CWE-CWE-89 CVE - OpenCVE

Filtered by CWE-89

Total 14188 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2022-28533	1 Medical Hub Directory Site Project	1 Medical Hub Directory Site	2022-05-11	7.5 HIGH	9.8 CRITICAL
Sourcecodester Medical Hub Directory Site 1.0 is vulnerable to SQL Injection via /mhds/clinic/view_details.php.
CVE-2022-27420	1 Hospital Management System Project	1 Hospital Management System	2022-05-11	7.5 HIGH	9.8 CRITICAL
Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the patient_contact parameter in patientsearch.php.
CVE-2021-41942	1 Msvod	1 Msvod Cms	2022-05-11	5.0 MEDIUM	7.5 HIGH
The Magic CMS MSVOD v10 video system has a SQL injection vulnerability. Attackers can use vulnerabilities to obtain sensitive information in the database.
CVE-2022-1378	1 Deltaww	1 Diaenergie	2022-05-11	10.0 HIGH	9.8 CRITICAL
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_pgHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
CVE-2022-1377	1 Deltaww	1 Diaenergie	2022-05-11	10.0 HIGH	9.8 CRITICAL
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_rltHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
CVE-2022-1376	1 Deltaww	1 Diaenergie	2022-05-10	10.0 HIGH	9.8 CRITICAL
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_privgrpHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
CVE-2022-28505	1 Jflyfox	1 Jfinal Cms	2022-05-10	6.5 MEDIUM	7.2 HIGH
Jfinal_cms 5.1.0 is vulnerable to SQL Injection via com.jflyfox.system.log.LogController.java.
CVE-2022-1375	1 Deltaww	1 Diaenergie	2022-05-10	10.0 HIGH	9.8 CRITICAL
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_slogHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
CVE-2022-1374	1 Deltaww	1 Diaenergie	2022-05-10	10.0 HIGH	9.8 CRITICAL
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_unHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
CVE-2022-1372	1 Deltaww	1 Diaenergie	2022-05-10	10.0 HIGH	9.8 CRITICAL
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in dlSlog.aspx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
CVE-2022-1371	1 Deltaww	1 Diaenergie	2022-05-10	10.0 HIGH	9.8 CRITICAL
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in ReadRegf. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
CVE-2022-1370	1 Deltaww	1 Diaenergie	2022-05-10	10.0 HIGH	9.8 CRITICAL
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in ReadREGbyID. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
CVE-2022-1369	1 Deltaww	1 Diaenergie	2022-05-10	10.0 HIGH	9.8 CRITICAL
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in ReadRegIND. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
CVE-2022-1367	1 Deltaww	1 Diaenergie	2022-05-10	10.0 HIGH	9.8 CRITICAL
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in Handler_TCV.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
CVE-2022-1366	1 Deltaww	1 Diaenergie	2022-05-10	10.0 HIGH	9.8 CRITICAL
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in HandlerChart.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
CVE-2022-29904	1 Mediawiki	1 Mediawiki	2022-05-10	7.5 HIGH	9.8 CRITICAL
The SemanticDrilldown extension for MediaWiki through 1.37.2 (before e688bdba6434591b5dff689a45e4d53459954773) allows SQL injection with certain '-' and '_' constraints.
CVE-2022-27466	1 Mingsoft	1 Mcms	2022-05-10	7.5 HIGH	9.8 CRITICAL
MCMS v5.2.27 was discovered to contain a SQL injection vulnerability in the orderBy parameter at /dict/list.do.
CVE-2022-28585	1 Phome	1 Empirecms	2022-05-09	7.5 HIGH	9.8 CRITICAL
EmpireCMS 7.5 has a SQL injection vulnerability in AdClass.php
CVE-2022-27962	1 Bluecms Project	1 Bluecms	2022-05-09	7.5 HIGH	9.8 CRITICAL
Bluecms 1.6 has a SQL injection vulnerability at cooike.
CVE-2022-0771	1 Marketingheroes	1 Sitesupercharger	2022-05-09	7.5 HIGH	9.8 CRITICAL
The SiteSuperCharger WordPress plugin before 5.2.0 does not validate, sanitise and escape various user inputs before using them in SQL statements via AJAX actions (available to both unauthenticated and authenticated users), leading to Unauthenticated SQL Injections

Vulnerabilities (CVE)