Total
14188 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-45334 | 1 Online Thesis Archiving System Project | 1 Online Thesis Archiving System | 2022-01-28 | 7.5 HIGH | 9.8 CRITICAL |
| Sourcecodester Online Thesis Archiving System 1.0 is vulnerable to SQL Injection. An attacker can bypass admin authentication and gain access to admin panel using SQL Injection | |||||
| CVE-2021-46089 | 1 Jeecg | 1 Jeecg Boot | 2022-01-28 | 10.0 HIGH | 9.8 CRITICAL |
| In JeecgBoot 3.0, there is a SQL injection vulnerability that can operate the database with root privileges. | |||||
| CVE-2021-46451 | 1 Online Project Time Management System Project | 1 Online Project Time Management System | 2022-01-28 | 7.5 HIGH | 9.8 CRITICAL |
| An SQL Injection vulnerabilty exists in Sourcecodester Online Project Time Management System 1.0 via the pid parameter in the load_file function. | |||||
| CVE-2021-45802 | 1 Iresturant Project | 1 Iresturant | 2022-01-28 | 7.5 HIGH | 9.8 CRITICAL |
| MartDevelopers iResturant 1.0 is vulnerable to SQL Injection. SQL Injection occurs because the email and phone parameter values are added to the SQL query without any verification at the time of membership registration. | |||||
| CVE-2021-45803 | 1 Iresturant Project | 1 Iresturant | 2022-01-28 | 6.5 MEDIUM | 8.8 HIGH |
| MartDevelopers iResturant 1.0 is vulnerable to SQL Injection. SQL Injection occurs because this view parameter value is added to the SQL query without additional verification when viewing reservation. | |||||
| CVE-2021-40908 | 1 Purchase Order Management System Project | 1 Purchase Order Management System | 2022-01-28 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in Login.php in Sourcecodester Purchase Order Management System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username parameter. | |||||
| CVE-2021-40907 | 1 Storage Unit Rental Management System Project | 1 Storage Unit Rental Management System | 2022-01-28 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in Sourcecodester Storage Unit Rental Management System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username parameter to /storage/classes/Login.php. | |||||
| CVE-2021-25045 | 1 Asgaros | 1 Asgaros Forum | 2022-01-28 | 6.5 MEDIUM | 7.2 HIGH |
| The Asgaros Forum WordPress plugin before 1.15.15 does not validate or escape the forum_id parameter before using it in a SQL statement when editing a forum, leading to an SQL injection issue | |||||
| CVE-2021-43420 | 1 Online Payment Hub Project | 1 Online Payment Hub | 2022-01-28 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in Login.php in Sourcecodester Online Payment Hub v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username parameter. | |||||
| CVE-2021-41472 | 1 Simple Membership System Using Php And Ajax Project | 1 Simple Membership System Using Php And Ajax | 2022-01-28 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in Sourcecodester Simple Membership System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username and password parameters. | |||||
| CVE-2021-41471 | 1 South Gate Inn Online Reservation System Project | 1 South Gate Inn Online Reservation System | 2022-01-28 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in Sourcecodester South Gate Inn Online Reservation System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the email and Password parameters. | |||||
| CVE-2021-40909 | 1 Php Crud Without Refresh\/reload Using Ajax And Datatables Tutorial Project | 1 Php Crud Without Refresh\/reload Using Ajax And Datatables Tutorial | 2022-01-28 | 6.8 MEDIUM | 9.6 CRITICAL |
| Cross site scripting (XSS) vulnerability in sourcecodester PHP CRUD without Refresh/Reload using Ajax and DataTables Tutorial v1 by oretnom23, allows remote attackers to execute arbitrary code via the first_name, last_name, and email parameters to /ajax_crud. | |||||
| CVE-2021-46308 | 1 Online Railway Reservation System Project | 1 Online Railway Reservation System | 2022-01-27 | 10.0 HIGH | 9.8 CRITICAL |
| An SQL Injection vulnerability exists in Sourcecodester Online Railway Reservation Sysytem 1.0 via the sid parameter. | |||||
| CVE-2021-46307 | 1 Projectworlds | 1 Online Examination System | 2022-01-27 | 10.0 HIGH | 9.8 CRITICAL |
| An SQL Injection vulnerability exists in Projectworlds Online Examination System 1.0 via the eid parameter in account.php. | |||||
| CVE-2021-46201 | 1 Online Resort Management System Project | 1 Online Resort Management System | 2022-01-27 | 10.0 HIGH | 9.8 CRITICAL |
| An SQL Injection vulnerability exists in Sourcecodester Online Resort Management System 1.0 via the id parameterv in /orms/ node. | |||||
| CVE-2021-46198 | 1 Courier Management System Project | 1 Courier Management System | 2022-01-27 | 10.0 HIGH | 9.8 CRITICAL |
| An SQL Injection vulnerability exists in Sourceodester Courier Management System 1.0 via the email parameter in /cms/ajax.php app. | |||||
| CVE-2021-24865 | 1 Acf-extended | 1 Advanced Custom Fields\ | 2022-01-27 | 6.5 MEDIUM | 7.2 HIGH |
| The Advanced Custom Fields: Extended WordPress plugin before 0.8.8.7 does not validate the order and orderby parameters before using them in a SQL statement, leading to a SQL Injection issue | |||||
| CVE-2021-24858 | 1 Accesspressthemes | 1 Wp Cookie User Info | 2022-01-27 | 6.5 MEDIUM | 7.2 HIGH |
| The Cookie Notification Plugin for WordPress plugin before 1.0.9 does not sanitise or escape the id GET parameter before using it in a SQL statement, when retrieving the setting to edit in the admin dashboard, leading to an authenticated SQL Injection | |||||
| CVE-2022-23857 | 1 Navidrome | 1 Navidrome | 2022-01-27 | 4.0 MEDIUM | 6.5 MEDIUM |
| model/criteria/criteria.go in Navidrome before 0.47.5 is vulnerable to SQL injection attacks when processing crafted Smart Playlists. An authenticated user could abuse this to extract arbitrary data from the database, including the user table (which contains sensitive information such as the users' encrypted passwords). | |||||
| CVE-2021-46024 | 1 Projectworlds | 1 Online-shopping-webvsite-in-php | 2022-01-27 | 7.5 HIGH | 9.8 CRITICAL |
| Projectworlds online-shopping-webvsite-in-php 1.0 suffers from a SQL Injection vulnerability via the "id" parameter in cart_add.php, No login is required. | |||||