Search
Total
8599 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-41471 | 1 South Gate Inn Online Reservation System Project | 1 South Gate Inn Online Reservation System | 2022-01-28 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in Sourcecodester South Gate Inn Online Reservation System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the email and Password parameters. | |||||
| CVE-2021-40909 | 1 Php Crud Without Refresh\/reload Using Ajax And Datatables Tutorial Project | 1 Php Crud Without Refresh\/reload Using Ajax And Datatables Tutorial | 2022-01-28 | 6.8 MEDIUM | 9.6 CRITICAL |
| Cross site scripting (XSS) vulnerability in sourcecodester PHP CRUD without Refresh/Reload using Ajax and DataTables Tutorial v1 by oretnom23, allows remote attackers to execute arbitrary code via the first_name, last_name, and email parameters to /ajax_crud. | |||||
| CVE-2021-46309 | 1 Employee And Visitor Gate Pass Logging System Project | 1 Employee And Visitor Gate Pass Logging System | 2022-01-27 | 10.0 HIGH | 9.8 CRITICAL |
| An SQL Injection vulnerability exists in Sourcecodester Employee and Visitor Gate Pass Logging System 1.0 via the username parameter. | |||||
| CVE-2021-46308 | 1 Online Railway Reservation System Project | 1 Online Railway Reservation System | 2022-01-27 | 10.0 HIGH | 9.8 CRITICAL |
| An SQL Injection vulnerability exists in Sourcecodester Online Railway Reservation Sysytem 1.0 via the sid parameter. | |||||
| CVE-2021-46307 | 1 Projectworlds | 1 Online Examination System | 2022-01-27 | 10.0 HIGH | 9.8 CRITICAL |
| An SQL Injection vulnerability exists in Projectworlds Online Examination System 1.0 via the eid parameter in account.php. | |||||
| CVE-2021-46201 | 1 Online Resort Management System Project | 1 Online Resort Management System | 2022-01-27 | 10.0 HIGH | 9.8 CRITICAL |
| An SQL Injection vulnerability exists in Sourcecodester Online Resort Management System 1.0 via the id parameterv in /orms/ node. | |||||
| CVE-2021-46198 | 1 Courier Management System Project | 1 Courier Management System | 2022-01-27 | 10.0 HIGH | 9.8 CRITICAL |
| An SQL Injection vulnerability exists in Sourceodester Courier Management System 1.0 via the email parameter in /cms/ajax.php app. | |||||
| CVE-2021-24865 | 1 Acf-extended | 1 Advanced Custom Fields\ | 2022-01-27 | 6.5 MEDIUM | 7.2 HIGH |
| The Advanced Custom Fields: Extended WordPress plugin before 0.8.8.7 does not validate the order and orderby parameters before using them in a SQL statement, leading to a SQL Injection issue | |||||
| CVE-2021-24858 | 1 Accesspressthemes | 1 Wp Cookie User Info | 2022-01-27 | 6.5 MEDIUM | 7.2 HIGH |
| The Cookie Notification Plugin for WordPress plugin before 1.0.9 does not sanitise or escape the id GET parameter before using it in a SQL statement, when retrieving the setting to edit in the admin dashboard, leading to an authenticated SQL Injection | |||||
| CVE-2022-23857 | 1 Navidrome | 1 Navidrome | 2022-01-27 | 4.0 MEDIUM | 6.5 MEDIUM |
| model/criteria/criteria.go in Navidrome before 0.47.5 is vulnerable to SQL injection attacks when processing crafted Smart Playlists. An authenticated user could abuse this to extract arbitrary data from the database, including the user table (which contains sensitive information such as the users' encrypted passwords). | |||||
| CVE-2021-46024 | 1 Projectworlds | 1 Online-shopping-webvsite-in-php | 2022-01-27 | 7.5 HIGH | 9.8 CRITICAL |
| Projectworlds online-shopping-webvsite-in-php 1.0 suffers from a SQL Injection vulnerability via the "id" parameter in cart_add.php, No login is required. | |||||
| CVE-2022-23365 | 1 Hms Project | 1 Hms | 2022-01-27 | 7.5 HIGH | 9.8 CRITICAL |
| HMS v1.0 was discovered to contain a SQL injection vulnerability via doctorlogin.php. | |||||
| CVE-2022-23364 | 1 Hms Project | 1 Hms | 2022-01-27 | 7.5 HIGH | 9.8 CRITICAL |
