30011 | 1 Hospital Managment System Project | 1 Hospital Managment System | 2022-05-24 | 7.5 HIGH | 9.8 CRITICAL |
| In HMS 1.0 when requesting appointment.php through POST, multiple parameters can lead to a SQL injection vulnerability. | |||||
| CVE-2022-30765 | 1 Calibre-web Project | 1 Calibre-web | 2022-05-24 | 7.5 HIGH | 9.8 CRITICAL |
| Calibre-Web before 0.6.18 allows user table SQL Injection. | |||||
| CVE-2022-28930 | 1 Erp-pro Project | 1 Erp-pro | 2022-05-24 | 7.5 HIGH | 9.8 CRITICAL |
| ERP-Pro v3.7.5 was discovered to contain a SQL injection vulnerability via the component /base/SysEveMenuAuthPointMapper.xml.. | |||||
| CVE-2022-30012 | 1 Hospital Management System Project | 1 Hospital Management System | 2022-05-24 | 5.0 MEDIUM | 7.5 HIGH |
| In the POST request of the appointment.php page of HMS v.0, there are SQL injection vulnerabilities in multiple parameters, and database information can be obtained through injection. | |||||
| CVE-2022-24831 | 1 Openclinica | 1 Openclinica | 2022-05-24 | 7.5 HIGH | 9.8 CRITICAL |
| OpenClinica is an open source software for Electronic Data Capture (EDC) and Clinical Data Management (CDM). Versions prior to 3.16.1 are vulnerable to SQL injection due to the use of string concatenation to create SQL queries instead of prepared statements. No known workarounds exist. This issue has been patched in 3.16.1, 3.15.9, 3.14.1, and 3.13.1 and users are advised to upgrade. | |||||
| CVE-2022-29383 | 1 Netgear | 2 Ssl312, Ssl312 Firmware | 2022-05-24 | 7.5 HIGH | 9.8 CRITICAL |
| NETGEAR ProSafe SSL VPN firmware FVS336Gv2 and FVS336Gv3 was discovered to contain a SQL injection vulnerability via USERDBDomains.Domainname at cgi-bin/platform.cgi. | |||||
| CVE-2021-41965 | 1 Churchcrm | 1 Churchcrm | 2022-05-23 | 6.5 MEDIUM | 8.8 HIGH |
| A SQL injection vulnerability exists in ChurchCRM version 2.0.0 to 4.4.5 that allows an authenticated attacker to issue an arbitrary SQL command to the database through the unsanitized EN_tyid, theID and EID fields used when an Edit action on an existing record is being performed. | |||||
| CVE-2022-28929 | 1 Hospital Management System Project | 1 Hospital Management System | 2022-05-23 | 7.5 HIGH | 9.8 CRITICAL |
| Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the delid parameter at viewtreatmentrecord.php. | |||||