Total
11593 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-37199 | 1 Jflyfox | 1 Jfinal Cms | 2022-08-25 | N/A | 9.8 CRITICAL |
| JFinal CMS 5.1.0 is vulnerable to SQL Injection via /jfinal_cms/system/user/list. | |||||
| CVE-2022-35148 | 1 Maccms | 1 Maccms | 2022-08-24 | N/A | 6.5 MEDIUM |
| maccms10 v2021.1000.1081 to v2022.1000.3031 was discovered to contain a SQL injection vulnerability via the table parameter at database/columns.html. | |||||
| CVE-2022-33148 | 1 Wwbn | 1 Avideo | 2022-08-24 | N/A | 8.8 HIGH |
| A sql injection vulnerability exists in the ObjectYPT functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability.This vulnerability exists in the Live Schedules plugin, allowing an attacker to inject SQL by manipulating the title parameter. | |||||
| CVE-2022-33147 | 1 Wwbn | 1 Avideo | 2022-08-24 | N/A | 8.8 HIGH |
| A sql injection vulnerability exists in the ObjectYPT functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability.This vulnerability exists in the aVideoEncoder functionality which can be used to add new videos, allowing an attacker to inject SQL by manipulating the videoDownloadedLink or duration parameter. | |||||
| CVE-2022-33149 | 1 Wwbn | 1 Avideo | 2022-08-24 | N/A | 8.8 HIGH |
| A sql injection vulnerability exists in the ObjectYPT functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability.This vulnerability exists in the CloneSite plugin, allowing an attacker to inject SQL by manipulating the url parameter. | |||||
| CVE-2022-34652 | 1 Wwbn | 1 Avideo | 2022-08-24 | N/A | 8.8 HIGH |
| A sql injection vulnerability exists in the ObjectYPT functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability.This vulnerability exists in the Live Schedules plugin, allowing an attacker to inject SQL by manipulating the description parameter. | |||||
| CVE-2022-2842 | 1 Gym Management System Project | 1 Gym Management System | 2022-08-24 | N/A | 9.8 CRITICAL |
| A vulnerability classified as critical has been found in SourceCodester Gym Management System. This affects an unknown part of the file login.php. The manipulation of the argument user_email leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-206451. | |||||
| CVE-2022-37112 | 1 Bluecms Project | 1 Bluecms | 2022-08-24 | N/A | 9.8 CRITICAL |
| BlueCMS 1.6 has SQL injection in line 55 of admin/model.php | |||||
| CVE-2022-37113 | 1 Bluecms Project | 1 Bluecms | 2022-08-24 | N/A | 9.8 CRITICAL |
| Bluecms 1.6 has SQL injection in line 132 of admin/area.php | |||||
| CVE-2022-37111 | 1 Bluecms Project | 1 Bluecms | 2022-08-24 | N/A | 9.8 CRITICAL |
| BlueCMS 1.6 has SQL injection in line 132 of admin/article.php | |||||
| CVE-2022-36030 | 1 Project-nexus Project | 1 Project-nexus | 2022-08-23 | N/A | 9.8 CRITICAL |
| Project-nexus is a general-purpose blog website framework. Affected versions are subject to SQL injection due to a lack of sensitization of user input. This issue has not yet been patched. Users are advised to restrict user input and to upgrade when a new release becomes available. | |||||
| CVE-2022-2593 | 1 Deliciousbrains | 1 Better Search Replace | 2022-08-23 | N/A | 7.2 HIGH |
| The Better Search Replace WordPress plugin before 1.4.1 does not properly sanitise and escape table data before inserting it into a SQL query, which could allow high privilege users to perform SQL Injection attacks | |||||
| CVE-2022-36606 | 1 Yimihome | 1 Ywoa | 2022-08-23 | N/A | 9.8 CRITICAL |
| Ywoa before v6.1 was discovered to contain a SQL injection vulnerability via /oa/setup/checkPool?database. | |||||
| CVE-2022-36605 | 1 Yimihome | 1 Ywoa | 2022-08-23 | N/A | 9.8 CRITICAL |
| Yimioa v6.1 was discovered to contain a SQL injection vulnerability via the orderbyGET parameter. | |||||
| CVE-2022-36578 | 1 Jizhicms | 1 Jizhicms | 2022-08-22 | N/A | 9.8 CRITICAL |
| jizhicms v2.3.1 has SQL injection in the background. | |||||
| CVE-2022-36729 | 1 Library Management System Project | 1 Library Management System | 2022-08-22 | N/A | 9.8 CRITICAL |
| Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the M_Id parameter at /librarian/del.php. | |||||
| CVE-2022-36728 | 1 Library Management System Project | 1 Library Management System | 2022-08-22 | 7.5 HIGH | 9.8 CRITICAL |
| Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the RollNo parameter at /staff/delstu.php. | |||||
| CVE-2022-36727 | 1 Library Management System Project | 1 Library Management System | 2022-08-22 | N/A | 9.8 CRITICAL |
| Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the bookId parameter at /staff/delete.php. | |||||
| CVE-2022-25228 | 1 Auieo | 1 Candidats | 2022-08-19 | N/A | 6.5 MEDIUM |
| CandidATS Version 3.0.0 Beta allows an authenticated user to inject SQL queries in '/index.php?m=settings&a=show' via the 'userID' parameter, in '/index.php?m=candidates&a=show' via the 'candidateID', in '/index.php?m=joborders&a=show' via the 'jobOrderID' and '/index.php?m=companies&a=show' via the 'companyID' parameter | |||||
| CVE-2022-35154 | 1 Shopro | 1 Mall System | 2022-08-19 | N/A | 9.8 CRITICAL |
| Shopro Mall System v1.3.8 was discovered to contain a SQL injection vulnerability via the value parameter. | |||||