Total
14188 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-25114 | 1 Strangerstudios | 1 Paid Memberships Pro | 2022-02-10 | 7.5 HIGH | 9.8 CRITICAL |
| The Paid Memberships Pro WordPress plugin before 2.6.7 does not escape the discount_code in one of its REST route (available to unauthenticated users) before using it in a SQL statement, leading to a SQL injection | |||||
| CVE-2022-23379 | 1 Emlog | 1 Emlog | 2022-02-09 | 7.5 HIGH | 9.8 CRITICAL |
| Emlog v6.0 was discovered to contain a SQL injection vulnerability via the $TagID parameter of getblogidsfromtagid(). | |||||
| CVE-2021-44866 | 1 Projectworlds | 1 Online Movie Ticket Booking System | 2022-02-09 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Online-Movie-Ticket-Booking-System 1.0. The file about.php does not perform input validation on the 'id' paramter. An attacker can append SQL queries to the input to extract sensitive information from the database. | |||||
| CVE-2021-44779 | 1 \[gwa\] Autoresponder Project | 1 \[gwa\] Autoresponder | 2022-02-09 | 7.5 HIGH | 9.8 CRITICAL |
| Unauthenticated SQL Injection (SQLi) vulnerability discovered in [GWA] AutoResponder WordPress plugin (versions <= 2.3), vulnerable at (&listid). No patched version available, plugin closed. | |||||
| CVE-2022-24121 | 2 Centos, Unifiedoffice | 2 Centos, Total Connect Now | 2022-02-08 | 5.0 MEDIUM | 7.5 HIGH |
| SQL Injection vulnerability discovered in Unified Office Total Connect Now that would allow an attacker to extract sensitive information through a cookie parameter. | |||||
| CVE-2022-23873 | 1 Victor Cms Project | 1 Victor Cms | 2022-02-08 | 6.5 MEDIUM | 8.8 HIGH |
| Victor CMS v1.0 was discovered to contain a SQL injection vulnerability that allows attackers to inject arbitrary commands via 'user_firstname' parameter. | |||||
| CVE-2021-42633 | 1 Printerlogic | 1 Web Stack | 2022-02-07 | 5.0 MEDIUM | 5.3 MEDIUM |
| PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to SQL Injection, which may allow an attacker to access additional audit records. | |||||
| CVE-2021-46459 | 1 Victor Cms Project | 1 Victor Cms | 2022-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| Victor CMS v1.0 was discovered to contain multiple SQL injection vulnerabilities in the component admin/users.php?source=add_user. These vulnerabilities can be exploited through a crafted POST request via the user_name, user_firstname,user_lastname, or user_email parameters. | |||||
| CVE-2021-24919 | 1 Wickedplugins | 1 Wicked Folders | 2022-02-04 | 6.5 MEDIUM | 8.8 HIGH |
| The Wicked Folders WordPress plugin before 2.8.10 does not sanitise and escape the folder_id parameter before using it in a SQL statement in the wicked_folders_save_sort_order AJAX action, available to any authenticated user. leading to an SQL injection | |||||
| CVE-2021-43510 | 1 Simple Client Management System Project | 1 Simple Client Management System | 2022-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection vulnerability exists in Sourcecodester Simple Client Management System 1.0 via the username field in login.php. | |||||
| CVE-2021-43509 | 1 Simple Client Management System Project | 1 Simple Client Management System | 2022-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection vulnerability exists in Sourcecodester Simple Client Management System 1.0 via the id parameter in view-service.php. | |||||
| CVE-2021-24946 | 1 Webnus | 1 Modern Events Calendar Lite | 2022-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| The Modern Events Calendar Lite WordPress plugin before 6.1.5 does not sanitise and escape the time parameter before using it in a SQL statement in the mec_load_single_page AJAX action, available to unauthenticated users, leading to an unauthenticated SQL injection issue | |||||
| CVE-2021-24862 | 1 Metagauss | 1 Registrationmagic | 2022-02-04 | 6.5 MEDIUM | 7.2 HIGH |
| The RegistrationMagic WordPress plugin before 5.0.1.6 does not escape user input in its rm_chronos_ajax AJAX action before using it in a SQL statement when duplicating tasks in batches, which could lead to a SQL injection issue | |||||
| CVE-2021-46385 | 1 Mingsoft | 1 Mcms | 2022-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| https://gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: SQL Injection. The impact is: obtain sensitive information (remote). The component is: net.mingsoft.mdiy.action.FormDataAction#queryData. The attack vector is: 0 or sleep(3). ΒΆΒΆ MCMS has a sql injection vulnerability through which attacker can get sensitive information from the database. | |||||
| CVE-2021-44593 | 1 Simple College Website Project | 1 Simple College Website | 2022-02-03 | 6.8 MEDIUM | 8.1 HIGH |
| Simple College Website 1.0 is vulnerable to unauthenticated file upload & remote code execution via UNION-based SQL injection in the username parameter on /admin/login.php. | |||||
| CVE-2022-24266 | 1 Cuppacms | 1 Cuppacms | 2022-02-03 | 7.8 HIGH | 7.5 HIGH |
| Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability in /administrator/components/table_manager/ via the order_by parameter. | |||||
| CVE-2022-24265 | 1 Cuppacms | 1 Cuppacms | 2022-02-03 | 7.8 HIGH | 7.5 HIGH |
| Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability in /administrator/components/menu/ via the path=component/menu/&menu_filter=3 parameter. | |||||
| CVE-2022-24264 | 1 Cuppacms | 1 Cuppacms | 2022-02-03 | 7.8 HIGH | 7.5 HIGH |
| Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability in /administrator/components/table_manager/ via the search_word parameter. | |||||
| CVE-2021-46444 | 1 Hhg-multistore | 1 Multistore | 2022-02-02 | 7.5 HIGH | 9.8 CRITICAL |
| H.H.G Multistore v5.1.0 and below was discovered to contain a SQL injection vulnerability via /admin/admin.php?module=admin_group_edit&agID. | |||||
| CVE-2021-46445 | 1 Hhg-multistore | 1 Multistore | 2022-02-02 | 7.5 HIGH | 9.8 CRITICAL |
| H.H.G Multistore v5.1.0 and below was discovered to contain a SQL injection vulnerability via /admin/categories.php?box_group_id. | |||||