Total
14188 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-46446 | 1 Hhg-multistore | 1 Multistore | 2022-02-02 | 7.5 HIGH | 9.8 CRITICAL |
| H.H.G Multistore v5.1.0 and below was discovered to contain a SQL injection vulnerability via /admin/admin.php?module=admin_access_group_edit&aagID. | |||||
| CVE-2021-46448 | 1 Hhg-multistore | 1 Multistore | 2022-02-02 | 7.5 HIGH | 9.8 CRITICAL |
| H.H.G Multistore v5.1.0 and below was discovered to contain a SQL injection vulnerability via /admin/customers.php?page=1&cID. | |||||
| CVE-2021-41609 | 1 Classapps | 1 Selectsurvey.net | 2022-02-02 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection in the ID parameter of the UploadedImageDisplay.aspx endpoint of SelectSurvey.NET before 5.052.000 allows a remote, unauthenticated attacker to retrieve data from the application's backend database via boolean-based blind and UNION injection. | |||||
| CVE-2021-46383 | 1 Mingsoft | 1 Mcms | 2022-02-02 | 5.0 MEDIUM | 7.5 HIGH |
| https://gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: SQL Injection. The impact is: obtain sensitive information (remote). The component is: net.mingsoft.mdiy.action.web.DictAction#list. The attack vector is: 0 or sleep(3). ΒΆΒΆ MCMS has a sql injection vulnerability through which attacker can get sensitive information from the database. | |||||
| CVE-2022-24222 | 1 Elitecms | 1 Elite Cms | 2022-02-02 | 7.5 HIGH | 9.8 CRITICAL |
| eliteCMS v1.0 was discovered to contain a SQL injection vulnerability via /admin/edit_user.php. | |||||
| CVE-2022-24219 | 1 Elitecms | 1 Elite Cms | 2022-02-02 | 7.5 HIGH | 9.8 CRITICAL |
| eliteCMS v1.0 was discovered to contain a SQL injection vulnerability via /admin/edit_page.php. | |||||
| CVE-2022-24220 | 1 Elitecms | 1 Elite Cms | 2022-02-02 | 7.5 HIGH | 9.8 CRITICAL |
| eliteCMS v1.0 was discovered to contain a SQL injection vulnerability via /admin/edit_post.php. | |||||
| CVE-2022-24221 | 1 Elitecms | 1 Elite Cms | 2022-02-02 | 7.5 HIGH | 9.8 CRITICAL |
| eliteCMS v1.0 was discovered to contain a SQL injection vulnerability via /admin/functions/functions.php. | |||||
| CVE-2022-22294 | 1 Zfaka Project | 1 Zfaka | 2022-02-02 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL injection vulnerability exists in ZFAKA<=1.43 which an attacker can use to complete SQL injection in the foreground and add a background administrator account. | |||||
| CVE-2021-44249 | 1 Online Motorcycle \(bike\) Rental System Project | 1 Online Motorcycle \(bike\) Rental System | 2022-02-02 | 7.5 HIGH | 9.8 CRITICAL |
| Online Motorcycle (Bike) Rental System 1.0 is vulnerable to a Blind Time-Based SQL Injection attack within the login portal. This can lead attackers to remotely dump MySQL database credentials. | |||||
| CVE-2021-46377 | 1 Cskaza | 1 Cszcms | 2022-02-02 | 7.5 HIGH | 9.8 CRITICAL |
| There is a front-end sql injection vulnerability in cszcms 1.2.9 via cszcms/controllers/Member.php#viewUser | |||||
| CVE-2021-46427 | 1 Simple Chatbot Application Project | 1 Simple Chatbot Application | 2022-02-02 | 7.5 HIGH | 9.8 CRITICAL |
| An SQL Injection vulnerability exists in Sourcecodester Simple Chatbot Application 1.0 via the message parameter in Master.php. | |||||
| CVE-2022-0362 | 1 Showdoc | 1 Showdoc | 2022-02-02 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection in Packagist showdoc/showdoc prior to 2.10.3. | |||||
| CVE-2022-0332 | 1 Moodle | 1 Moodle | 2022-02-01 | 7.5 HIGH | 9.8 CRITICAL |
| A flaw was found in Moodle in versions 3.11 to 3.11.4. An SQL injection risk was identified in the h5p activity web service responsible for fetching user attempt data. | |||||
| CVE-2020-7500 | 1 Schneider-electric | 12 Mtn6260-0310, Mtn6260-0310 Firmware, Mtn6260-0315 and 9 more | 2022-01-31 | 7.5 HIGH | 9.8 CRITICAL |
| A CWE-89:Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability exists in U.motion Servers and Touch Panels (affected versions listed in the security notification) which could cause arbitrary code to be executed when a malicious command is entered. | |||||
| CVE-2021-43863 | 1 Nextcloud | 1 Nextcloud | 2022-01-31 | 5.0 MEDIUM | 7.5 HIGH |
| The Nextcloud Android app is the Android client for Nextcloud, a self-hosted productivity platform. The Nextcloud Android app uses content providers to manage its data. Prior to version 3.18.1, the providers `FileContentProvider` and `DiskLruImageCacheFileProvider` have security issues (an SQL injection, and an insufficient permission control, respectively) that allow malicious apps in the same device to access Nextcloud's data bypassing the permission control system. Users should upgrade to version 3.18.1 to receive a patch. There are no known workarounds aside from upgrading. | |||||
| CVE-2021-41659 | 1 Banking System Project | 1 Banking System | 2022-01-31 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in Sourcecodester Banking System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username or password field. | |||||
| CVE-2021-41660 | 1 Patient Appointment Scheduler System Project | 1 Patient Appointment Scheduler System | 2022-01-31 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in Sourcecodester Patient Appointment Scheduler System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username and password fields to login.php. | |||||
| CVE-2021-41928 | 1 Try My Recipe Project | 1 Try My Recipe | 2022-01-31 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection in Sourcecodester Try My Recipe (Recipe Sharing Website - CMS) 1.0 by oretnom23, allows attackers to execute arbitrary code via the rid parameter to the view_recipe page. | |||||
| CVE-2021-46061 | 1 Computer And Mobile Repair Shop Management System Project | 1 Computer And Mobile Repair Shop Management System | 2022-01-28 | 10.0 HIGH | 9.8 CRITICAL |
| An SQL Injection vulnerability exists in Sourcecodester Computer and Mobile Repair Shop Management system (RSMS) 1.0 via the code parameter in /rsms/ node app. | |||||