Search
Total
8599 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-24121 | 2 Centos, Unifiedoffice | 2 Centos, Total Connect Now | 2022-02-08 | 5.0 MEDIUM | 7.5 HIGH |
| SQL Injection vulnerability discovered in Unified Office Total Connect Now that would allow an attacker to extract sensitive information through a cookie parameter. | |||||
| CVE-2022-23873 | 1 Victor Cms Project | 1 Victor Cms | 2022-02-08 | 6.5 MEDIUM | 8.8 HIGH |
| Victor CMS v1.0 was discovered to contain a SQL injection vulnerability that allows attackers to inject arbitrary commands via 'user_firstname' parameter. | |||||
| CVE-2021-42633 | 1 Printerlogic | 1 Web Stack | 2022-02-07 | 5.0 MEDIUM | 5.3 MEDIUM |
| PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to SQL Injection, which may allow an attacker to access additional audit records. | |||||
| CVE-2021-46459 | 1 Victor Cms Project | 1 Victor Cms | 2022-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| Victor CMS v1.0 was discovered to contain multiple SQL injection vulnerabilities in the component admin/users.php?source=add_user. These vulnerabilities can be exploited through a crafted POST request via the user_name, user_firstname,user_lastname, or user_email parameters. | |||||
| CVE-2021-24919 | 1 Wickedplugins | 1 Wicked Folders | 2022-02-04 | 6.5 MEDIUM | 8.8 HIGH |
| The Wicked Folders WordPress plugin before 2.8.10 does not sanitise and escape the folder_id parameter before using it in a SQL statement in the wicked_folders_save_sort_order AJAX action, available to any authenticated user. leading to an SQL injection | |||||
| CVE-2021-43509 | 1 Simple Client Management System Project | 1 Simple Client Management System | 2022-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection vulnerability exists in Sourcecodester Simple Client Management System 1.0 via the id parameter in view-service.php. | |||||
| CVE-2021-43510 | 1 Simple Client Management System Project | 1 Simple Client Management System | 2022-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection vulnerability exists in Sourcecodester Simple Client Management System 1.0 via the username field in login.php. | |||||
| CVE-2021-24946 | 1 Webnus | 1 Modern Events Calendar Lite | 2022-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| The Modern Events Calendar Lite WordPress plugin before 6.1.5 does not sanitise and escape the time parameter before using it in a SQL statement in the mec_load_single_page AJAX action, available to unauthenticated users, leading to an unauthenticated SQL injection issue | |||||
| CVE-2021-24862 | 1 Metagauss | 1 Registrationmagic | 2022-02-04 | 6.5 MEDIUM | 7.2 HIGH |
| The RegistrationMagic WordPress plugin before 5.0.1.6 does not escape user input in its rm_chronos_ajax AJAX action before using it in a SQL statement when duplicating tasks in batches, which could lead to a SQL injection issue | |||||
| CVE-2021-46385 | 1 Mingsoft | 1 Mcms | 2022-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| https://gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: SQL Injection. The impact is: obtain sensitive information (remote). The component is: net.mingsoft.mdiy.action.FormDataAction#queryData. The attack vector is: 0 or sleep(3). ¶¶ MCMS has a sql injection vulnerability through which attacker can get sensitive information from the database. | |||||
| CVE-2021-44593 | 1 Simple College Website Project | 1 Simple College Website | 2022-02-03 | 6.8 MEDIUM | 8.1 HIGH |
| Simple College Website 1.0 is vulnerable to unauthenticated file upload & remote code execution via UNION-based SQL injection in the username parameter on /admin/login.php. | |||||
| CVE-2022-24266 | 1 Cuppacms | 1 Cuppacms | 2022-02-03 | 7.8 HIGH | 7.5 HIGH |
| Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability in /administrator/components/table_manager/ via the order_by parameter. | |||||
| CVE-2022-24265 | 1 Cuppacms | 1 Cuppacms | 2022-02-03 | 7.8 HIGH | 7.5 HIGH |
| Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability in /administrator/components/menu/ via the path=component/menu/&menu_filter=3 parameter. | |||||
| CVE-2022-24264 | 1 Cuppacms | 1 Cuppacms | 2022-02-03 | 7.8 HIGH | 7.5 HIGH |
| Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability in /administrator/components/table_manager/ via the search_word parameter. | |||||
| CVE-2021-46445 | 1 Hhg-multistore | 1 Multistore | 2022-02-02 | 7.5 HIGH | 9.8 CRITICAL |
| H.H.G Multistore v5.1.0 and below was discovered to contain a SQL injection vulnerability via /admin/categories.php?box_group_id. | |||||
| CVE-2021-46444 | 1 Hhg-multistore | 1 Multistore | 2022-02-02 | 7.5 HIGH | 9.8 CRITICAL |
| H.H.G Multistore v5.1.0 and below was discovered to contain a SQL injection vulnerability via /admin/admin.php?module=admin_group_edit&agID. | |||||
| CVE-2021-46446 | 1 Hhg-multistore | 1 Multistore | 2022-02-02 | 7.5 HIGH | 9.8 CRITICAL |
| H.H.G Multistore v5.1.0 and below was discovered to contain a SQL injection vulnerability via /admin/admin.php?module=admin_access_group_edit&aagID. | |||||
| CVE-2021-46448 | 1 Hhg-multistore | 1 Multistore | 2022-02-02 | 7.5 HIGH | 9.8 CRITICAL |
| H.H.G Multistore v5.1.0 and below was discovered to contain a SQL injection vulnerability via /admin/customers.php?page=1&cID. | |||||
| CVE-2021-41609 | 1 Classapps | 1 Selectsurvey.net | 2022-02-02 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection in the ID parameter of the UploadedImageDisplay.aspx endpoint of SelectSurvey.NET before 5.052.000 allows a remote, unauthenticated attacker to retrieve data from the application's backend database via boolean-based blind and UNION injection. | |||||
| CVE-2021-46383 | 1 Mingsoft | 1 Mcms | 2022-02-02 | 5.0 MEDIUM | 7.5 HIGH |
| https://gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: SQL Injection. The impact is: obtain sensitive information (remote). The component is: net.mingsoft.mdiy.action.web.DictAction#list. The attack vector is: 0 or sleep(3). ¶¶ MCMS has a sql injection vulnerability through which attacker can get sensitive information from the database. | |||||
| CVE-2022-24222 | 1 Elitecms | 1 Elite Cms | 2022-02-02 | 7.5 HIGH | 9.8 CRITICAL |
| eliteCMS v1.0 was discovered to contain a SQL injection vulnerability via /admin/edit_user.php. | |||||
| CVE-2022-24219 | 1 Elitecms | 1 Elite Cms | 2022-02-02 | 7.5 HIGH | 9.8 CRITICAL |
| eliteCMS v1.0 was discovered to contain a SQL injection vulnerability via /admin/edit_page.php. | |||||
| CVE-2022-24220 | 1 Elitecms | 1 Elite Cms | 2022-02-02 | 7.5 HIGH | 9.8 CRITICAL |
| eliteCMS v1.0 was discovered to contain a SQL injection vulnerability via /admin/edit_post.php. | |||||
| CVE-2022-24221 | 1 Elitecms | 1 Elite Cms | 2022-02-02 | 7.5 HIGH | 9.8 CRITICAL |
| eliteCMS v1.0 was discovered to contain a SQL injection vulnerability via /admin/functions/functions.php. | |||||
| CVE-2022-22294 | 1 Zfaka Project | 1 Zfaka | 2022-02-02 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL injection vulnerability exists in ZFAKA<=1.43 which an attacker can use to complete SQL injection in the foreground and add a background administrator account. | |||||
| CVE-2020-25905 | 1 Mobile Shop System Project | 1 Mobile Shop System | 2022-02-02 | 7.5 HIGH | 9.8 CRITICAL |
| An SQL Injection vulnerabilty exists in Sourcecodester Mobile Shop System in PHP MySQL 1.0 via the email parameter in (1) login.php or (2) LoginAsAdmin.php. | |||||