| HMS v1.0 was discovered to contain a SQL injection vulnerability via adminlogin.php. | |||||
| CVE-2022-23363 | 1 Online Banking System Project | 1 Online Banking System | 2022-01-27 | 7.5 HIGH | 9.8 CRITICAL |
| Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via index.php. | |||||
| CVE-2021-40247 | 1 Budget And Expense Tracker System Project | 1 Budget And Expense Tracker System | 2022-01-26 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in Sourcecodester Budget and Expense Tracker System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username field. | |||||
| CVE-2022-23314 | 1 Mingsoft | 1 Mcms | 2022-01-26 | 7.5 HIGH | 9.8 CRITICAL |
| MCMS v5.2.4 was discovered to contain a SQL injection vulnerability via /ms/mdiy/model/importJson.do. | |||||
| CVE-2021-40595 | 1 Online Leave Management System Project | 1 Online Leave Management System | 2022-01-26 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in Sourcecodester Online Leave Management System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username parameter to /leave_system/classes/Login.php. | |||||
| CVE-2021-44245 | 1 Covid 19 Testing Management System Project | 1 Covid 19 Testing Management System | 2022-01-26 | 7.5 HIGH | 9.8 CRITICAL |
| An SQL Injection vulnerability exists in Courcecodester COVID 19 Testing Management System (CTMS) 1.0 via the (1) username and (2) contactno parameters. | |||||
| CVE-2021-44244 | 1 Sourcecodester Logistic Hub Parcel\'s Management System Project | 1 Sourcecodester Logistic Hub Parcel\'s Management System | 2022-01-26 | 7.5 HIGH | 9.8 CRITICAL |
| An SQL Injection vulnerabiity exists in Sourcecodester Logistic Hub Parcel's Management System 1.0 via the username parameter in login.php. | |||||
| CVE-2021-44092 | 1 Pharmacy Management Project | 1 Pharmacy Management | 2022-01-26 | 7.5 HIGH | 9.8 CRITICAL |
| An SQL Injection vulnerability exists in code-projects Pharmacy Management 1.0 via the username parameter in the administer login form. | |||||
| CVE-2021-44090 | 1 Sourcecodester Online Reviewer System Project | 1 Sourcecodester Online Reviewer System | 2022-01-26 | 7.5 HIGH | 9.8 CRITICAL |
| An SQL Injection vulnerability exists in Sourcecodester Online Reviewer System 1.0 via the password parameter. | |||||
| CVE-2022-0258 | 1 Pimcore | 1 Pimcore | 2022-01-25 | 6.5 MEDIUM | 8.8 HIGH |
| pimcore is vulnerable to Improper Neutralization of Special Elements used in an SQL Command | |||||
| CVE-2021-46204 | 1 Taogogo | 1 Taocms | 2022-01-25 | 7.5 HIGH | 9.8 CRITICAL |
| Taocms v3.0.2 was discovered to contain an arbitrary file read vulnerability via the path parameter. SQL injection vulnerability via taocms\include\Model\Article.php. | |||||
| CVE-2021-27021 | 1 Puppet | 3 Puppet, Puppet Enterprise, Puppetdb | 2022-01-24 | 6.5 MEDIUM | 8.8 HIGH |
| A flaw was discovered in Puppet DB, this flaw results in an escalation of privileges which allows the user to delete tables via an SQL query. | |||||
| CVE-2021-25037 | 1 Aioseo | 1 All In One Seo | 2022-01-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| The All in One SEO WordPress plugin before 4.1.5.3 is affected by an authenticated SQL injection issue, which was discovered during an internal audit by the Jetpack Scan team, and could grant attackers access to privileged information from the affected site’s database (e.g., usernames and hashed passwords). | |||||
| CVE-2020-8435 | 1 Metagauss | 1 Registrationmagic | 2022-01-21 | 5.5 MEDIUM | 8.1 HIGH |
| An issue was discovered in the RegistrationMagic plugin 4.6.0.0 for WordPress. There is SQL injection via the rm_analytics_show_form rm_form_id parameter. | |||||
| CVE-2021-45406 | 1 Salonerp Project | 1 Salonerp | 2022-01-21 | 6.5 MEDIUM | 8.8 HIGH |
