Total
14188 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-23366 | 1 Hms Project | 1 Hms | 2022-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| HMS v1.0 was discovered to contain a SQL injection vulnerability via patientlogin.php. | |||||
| CVE-2021-24931 | 1 Ays-pro | 1 Secure Copy Content Protection And Content Locking | 2022-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| The Secure Copy Content Protection and Content Locking WordPress plugin before 2.8.2 does not escape the sccp_id parameter of the ays_sccp_results_export_file AJAX action (available to both unauthenticated and authenticated users) before using it in a SQL statement, leading to an SQL injection. | |||||
| CVE-2022-21176 | 1 Airspan | 9 A5x, A5x Firmware, C5c and 6 more | 2022-02-26 | 5.0 MEDIUM | 7.5 HIGH |
| MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not properly sanitize user input, which may allow an attacker to perform a SQL injection and obtain sensitive information. | |||||
| CVE-2021-44868 | 1 Mingsoft | 1 Mcms | 2022-02-25 | 7.5 HIGH | 9.8 CRITICAL |
| A problem was found in ming-soft MCMS v5.1. There is a sql injection vulnerability in /ms/cms/content/list.do | |||||
| CVE-2022-25322 | 1 Zerof | 1 Web Server | 2022-02-24 | 7.5 HIGH | 9.8 CRITICAL |
| ZEROF Web Server 2.0 allows /HandleEvent SQL Injection. | |||||
| CVE-2022-22881 | 1 Jeecg | 1 Jeecg Boot | 2022-02-24 | 7.5 HIGH | 9.8 CRITICAL |
| Jeecg-boot v3.0 was discovered to contain a SQL injection vulnerability via the code parameter in /sys/user/queryUserComponentData. | |||||
| CVE-2022-22880 | 1 Jeecg | 1 Jeecg Boot | 2022-02-24 | 7.5 HIGH | 9.8 CRITICAL |
| Jeecg-boot v3.0 was discovered to contain a SQL injection vulnerability via the code parameter in /jeecg-boot/sys/user/queryUserByDepId. | |||||
| CVE-2022-0513 | 1 Veronalabs | 1 Wp Statistics | 2022-02-24 | 4.3 MEDIUM | 7.5 HIGH |
| The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the exclusion_reason parameter found in the ~/includes/class-wp-statistics-exclusion.php file which allows attackers without authentication to inject arbitrary SQL queries to obtain sensitive information, in versions up to and including 13.1.4. This requires the "Record Exclusions" option to be enabled on the vulnerable site. | |||||
| CVE-2021-3242 | 1 Duxcms Project | 1 Duxcms | 2022-02-24 | 7.5 HIGH | 9.8 CRITICAL |
| DuxCMS v3.1.3 was discovered to contain a SQL injection vulnerability via the component s/tools/SendTpl/index?keyword=. | |||||
| CVE-2021-4134 | 1 Radykal | 1 Fancy Product Designer | 2022-02-24 | 4.0 MEDIUM | 4.9 MEDIUM |
| The Fancy Product Designer WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the ID parameter found in the ~/inc/api/class-view.php file which allows attackers with administrative level permissions to inject arbitrary SQL queries to obtain sensitive information, in versions up to and including 4.7.4. | |||||
| CVE-2022-23358 | 1 Easycms | 1 Easycms | 2022-02-23 | 7.5 HIGH | 9.8 CRITICAL |
| EasyCMS v1.6 allows for SQL injection via ArticlemAction.class.php. In the background, search terms provided by the user were not sanitized and were used directly to construct a SQL statement. | |||||
| CVE-2021-25109 | 1 Futuriowp | 1 Futurio Extra | 2022-02-22 | 4.0 MEDIUM | 2.7 LOW |
| The Futurio Extra WordPress plugin before 1.6.3 is affected by a SQL Injection vulnerability that could be used by high privilege users to extract data from the database as well as used to perform Cross-Site Scripting (XSS) against logged in admins by making send open a malicious link. | |||||
| CVE-2022-0190 | 1 Acnam | 1 Ad Invalid Click Protector | 2022-02-22 | 6.5 MEDIUM | 8.8 HIGH |
| The Ad Invalid Click Protector (AICP) WordPress plugin before 1.2.6 is affected by a SQL Injection in the id parameter of the delete action. | |||||
| CVE-2022-22295 | 1 Metinfo | 1 Metinfo | 2022-02-22 | 7.5 HIGH | 9.8 CRITICAL |
| Metinfo v7.5.0 was discovered to contain a SQL injection vulnerability in parameter_admin.class.php via the table_para parameter. | |||||
| CVE-2022-23335 | 1 Metinfo | 1 Metinfo | 2022-02-22 | 7.5 HIGH | 9.8 CRITICAL |
| Metinfo v7.5.0 was discovered to contain a SQL injection vulnerability in language_general.class.php via doModifyParameter. | |||||
| CVE-2022-23337 | 1 Dedecms | 1 Dedecms | 2022-02-22 | 7.5 HIGH | 9.8 CRITICAL |
| DedeCMS v5.7.87 was discovered to contain a SQL injection vulnerability in article_coonepage_rule.php via the ids parameter. | |||||
| CVE-2022-23336 | 1 S-cms | 1 S-cms | 2022-02-22 | 7.5 HIGH | 9.8 CRITICAL |
| S-CMS v5.0 was discovered to contain a SQL injection vulnerability in member_pay.php via the O_id parameter. | |||||
| CVE-2022-24223 | 1 Thedigitalcraft | 1 Atomcms | 2022-02-22 | 7.5 HIGH | 9.8 CRITICAL |
| AtomCMS v2.0 was discovered to contain a SQL injection vulnerability via /admin/login.php. | |||||
| CVE-2021-46458 | 1 Victor Cms Project | 1 Victor Cms | 2022-02-19 | 5.0 MEDIUM | 7.5 HIGH |
| Victor CMS v1.0 was discovered to contain a SQL injection vulnerability in the component admin/posts.php?source=add_post. This vulnerability can be exploited through a crafted POST request via the post_title parameter. | |||||
| CVE-2022-23046 | 1 Phpipam | 1 Phpipam | 2022-02-11 | 6.5 MEDIUM | 7.2 HIGH |
| PhpIPAM v1.4.4 allows an authenticated admin user to inject SQL sentences in the "subnet" parameter while searching a subnet via app/admin/routing/edit-bgp-mapping-search.php | |||||