| CVE-2021-44249 | 1 Online Motorcycle \(bike\) Rental System Project | 1 Online Motorcycle \(bike\) Rental System | 2022-02-02 | 7.5 HIGH | 9.8 CRITICAL |
| Online Motorcycle (Bike) Rental System 1.0 is vulnerable to a Blind Time-Based SQL Injection attack within the login portal. This can lead attackers to remotely dump MySQL database credentials. | |||||
| CVE-2022-21720 | 1 Glpi-project | 1 Glpi | 2022-02-02 | 4.0 MEDIUM | 4.9 MEDIUM |
| GLPI is a free asset and IT management software package. Prior to version 9.5.7, an entity administrator is capable of retrieving normally inaccessible data via SQL injection. Version 9.5.7 contains a patch for this issue. As a workaround, disabling the `Entities` update right prevents exploitation of this vulnerability. | |||||
| CVE-2021-46377 | 1 Cskaza | 1 Cszcms | 2022-02-02 | 7.5 HIGH | 9.8 CRITICAL |
| There is a front-end sql injection vulnerability in cszcms 1.2.9 via cszcms/controllers/Member.php#viewUser | |||||
| CVE-2021-46427 | 1 Simple Chatbot Application Project | 1 Simple Chatbot Application | 2022-02-02 | 7.5 HIGH | 9.8 CRITICAL |
| An SQL Injection vulnerability exists in Sourcecodester Simple Chatbot Application 1.0 via the message parameter in Master.php. | |||||
| CVE-2022-0362 | 1 Showdoc | 1 Showdoc | 2022-02-02 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection in Packagist showdoc/showdoc prior to 2.10.3. | |||||
| CVE-2022-0332 | 1 Moodle | 1 Moodle | 2022-02-01 | 7.5 HIGH | 9.8 CRITICAL |
| A flaw was found in Moodle in versions 3.11 to 3.11.4. An SQL injection risk was identified in the h5p activity web service responsible for fetching user attempt data. | |||||
| CVE-2020-7500 | 1 Schneider-electric | 12 Mtn6260-0310, Mtn6260-0310 Firmware, Mtn6260-0315 and 9 more | 2022-01-31 | 7.5 HIGH | 9.8 CRITICAL |
| A CWE-89:Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability exists in U.motion Servers and Touch Panels (affected versions listed in the security notification) which could cause arbitrary code to be executed when a malicious command is entered. | |||||
| CVE-2021-43863 | 1 Nextcloud | 1 Nextcloud | 2022-01-31 | 5.0 MEDIUM | 7.5 HIGH |
| The Nextcloud Android app is the Android client for Nextcloud, a self-hosted productivity platform. The Nextcloud Android app uses content providers to manage its data. Prior to version 3.18.1, the providers `FileContentProvider` and `DiskLruImageCacheFileProvider` have security issues (an SQL injection, and an insufficient permission control, respectively) that allow malicious apps in the same device to access Nextcloud's data bypassing the permission control system. Users should upgrade to version 3.18.1 to receive a patch. There are no known workarounds aside from upgrading. | |||||
| CVE-2021-41659 | 1 Banking System Project | 1 Banking System | 2022-01-31 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in Sourcecodester Banking System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username or password field. | |||||
| CVE-2021-41660 | 1 Patient Appointment Scheduler System Project | 1 Patient Appointment Scheduler System | 2022-01-31 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in Sourcecodester Patient Appointment Scheduler System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username and password fields to login.php. | |||||
| CVE-2021-41928 | 1 Try My Recipe Project | 1 Try My Recipe | 2022-01-31 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection in Sourcecodester Try My Recipe (Recipe Sharing Website - CMS) 1.0 by oretnom23, allows attackers to execute arbitrary code via the rid parameter to the view_recipe page. | |||||
| CVE-2021-46200 | 1 Simple Music Cloud Community System Project | 1 Simple Music Cloud Community System | 2022-01-31 | 10.0 HIGH | 9.8 CRITICAL |