| In SalonERP 3.0.1, a SQL injection vulnerability allows an attacker to inject payload using 'sql' parameter in SQL query while generating a report. Upon successfully discovering the login admin password hash, it can be decrypted to obtain the plain-text password. | |||||
| CVE-2022-21643 | 1 Useful Simple Open-source Cms Project | 1 Useful Simple Open-source Cms | 2022-01-21 | 7.5 HIGH | 9.8 CRITICAL |
| USOC is an open source CMS with a focus on simplicity. In affected versions USOC allows for SQL injection via register.php. In particular usernames, email addresses, and passwords provided by the user were not sanitized and were used directly to construct a sql statement. Users are advised to upgrade as soon as possible. There are not workarounds for this issue. | |||||
| CVE-2022-21644 | 1 Useful Simple Open-source Cms Project | 1 Useful Simple Open-source Cms | 2022-01-21 | 6.5 MEDIUM | 7.2 HIGH |
| USOC is an open source CMS with a focus on simplicity. In affected versions USOC allows for SQL injection via usersearch.php. In search terms provided by the user were not sanitized and were used directly to construct a sql statement. The only users permitted to search are site admins. Users are advised to upgrade as soon as possible. There are not workarounds for this issue. | |||||
| CVE-2022-22055 | 1 Le-yan Dental Management System Project | 1 Le-yan Dental Management System | 2022-01-21 | 10.0 HIGH | 9.8 CRITICAL |
| The Le-yan dental management system contains an SQL-injection vulnerability. An unauthenticated remote attacker can inject SQL commands into the input field of the login page to acquire administrator’s privilege and perform arbitrary operations on the system or disrupt service. | |||||
| CVE-2020-28679 | 1 Zohocorp | 1 Manageengine Applications Manager | 2022-01-19 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability in the showReports module of Zoho ManageEngine Applications Manager before build 14550 allows authenticated attackers to execute a SQL injection via a crafted request. | |||||
| CVE-2021-43971 | 1 Sysaid | 1 Sysaid | 2022-01-19 | 6.5 MEDIUM | 8.8 HIGH |
| A SQL injection vulnerability in /mobile/SelectUsers.jsp in SysAid ITIL 20.4.74 b10 allows a remote authenticated attacker to execute arbitrary SQL commands via the filterText parameter. | |||||
| CVE-2022-21666 | 1 Useful Simple Open-source Cms Project | 1 Useful Simple Open-source Cms | 2022-01-19 | 6.5 MEDIUM | 7.2 HIGH |
| Useful Simple Open-Source CMS (USOC) is a content management system (CMS) for programmers. Versions prior to Pb2.4Bfx3 allowed Sql injection in usersearch.php only for users with administrative privileges. Users should replace the file `admin/pages/useredit.php` with a newer version. USOC version Pb2.4Bfx3 contains a fixed version of `admin/pages/useredit.php`. | |||||
| CVE-2022-0224 | 1 Dolibarr | 1 Dolibarr | 2022-01-18 | 7.5 HIGH | 9.8 CRITICAL |
| dolibarr is vulnerable to Improper Neutralization of Special Elements used in an SQL Command | |||||
| CVE-2021-24949 | 1 Posimyth | 1 The Plus Addons For Elementor | 2022-01-18 | 7.5 HIGH | 9.8 CRITICAL |
| The "WP Search Filters" widget of The Plus Addons for Elementor - Pro WordPress plugin before 5.0.7 does not sanitise and escape the option parameter before using it in a SQL statement, which could lead to SQL injection | |||||
| CVE-2019-12838 | 1 Schedmd | 1 Slurm | 2022-01-17 | 7.5 HIGH | 9.8 CRITICAL |
| SchedMD Slurm 17.11.x, 18.08.0 through 18.08.7, and 19.05.0 allows SQL Injection. | |||||
| CVE-2021-25054 | 1 Wow-company | 1 Wpcalc | 2022-01-14 | 6.5 MEDIUM | 8.8 HIGH |
| The WPcalc WordPress plugin through 2.1 does not sanitize user input into the 'did' parameter and uses it in a SQL statement, leading to an authenticated SQL Injection vulnerability. | |||||
| CVE-2020-28103 | 1 Chshcms | 1 Cscms | 2022-01-14 | 7.5 HIGH | 9.8 CRITICAL |
| cscms v4.1 allows for SQL injection via the "page_del" function. | |||||
| CVE-2020-28102 | 1 Chshcms | 1 Cscms | 2022-01-14 | 7.5 HIGH | 9.8 CRITICAL |
