Total
14188 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-22280 | 1 Sonicwall | 2 Analytics, Global Management System | 2022-08-08 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command leading to Unauthenticated SQL Injection vulnerability, impacting SonicWall GMS 9.3.1-SP2-Hotfix1, Analytics On-Prem 2.5.0.3-2520 and earlier versions. | |||||
| CVE-2020-13566 | 2 Open-emr, Phpgacl Project | 2 Openemr, Phpgacl | 2022-08-06 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerabilities exist in phpGACL 3.3.7. A specially crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability In admin/edit_group.php, when the POST parameter action is “Delete”, the POST parameter delete_group leads to a SQL injection. | |||||
| CVE-2020-13568 | 2 Open-emr, Phpgacl Project | 2 Openemr, Phpgacl | 2022-08-06 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability exists in phpGACL 3.3.7. A specially crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability in admin/edit_group.php, when the POST parameter action is “Submit”, the POST parameter parent_id leads to a SQL injection. | |||||
| CVE-2022-34928 | 1 Jflyfox | 1 Jfinal Cms | 2022-08-06 | N/A | 8.8 HIGH |
| JFinal CMS v5.1.0 was discovered to contain a SQL injection vulnerability via /system/user. | |||||
| CVE-2020-27241 | 1 Openclinic Ga Project | 1 Openclinic Ga | 2022-08-05 | 7.5 HIGH | 9.8 CRITICAL |
| An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. The serialnumber parameter in the getAssets.jsp page is vulnerable to unauthenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | |||||
| CVE-2020-27240 | 1 Openclinic Ga Project | 1 Openclinic Ga | 2022-08-05 | 7.5 HIGH | 9.8 CRITICAL |
| An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. The componentStatus parameter in the getAssets.jsp page is vulnerable to unauthenticated SQL injection An attacker can make an authenticated HTTP request to trigger this vulnerability. | |||||
| CVE-2022-34953 | 1 Phptpoint | 1 Pharmacy Management System | 2022-08-05 | N/A | 9.8 CRITICAL |
| Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the startDate parameter at getOrderReport.php. | |||||
| CVE-2022-34952 | 1 Phptpoint | 1 Pharmacy Management System | 2022-08-05 | N/A | 9.8 CRITICAL |
| Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at edituser.php. | |||||
| CVE-2022-34951 | 1 Phptpoint | 1 Pharmacy Management System | 2022-08-05 | N/A | 9.8 CRITICAL |
| Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the startDate parameter at getsalereport.php. | |||||
| CVE-2022-34945 | 1 Pharmacy Management System Project | 1 Pharmacy Management System | 2022-08-04 | N/A | 9.8 CRITICAL |
| Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the startDate parameter at getproductreport.php. | |||||
| CVE-2022-34948 | 1 Pharmacy Management System Project | 1 Pharmacy Management System | 2022-08-04 | N/A | 9.8 CRITICAL |
| Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at editbrand.php. | |||||
| CVE-2022-34946 | 1 Pharmacy Management System Project | 1 Pharmacy Management System | 2022-08-04 | N/A | 9.8 CRITICAL |
| Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the startDate parameter at getexpproduct.php. | |||||
| CVE-2022-34947 | 1 Pharmacy Management System Project | 1 Pharmacy Management System | 2022-08-04 | N/A | 9.8 CRITICAL |
| Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at editcategory.php. | |||||
| CVE-2022-34949 | 1 Pharmacy Management System Project | 1 Pharmacy Management System | 2022-08-04 | N/A | 9.8 CRITICAL |
| Pharmacy Management System v1.0 was discovered to contain multiple SQL injection vulnerabilities via the email or password parameter at login.php. | |||||
| CVE-2022-34950 | 1 Pharmacy Management System Project | 1 Pharmacy Management System | 2022-08-04 | N/A | 9.8 CRITICAL |
| Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at editproduct.php. | |||||
| CVE-2022-34955 | 1 Pligg | 1 Pligg Cms | 2022-08-04 | N/A | 9.8 CRITICAL |
| Pligg CMS v2.0.2 was discovered to contain a time-based SQL injection vulnerability via the page_size parameter at load_data_for_topusers.php. | |||||
| CVE-2022-34956 | 1 Pligg | 1 Pligg Cms | 2022-08-04 | N/A | 9.8 CRITICAL |
| Pligg CMS v2.0.2 was discovered to contain a time-based SQL injection vulnerability via the page_size parameter at load_data_for_groups.php. | |||||
| CVE-2022-35421 | 1 Online Tours And Travels Management System Project | 1 Online Tours And Travels Management System | 2022-08-04 | N/A | 7.2 HIGH |
| Online Tours And Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the pname parameter at /admin/operations/packages.php. | |||||
| CVE-2022-35422 | 1 Web Based Quiz System Project | 1 Web Based Quiz System | 2022-08-04 | N/A | 9.8 CRITICAL |
| Web Based Quiz System v1.0 was discovered to contain a SQL injection vulnerability via the qid parameter at update.php. | |||||
| CVE-2022-1950 | 1 Kainelabs | 1 Youzify | 2022-08-04 | N/A | 9.8 CRITICAL |
| The Youzify WordPress plugin before 1.2.0 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to an unauthenticated SQL injection | |||||