Total
14188 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-43506 | 1 Simple Client Management System Project | 1 Simple Client Management System | 2022-04-06 | 7.5 HIGH | 9.8 CRITICAL |
| An SQL Injection vulnerability exists in Sourcecodester Simple Client Management System 1.0 via the password parameter in Login.php. | |||||
| CVE-2021-24848 | 1 Frenify | 1 Mediamatic | 2022-04-05 | 6.5 MEDIUM | 8.8 HIGH |
| The mediamaticAjaxRenameCategory AJAX action of the Mediamatic WordPress plugin before 2.8.1, available to any authenticated user, does not sanitise the categoryID parameter before using it in a SQL statement, leading to an SQL injection | |||||
| CVE-2022-24124 | 1 Casbin | 1 Casdoor | 2022-04-05 | 5.0 MEDIUM | 7.5 HIGH |
| The query API in Casdoor before 1.13.1 has a SQL injection vulnerability related to the field and value parameters, as demonstrated by api/get-organizations. | |||||
| CVE-2022-24956 | 1 Shopware | 1 B2b Suite | 2022-04-05 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Shopware B2B-Suite through 4.4.1. The sort-by parameter of the search functionality of b2border and b2borderlist allows SQL injection. Possible techniques are boolean-based blind, time-based blind, and potentially stacked queries. The vulnerability allows a remote authenticated attacker to dump the underlying database. | |||||
| CVE-2020-24770 | 1 Nexusphp | 1 Nexusphp | 2022-04-05 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in modrules.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2020-24769 | 1 Nexusphp | 1 Nexusphp | 2022-04-05 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in takeconfirm.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the classes parameter. | |||||
| CVE-2022-0923 | 1 Deltaww | 1 Diaenergie | 2022-04-05 | 7.5 HIGH | 9.8 CRITICAL |
| Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in HandlerDialog_KID.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. | |||||
| CVE-2021-43701 | 1 Cszcms | 1 Csz Cms | 2022-04-05 | 4.0 MEDIUM | 6.5 MEDIUM |
| CSZ CMS 1.2.9 has a Time and Boolean-based Blind SQL Injection vulnerability in the endpoint /admin/export/getcsv/article_db, via the fieldS[] and orderby parameters. | |||||
| CVE-2020-35848 | 1 Agentejo | 1 Cockpit | 2022-04-05 | 7.5 HIGH | 9.8 CRITICAL |
| Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php newpassword function. | |||||
| CVE-2020-35847 | 1 Agentejo | 1 Cockpit | 2022-04-05 | 7.5 HIGH | 9.8 CRITICAL |
| Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php resetpassword function. | |||||
| CVE-2021-40644 | 1 Oasys Project | 1 Oasys | 2022-04-05 | 4.0 MEDIUM | 6.5 MEDIUM |
| An SQL Injection vulnerability exists in oasys oa_system as of 9/7/2021 in resources/mappers/notice-mapper.xml. | |||||
| CVE-2022-1083 | 1 Microfinance Management System Project | 1 Microfinance Management System | 2022-04-05 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability classified as critical has been found in Microfinance Management System. The manipulation of arguments like customer_type_number/account_number/account_status_number/account_type_number with the input ' and (select * from(select(sleep(10)))Avx) and 'abc' = 'abc leads to sql injection in multiple files. It is possible to launch the attack remotely. | |||||
| CVE-2022-26245 | 1 Open-falcon | 1 Falcon-plus | 2022-04-05 | 7.5 HIGH | 9.8 CRITICAL |
| Falcon-plus v0.3 was discovered to contain a SQL injection vulnerability via the parameter grpName in /config/service/host.go. | |||||
| CVE-2022-23797 | 1 Joomla | 1 Joomla\! | 2022-04-05 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0. Inadequate filtering on the selected Ids on an request could resulted into an possible SQL injection. | |||||
| CVE-2021-44581 | 1 Kreado | 1 Kreasfero | 2022-04-04 | 5.0 MEDIUM | 7.5 HIGH |
| An SQL Injection vulnerabilty exists in Kreado Kreasfero 1.5 via the id parameter. | |||||
| CVE-2022-1078 | 1 College Website Management System Project | 1 College Website Management System | 2022-04-04 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability was found in SourceCodester College Website Management System 1.0. It has been classified as critical. Affected is the file /cwms/admin/?page=articles/view_article/. The manipulation of the argument id with the input ' and (select * from(select(sleep(10)))Avx) and 'abc' = 'abc with an unknown input leads to sql injection. It is possible to launch the attack remotely and without authentication. | |||||
| CVE-2022-1080 | 1 One Church Management System Project | 1 One Church Management System | 2022-04-04 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability was found in SourceCodester One Church Management System 1.0. It has been declared as critical. This vulnerability affects code of the file attendancy.php as the manipulation of the argument search2 leads to sql injection. The attack can be initiated remotely. | |||||
| CVE-2021-25068 | 1 Dpl | 1 Sync Woocommerce Product Feed To Google Shopping | 2022-04-04 | 6.5 MEDIUM | 7.2 HIGH |
| The Sync WooCommerce Product feed to Google Shopping WordPress plugin through 1.2.4 uses the 'feed_id' POST parameter which is not properly sanitized for use in a SQL statement, leading to a SQL injection vulnerability in the admin dashboard | |||||
| CVE-2021-25070 | 1 Stopbadbots | 1 Block And Stop Bad Bots | 2022-04-04 | 7.5 HIGH | 9.8 CRITICAL |
| The Block Bad Bots WordPress plugin before 6.88 does not properly sanitise and escape the User Agent before using it in a SQL statement to record logs, leading to an SQL Injection issue | |||||
| CVE-2022-0784 | 1 Title Experiments Free Project | 1 Title Experiments Free | 2022-04-04 | 7.5 HIGH | 9.8 CRITICAL |
| The Title Experiments Free WordPress plugin before 9.0.1 does not sanitise and escape the id parameter before using it in a SQL statement via the wpex_titles AJAX action (available to unauthenticated users), leading to an unauthenticated SQL injection | |||||