| cscms v4.1 allows for SQL injection via the "js_del" function. | |||||
| CVE-2021-39978 | 1 Huawei | 1 Harmonyos | 2022-01-13 | 5.0 MEDIUM | 7.5 HIGH |
| Telephony application has a SQL Injection vulnerability.Successful exploitation of this vulnerability may cause privacy and security issues. | |||||
| CVE-2021-25023 | 1 Optimocha | 1 Speed Booster Pack | 2022-01-11 | 6.5 MEDIUM | 7.2 HIGH |
| The Speed Booster Pack âš¡ PageSpeed Optimization Suite WordPress plugin before 4.3.3.1 does not escape the sbp_convert_table_name parameter before using it in a SQL statement to convert the related table, leading to an SQL injection | |||||
| CVE-2021-24786 | 1 Wpchill | 1 Download Monitor | 2022-01-11 | 6.5 MEDIUM | 7.2 HIGH |
| The Download Monitor WordPress plugin before 4.4.5 does not properly validate and escape the "orderby" GET parameter before using it in a SQL statement when viewing the logs, leading to an SQL Injection issue | |||||
| CVE-2021-25030 | 1 E-dynamics | 1 Events Made Easy | 2022-01-11 | 6.5 MEDIUM | 8.8 HIGH |
| The Events Made Easy WordPress plugin before 2.2.36 does not sanitise and escape the search_text parameter before using it in a SQL statement via the eme_searchmail AJAX action, available to any authenticated users. As a result, users with a role as low as subscriber can call it and perform SQL injection attacks | |||||
| CVE-2021-36722 | 1 Emuse - Eservices \/ Envoice Project | 1 Emuse - Eservices \/ Envoice | 2022-01-11 | 10.0 HIGH | 9.8 CRITICAL |
| Emuse - eServices / eNvoice SQL injection can be used in various ways ranging from bypassing login authentication or dumping the whole database to full RCE on the affected endpoints. The SQLi caused by CWE-209: Generation of Error Message Containig Sensetive Information, showing parts of the aspx code and the webroot location , information an attacker can leverage to further compromise the host. | |||||
| CVE-2021-24848 | 1 Frenify | 1 Mediamatic | 2022-01-10 | 6.5 MEDIUM | 8.8 HIGH |
| The mediamaticAjaxRenameCategory AJAX action of the Mediamatic WordPress plugin before 2.8.1, available to any authenticated user, does not sanitise the categoryID parameter before using it in a SQL statement, leading to an SQL injection | |||||
| CVE-2021-44161 | 1 Changingtec | 1 Motp | 2022-01-10 | 5.8 MEDIUM | 8.8 HIGH |
| Changing MOTP (Mobile One Time Password) system’s specific function parameter has insufficient validation for user input. A attacker in local area network can perform SQL injection attack to read, modify or delete backend database without authentication. | |||||
| CVE-2021-45814 | 1 Nettemp | 1 Nnt | 2022-01-07 | 7.5 HIGH | 9.8 CRITICAL |
| Nettmp NNT 5.1 is affected by a SQL injection vulnerability. An attacker can bypass authentication and access the panel with an administrative account. | |||||
| CVE-2021-24753 | 1 Starfish | 1 Rich Review | 2022-01-06 | 6.5 MEDIUM | 7.2 HIGH |
| The Rich Reviews by Starfish WordPress plugin before 1.9.6 does not properly validate the orderby GET parameter of the pending reviews page before using it in a SQL statement, leading to an authenticated SQL injection issue | |||||
| CVE-2020-26248 | 1 Prestashop | 1 Productcomments | 2022-01-06 | 6.4 MEDIUM | 8.2 HIGH |
| In the PrestaShop module "productcomments" before version 4.2.1, an attacker can use a Blind SQL injection to retrieve data or stop the MySQL service. The problem is fixed in 4.2.1 of the module. | |||||
| CVE-2021-24750 | 1 Plugins-market | 1 Wp Visitor Statistics \(real Time Traffic\) | 2022-01-05 | 6.5 MEDIUM | 8.8 HIGH |
| The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 4.8 does not properly sanitise and escape the refUrl in the refDetails AJAX action, available to any authenticated user, which could allow users with a role as low as subscriber to perform SQL injection attacks | |||||