Total
14188 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-24762 | 1 Getperfectsurvey | 1 Perfect Survey | 2022-03-18 | 7.5 HIGH | 9.8 CRITICAL |
| The Perfect Survey WordPress plugin before 1.5.2 does not validate and escape the question_id GET parameter before using it in a SQL statement in the get_question AJAX action, allowing unauthenticated users to perform SQL injection. | |||||
| CVE-2021-25076 | 1 Wedevs | 1 Wp User Frontend | 2022-03-18 | 6.5 MEDIUM | 8.8 HIGH |
| The WP User Frontend WordPress plugin before 3.5.26 does not validate and escape the status parameter before using it in a SQL statement in the Subscribers dashboard, leading to an SQL injection. Due to the lack of sanitisation and escaping, this could also lead to Reflected Cross-Site Scripting | |||||
| CVE-2021-32474 | 1 Moodle | 1 Moodle | 2022-03-18 | 6.5 MEDIUM | 7.2 HIGH |
| An SQL injection risk existed on sites with MNet enabled and configured, via an XML-RPC call from the connected peer host. Note that this required site administrator access or access to the keypair. Moodle 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected. | |||||
| CVE-2022-24607 | 1 Luocms Project | 1 Luocms | 2022-03-17 | 7.5 HIGH | 9.8 CRITICAL |
| Luocms v2.0 is affected by SQL Injection in /admin/news/news_ok.php. | |||||
| CVE-2022-24606 | 1 Luocms Project | 1 Luocms | 2022-03-17 | 7.5 HIGH | 9.8 CRITICAL |
| Luocms v2.0 is affected by SQL Injection in /admin/news/sort_ok.php. | |||||
| CVE-2022-24605 | 1 Luocms Project | 1 Luocms | 2022-03-17 | 7.5 HIGH | 9.8 CRITICAL |
| Luocms v2.0 is affected by SQL Injection in /admin/link/link_ok.php. | |||||
| CVE-2022-24604 | 1 Luocms Project | 1 Luocms | 2022-03-17 | 7.5 HIGH | 9.8 CRITICAL |
| Luocms v2.0 is affected by SQL Injection in /admin/link/link_mod.php. | |||||
| CVE-2022-24600 | 1 Luocms Project | 1 Luocms | 2022-03-17 | 7.5 HIGH | 9.8 CRITICAL |
| Luocms v2.0 is affected by SQL Injection through /admin/login.php. An attacker can log in to the background through SQL injection statements. | |||||
| CVE-2022-24603 | 1 Luocms Project | 1 Luocms | 2022-03-17 | 7.5 HIGH | 9.8 CRITICAL |
| Luocms v2.0 is affected by SQL Injection in /admin/news/sort_mod.php. | |||||
| CVE-2022-24602 | 1 Luocms Project | 1 Luocms | 2022-03-17 | 7.5 HIGH | 9.8 CRITICAL |
| Luocms v2.0 is affected by SQL Injection in /admin/news/news_mod.php. | |||||
| CVE-2022-24601 | 1 Luocms Project | 1 Luocms | 2022-03-17 | 5.0 MEDIUM | 7.5 HIGH |
| Luocms v2.0 is affected by SQL Injection in /admin/manager/admin_mod.php. An attacker can obtain sensitive information through SQL injection statements. | |||||
| CVE-2013-3523 | 1 Gajennings | 1 This | 2022-03-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in This HTML Is Simple (THIS) before 1.2.4 allows remote to execute arbitrary SQL commands via vectors related to op=page&id= in the URL. | |||||
| CVE-2022-25225 | 1 Softinventive | 1 Network Olympus | 2022-03-16 | 6.5 MEDIUM | 7.2 HIGH |
| Network Olympus version 1.8.0 allows an authenticated admin user to inject SQL queries in '/api/eventinstance' via the 'sqlparameter' JSON parameter. It is also possible to achieve remote code execution in the default installation (PostgreSQL) by exploiting this issue. | |||||
| CVE-2021-43969 | 1 Quicklert | 1 Quicklert | 2022-03-15 | 7.8 HIGH | 6.5 MEDIUM |
| The login.jsp page of Quicklert for Digium 10.0.0 (1043) is affected by both Blind SQL Injection with Out-of-Band Interaction (DNS) and Blind Time-Based SQL Injections. Exploitation can be used to disclose all data within the database (up to and including the administrative accounts' login IDs and passwords) via the login.jsp uname parameter. | |||||
| CVE-2022-26171 | 1 Bank Management System Project | 1 Bank Management System | 2022-03-14 | 7.5 HIGH | 9.8 CRITICAL |
| Bank Management System v1.o was discovered to contain a SQL injection vulnerability via the email parameter. | |||||
| CVE-2022-26170 | 1 Simple Mobile Comparison Website Project | 1 Simple Mobile Comparison Website | 2022-03-14 | 7.5 HIGH | 9.8 CRITICAL |
| Simple Mobile Comparison Website v1.0 was discovered to contain a SQL injection vulnerability via the search parameter. | |||||
| CVE-2022-26169 | 1 Air Cargo Management System Project | 1 Air Cargo Management System | 2022-03-14 | 7.5 HIGH | 9.8 CRITICAL |
| Air Cargo Management System v1.0 was discovered to contain a SQL injection vulnerability via the ref_code parameter. | |||||
| CVE-2022-25399 | 1 Simple Real Estate Portal System Project | 1 Simple Real Estate Portal System | 2022-03-14 | 7.5 HIGH | 9.8 CRITICAL |
| Simple Real Estate Portal System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter. | |||||
| CVE-2022-25398 | 1 Auto Spare Parts Management Project | 1 Auto Spare Parts Management | 2022-03-14 | 7.5 HIGH | 9.8 CRITICAL |
| Auto Spare Parts Management v1.0 was discovered to contain a SQL injection vulnerability via the user parameter. | |||||
| CVE-2022-25396 | 1 Cosmetics And Beauty Product Online Store Project | 1 Cosmetics And Beauty Product Online Store | 2022-03-14 | 7.5 HIGH | 9.8 CRITICAL |
| Cosmetics and Beauty Product Online Store v1.0 was discovered to contain a SQL injection vulnerability via the search parameter. | |||||