| An SQL Injection vulnerability exists in Sourcecodester Simple Music Clour Community System 1.0 via the email parameter in /music/ajax.php. | |||||
| CVE-2021-46061 | 1 Computer And Mobile Repair Shop Management System Project | 1 Computer And Mobile Repair Shop Management System | 2022-01-28 | 10.0 HIGH | 9.8 CRITICAL |
| An SQL Injection vulnerability exists in Sourcecodester Computer and Mobile Repair Shop Management system (RSMS) 1.0 via the code parameter in /rsms/ node app. | |||||
| CVE-2021-45334 | 1 Online Thesis Archiving System Project | 1 Online Thesis Archiving System | 2022-01-28 | 7.5 HIGH | 9.8 CRITICAL |
| Sourcecodester Online Thesis Archiving System 1.0 is vulnerable to SQL Injection. An attacker can bypass admin authentication and gain access to admin panel using SQL Injection | |||||
| CVE-2021-46089 | 1 Jeecg | 1 Jeecg Boot | 2022-01-28 | 10.0 HIGH | 9.8 CRITICAL |
| In JeecgBoot 3.0, there is a SQL injection vulnerability that can operate the database with root privileges. | |||||
| CVE-2021-46451 | 1 Online Project Time Management System Project | 1 Online Project Time Management System | 2022-01-28 | 7.5 HIGH | 9.8 CRITICAL |
| An SQL Injection vulnerabilty exists in Sourcecodester Online Project Time Management System 1.0 via the pid parameter in the load_file function. | |||||
| CVE-2021-45802 | 1 Iresturant Project | 1 Iresturant | 2022-01-28 | 7.5 HIGH | 9.8 CRITICAL |
| MartDevelopers iResturant 1.0 is vulnerable to SQL Injection. SQL Injection occurs because the email and phone parameter values are added to the SQL query without any verification at the time of membership registration. | |||||
| CVE-2021-45803 | 1 Iresturant Project | 1 Iresturant | 2022-01-28 | 6.5 MEDIUM | 8.8 HIGH |
| MartDevelopers iResturant 1.0 is vulnerable to SQL Injection. SQL Injection occurs because this view parameter value is added to the SQL query without additional verification when viewing reservation. | |||||
| CVE-2021-40908 | 1 Purchase Order Management System Project | 1 Purchase Order Management System | 2022-01-28 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in Login.php in Sourcecodester Purchase Order Management System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username parameter. | |||||
| CVE-2021-40907 | 1 Storage Unit Rental Management System Project | 1 Storage Unit Rental Management System | 2022-01-28 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in Sourcecodester Storage Unit Rental Management System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username parameter to /storage/classes/Login.php. | |||||
| CVE-2021-40596 | 1 Online Learning System Project | 1 Online Learning System | 2022-01-28 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in Login.php in sourcecodester Online Learning System v2 by oretnom23, allows attackers to execute arbitrary SQL commands via the faculty_id parameter. | |||||
| CVE-2021-25045 | 1 Asgaros | 1 Asgaros Forum | 2022-01-28 | 6.5 MEDIUM | 7.2 HIGH |
| The Asgaros Forum WordPress plugin before 1.15.15 does not validate or escape the forum_id parameter before using it in a SQL statement when editing a forum, leading to an SQL injection issue | |||||
| CVE-2021-43420 | 1 Online Payment Hub Project | 1 Online Payment Hub | 2022-01-28 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in Login.php in Sourcecodester Online Payment Hub v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username parameter. | |||||
| CVE-2021-41472 | 1 Simple Membership System Using Php And Ajax Project | 1 Simple Membership System Using Php And Ajax | 2022-01-28 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in Sourcecodester Simple Membership System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username and password parameters. | |||||