Total
14188 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-27472 | 1 Rockwellautomation | 1 Factorytalk Assetcentre | 2022-03-29 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability exists in the RunSearch function of SearchService service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier, which may allow for the execution of remote unauthenticated arbitrary SQL statements. | |||||
| CVE-2021-43091 | 1 Yeswiki | 1 Yeswiki | 2022-03-29 | 5.0 MEDIUM | 7.5 HIGH |
| An SQL Injection vlnerability exits in Yeswiki doryphore 20211012 via the email parameter in the registration form. | |||||
| CVE-2021-27468 | 1 Rockwellautomation | 1 Factorytalk Assetcentre | 2022-03-29 | 7.5 HIGH | 9.8 CRITICAL |
| The AosService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier exposes functions lacking proper authentication. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary SQL statements. | |||||
| CVE-2021-27464 | 1 Rockwellautomation | 1 Factorytalk Assetcentre | 2022-03-29 | 7.5 HIGH | 9.8 CRITICAL |
| The ArchiveService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier exposes functions lacking proper authentication. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary SQL statements. | |||||
| CVE-2022-26301 | 1 Yejiao | 1 Tuzicms | 2022-03-29 | 7.5 HIGH | 9.8 CRITICAL |
| TuziCMS v2.0.6 was discovered to contain a SQL injection vulnerability via the component App\Manage\Controller\ZhuantiController.class.php. | |||||
| CVE-2018-18805 | 1 Pointofsales Project | 1 Pointofsales | 2022-03-29 | 7.5 HIGH | 9.8 CRITICAL |
| Point Of Sales 1.0 allows SQL injection via the login screen, related to LoginForm1.vb. | |||||
| CVE-2022-26285 | 1 Simple Client Management System Project | 1 Simple Client Management System | 2022-03-29 | 7.5 HIGH | 9.8 CRITICAL |
| Simple Subscription Website v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the apply endpoint. This vulnerability allows attackers to dump the application's database via crafted HTTP requests. | |||||
| CVE-2021-44655 | 1 Online Pre-owned\/used Car Showroom Management System Project | 1 Online Pre-owned\/used Car Showroom Management System | 2022-03-29 | 7.5 HIGH | 9.8 CRITICAL |
| Online Pre-owned/Used Car Showroom Management System 1.0 contains a SQL injection authentication bypass vulnerability. Admin panel authentication can be bypassed due to SQL injection vulnerability in the login form allowing attacker to get admin access on the application. | |||||
| CVE-2022-0153 | 1 Fork-cms | 1 Fork Cms | 2022-03-29 | 4.3 MEDIUM | 7.5 HIGH |
| SQL Injection in GitHub repository forkcms/forkcms prior to 5.11.1. | |||||
| CVE-2021-43700 | 1 Apimanager Project | 1 Apimanager | 2022-03-29 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in ApiManager 1.1. there is sql injection vulnerability that can use in /index.php?act=api&tag=8. | |||||
| CVE-2022-26284 | 1 Simple Client Management System Project | 1 Simple Client Management System | 2022-03-29 | 7.5 HIGH | 9.8 CRITICAL |
| Simple Client Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the manage_client endpoint. This vulnerability allows attackers to dump the application's database via crafted HTTP requests. | |||||
| CVE-2022-25505 | 1 Taogogo | 1 Taocms | 2022-03-29 | 7.5 HIGH | 9.8 CRITICAL |
| Taocms v3.0.2 was discovered to contain a SQL injection vulnerability via the id parameter in \include\Model\Category.php. | |||||
| CVE-2021-43735 | 1 Cmswing | 1 Cmswing | 2022-03-29 | 7.5 HIGH | 9.8 CRITICAL |
| CmsWing 1.3.7 is affected by a SQLi vulnerability via parameter: behavior rule. | |||||
| CVE-2022-25222 | 1 Money Transfer Management System Project | 1 Money Transfer Management System | 2022-03-29 | 7.5 HIGH | 9.8 CRITICAL |
| Money Transfer Management System Version 1.0 allows an unauthenticated user to inject SQL queries in 'admin/maintenance/manage_branch.php' and 'admin/maintenance/manage_fee.php' via the 'id' parameter. | |||||
| CVE-2022-25223 | 1 Money Transfer Management System Project | 1 Money Transfer Management System | 2022-03-28 | 4.0 MEDIUM | 4.3 MEDIUM |
| Money Transfer Management System Version 1.0 allows an authenticated user to inject SQL queries in 'mtms/admin/?page=transaction/view_details' via the 'id' parameter. | |||||
| CVE-2021-43650 | 1 Softwell | 1 Webrun | 2022-03-28 | 7.5 HIGH | 9.8 CRITICAL |
| WebRun 3.6.0.42 is vulnerable to SQL Injection via the P_0 parameter used to set the username during the login process. | |||||
| CVE-2022-0386 | 1 Sophos | 1 Unified Threat Management | 2022-03-28 | 6.5 MEDIUM | 8.8 HIGH |
| A post-auth SQL injection vulnerability in the Mail Manager potentially allows an authenticated attacker to execute code in Sophos UTM before version 9.710. | |||||
| CVE-2022-0747 | 1 Quantumcloud | 1 Infographic Maker | 2022-03-28 | 7.5 HIGH | 9.8 CRITICAL |
| The Infographic Maker WordPress plugin before 4.3.8 does not validate and escape the post_id parameter before using it in a SQL statement via the qcld_upvote_action AJAX action (available to unauthenticated and authenticated users), leading to an unauthenticated SQL Injection | |||||
| CVE-2022-0760 | 1 Quantumcloud | 1 Simple Link Directory | 2022-03-28 | 7.5 HIGH | 9.8 CRITICAL |
| The Simple Link Directory WordPress plugin before 7.7.2 does not validate and escape the post_id parameter before using it in a SQL statement via the qcopd_upvote_action AJAX action (available to unauthenticated and authenticated users), leading to an unauthenticated SQL Injection | |||||
| CVE-2022-0739 | 1 Reputeinfosystems | 1 Bookingpress | 2022-03-28 | 7.5 HIGH | 9.8 CRITICAL |
| The BookingPress WordPress plugin before 1.0.11 fails to properly sanitize user supplied POST data before it is used in a dynamically constructed SQL query via the bookingpress_front_get_category_services AJAX action (available to unauthenticated users), leading to an unauthenticated SQL Injection | |||||