Total
11593 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-46999 | 1 Tuzicms | 1 Tuzicms | 2023-02-01 | N/A | 9.8 CRITICAL |
| Tuzicms v2.0.6 was discovered to contain a SQL injection vulnerability via the component \App\Manage\Controller\UserController.class.php. | |||||
| CVE-2023-23331 | 1 Amano | 1 Xoffice | 2023-02-01 | N/A | 9.8 CRITICAL |
| Amano Xoffice parking solutions 7.1.3879 is vulnerable to SQL Injection. | |||||
| CVE-2019-20361 | 1 Icegram | 1 Email Subscribers \& Newsletters | 2023-01-31 | 7.5 HIGH | 9.8 CRITICAL |
| There was a flaw in the WordPress plugin, Email Subscribers & Newsletters before 4.3.1, that allowed SQL statements to be passed to the database in the hash parameter (a blind SQL injection vulnerability). | |||||
| CVE-2014-5109 | 1 Netfortris | 1 Trixbox | 2023-01-31 | 7.5 HIGH | N/A |
| SQL injection vulnerability in maint/modules/endpointcfg/endpoint_generic.php in Fonality trixbox allows remote attackers to execute arbitrary SQL commands via the mac parameter in a Submit action. | |||||
| CVE-2010-0702 | 1 Netfortris | 1 Trixbox | 2023-01-31 | 7.5 HIGH | N/A |
| SQL injection vulnerability in cisco/services/PhonecDirectory.php in Fonality Trixbox 2.2.4 allows remote attackers to execute arbitrary SQL commands via the ID parameter. | |||||
| CVE-2022-1691 | 1 Realtyworkstation | 1 Realty Workstation | 2023-01-31 | 4.0 MEDIUM | 4.9 MEDIUM |
| The Realty Workstation WordPress plugin before 1.0.15 does not sanitise and escape the trans_edit parameter before using it in a SQL statement when an agent edit a transaction, leading to an SQL injection | |||||
| CVE-2021-37589 | 1 Virtuasoftware | 1 Cobranca | 2023-01-31 | 5.0 MEDIUM | 7.5 HIGH |
| Virtua Cobranca before 12R allows SQL Injection on the login page. | |||||
| CVE-2018-16384 | 1 Owasp | 1 Owasp Modsecurity Core Rule Set | 2023-01-30 | 5.0 MEDIUM | 7.5 HIGH |
| A SQL injection bypass (aka PL1 bypass) exists in OWASP ModSecurity Core Rule Set (owasp-modsecurity-crs) through v3.1.0-rc3 via {`a`b} where a is a special function name (such as "if") and b is the SQL statement to be executed. | |||||
| CVE-2019-19650 | 1 Zohocorp | 1 Manageengine Applications Manager | 2023-01-30 | 6.5 MEDIUM | 8.8 HIGH |
| Zoho ManageEngine Applications Manager before 13640 allows a remote authenticated SQL injection via the Agent servlet agentid parameter to the Agent.java process function. | |||||
| CVE-2019-11821 | 1 Synology | 1 Photo Station | 2023-01-30 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in synophoto_csPhotoDB.php in Synology Photo Station before 6.8.11-3489 and before 6.3-2977 allows remote attackers to execute arbitrary SQL command via the type parameter. | |||||
| CVE-2019-13413 | 1 Boiteasite | 1 Rencontre | 2023-01-30 | 7.5 HIGH | 9.8 CRITICAL |
| The Rencontre plugin before 3.1.3 for WordPress allows SQL Injection via inc/rencontre_widget.php. | |||||
| CVE-2022-46071 | 1 Helmet Store Showroom Site Project | 1 Helmet Store Showroom Site | 2023-01-30 | N/A | 9.8 CRITICAL |
| There is SQL Injection vulnerability at Helmet Store Showroom v1.0 Login Page. This vulnerability can be exploited to bypass admin access. | |||||
| CVE-2022-46072 | 1 Helmet Store Showroom Project | 1 Helmet Store Showroom | 2023-01-30 | N/A | 9.8 CRITICAL |
| Helmet Store Showroom v1.0 vulnerable to unauthenticated SQL Injection. | |||||
| CVE-2018-20469 | 1 Sahipro | 1 Sahi Pro | 2023-01-30 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. A parameter in the web reports module is vulnerable to h2 SQL injection. This can be exploited to inject SQL queries and run standard h2 system functions. | |||||
| CVE-2022-38492 | 1 Easyvista | 1 Service Manager | 2023-01-30 | N/A | 8.8 HIGH |
| An issue was discovered in EasyVista 2020.2.125.3 and 2022.1.109.0.03. One parameter allows SQL injection. Version 2022.1.110.1.02 fixes the vulnerability. | |||||
| CVE-2022-38490 | 1 Easyvista | 1 Service Manager | 2023-01-30 | N/A | 8.8 HIGH |
| An issue was discovered in EasyVista 2020.2.125.3 and 2022.1.109.0.03. Some parameters allow SQL injection. Version 2022.1.110.1.02 corrects this issue. | |||||
| CVE-2019-19740 | 1 Octeth | 1 Oempro | 2023-01-28 | 7.5 HIGH | 9.8 CRITICAL |
| Octeth Oempro 4.7 and 4.8 allow SQL injection. The parameter CampaignID in Campaign.Get is vulnerable. | |||||
| CVE-2020-13640 | 1 Gvectors | 1 Wpdiscuz | 2023-01-28 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL injection issue in the gVectors wpDiscuz plugin 5.3.5 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the order parameter of a wpdLoadMoreComments request. (No 7.x versions are affected.) | |||||
| CVE-2021-26644 | 2 Mangboard, Microsoft | 2 Mangboard Wp, Windows | 2023-01-27 | N/A | 9.8 CRITICAL |
| SQL-Injection vulnerability caused by the lack of verification of input values for the table name of DB used by the Mangboard bulletin board. A remote attacker can use this vulnerability to execute arbitrary code on the server where the bulletin board is running. | |||||
| CVE-2022-48152 | 1 Remoteclinic | 1 Remote Clinic | 2023-01-27 | N/A | 9.8 CRITICAL |
| SQL Injection vulnerability in RemoteClinic 2.0 allows attackers to execute arbitrary commands and gain sensitive information via the id parameter to /medicines/profile.php. | |||||