Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by CWE-89
Total 14188 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-32456 1 Digiwin 1 Business Process Management 2022-09-14 N/A 9.8 CRITICAL
Digiwin BPM’s function has insufficient validation for user input. An unauthenticated remote attacker can inject arbitrary SQL command to access, modify, delete database or disrupt service.
CVE-2022-38615 1 Bpcbt 1 Smartvista Front-end 2022-09-14 N/A 8.8 HIGH
SmartVista SVFE2 v2.2.22 was discovered to contain multiple SQL injection vulnerabilities via the UserForm:j_id88, UserForm:j_id90, and UserForm:j_id92 parameters at /SVFE2/pages/feegroups/service_group.jsf.
CVE-2022-38286 1 Jflyfox 1 Jfinal Cms 2022-09-13 N/A 7.2 HIGH
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /system/role/list.
CVE-2022-38285 1 Jflyfox 1 Jfinal Cms 2022-09-13 N/A 7.2 HIGH
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /system/menu/list.
CVE-2022-38284 1 Jflyfox 1 Jfinal Cms 2022-09-13 N/A 7.2 HIGH
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /system/department/list.
CVE-2022-38283 1 Jflyfox 1 Jfinal Cms 2022-09-13 N/A 7.2 HIGH
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/video/list.
CVE-2022-38282 1 Jflyfox 1 Jfinal Cms 2022-09-13 N/A 7.2 HIGH
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/videoalbum/list.
CVE-2022-38277 1 Jflyfox 1 Jfinal Cms 2022-09-13 N/A 7.2 HIGH
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/folderrollpicture/list.
CVE-2022-38279 1 Jflyfox 1 Jfinal Cms 2022-09-13 N/A 7.2 HIGH
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/imagealbum/list.
CVE-2022-38278 1 Jflyfox 1 Jfinal Cms 2022-09-13 N/A 7.2 HIGH
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/friendlylink/list.
CVE-2022-38280 1 Jflyfox 1 Jfinal Cms 2022-09-13 N/A 7.2 HIGH
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/image/list.
CVE-2022-38281 1 Jflyfox 1 Jfinal Cms 2022-09-13 N/A 7.2 HIGH
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/site/list.
CVE-2022-38272 1 Jflyfox 1 Jfinal Cms 2022-09-13 N/A 7.2 HIGH
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/article/list.
CVE-2022-38273 1 Jflyfox 1 Jfinal Cms 2022-09-13 N/A 7.2 HIGH
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/article/list_approve.
CVE-2022-38275 1 Jflyfox 1 Jfinal Cms 2022-09-13 N/A 7.2 HIGH
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/contact/list.
CVE-2022-38274 1 Jflyfox 1 Jfinal Cms 2022-09-13 N/A 7.2 HIGH
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/comment/list.
CVE-2022-38276 1 Jflyfox 1 Jfinal Cms 2022-09-13 N/A 7.2 HIGH
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/foldernotice/list.
CVE-2022-3130 1 Online Driving School Project Project 1 Online Driving School Project 2022-09-12 N/A 9.8 CRITICAL
A vulnerability classified as critical has been found in codeprojects Online Driving School. This affects an unknown part of the file /login.php. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-207873 was assigned to this vulnerability.
CVE-2019-5114 1 Youphptube 1 Youphptube 2022-09-10 9.3 HIGH 9.9 CRITICAL
An exploitable SQL injection vulnerability exists in the authenticated portion of YouPHPTube 7.6. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and,in certain configuration, access the underlying operating system.
CVE-2021-43481 1 Webtareas Project 1 Webtareas 2022-09-09 7.5 HIGH 9.8 CRITICAL
An SQL Injection vulnerability exists in Webtareas 2.4p3 and earlier via the $uq HTTP POST parameter in editapprovalstage.php.