Total
11593 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-20131 | 1 Itechscripts | 1 News Portal Script | 2022-07-21 | N/A | 9.8 CRITICAL |
| A vulnerability was found in Itech News Portal 6.28. It has been classified as critical. Affected is an unknown function of the file /news-portal-script/information.php. The manipulation of the argument inf leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2017-20132 | 1 Itechscripts | 1 Multi Vendor Script | 2022-07-21 | N/A | 9.8 CRITICAL |
| A vulnerability was found in Itech Multi Vendor Script 6.49 and classified as critical. This issue affects some unknown processing of the file /multi-vendor-shopping-script/product-list.php. The manipulation of the argument pl leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2017-20134 | 1 Itechscripts | 1 Freelancer Script | 2022-07-21 | N/A | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, has been found in Itech Freelancer Script 5.13. Affected by this issue is some unknown functionality of the file /category.php. The manipulation of the argument sk leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2022-32246 | 1 Sap | 1 Business Objects Business Intelligence Platform | 2022-07-20 | 4.9 MEDIUM | 4.6 MEDIUM |
| SAP Busines Objects Business Intelligence Platform (Visual Difference Application) - versions 420, 430, allows an authenticated attacker who has access to BI admin console to send crafted queries and extract data from the SQL backend. On successful exploitation, the attacker can cause limited impact on confidentiality and integrity of the application | |||||
| CVE-2017-20128 | 1 Kb Messages Php Script Project | 1 Kb Messages Php Script | 2022-07-20 | N/A | 9.8 CRITICAL |
| A vulnerability has been found in KB Messages PHP Script 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation of the argument username/password with the input 'or''=' leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2022-30113 | 1 Fahou100 | 1 Electronic Mall System | 2022-07-20 | N/A | 9.8 CRITICAL |
| Electronic mall system 1.0_build20200203 is affected vulnerable to SQL Injection. | |||||
| CVE-2017-20126 | 1 Kb Affiliate Referral Script Project | 1 Kb Affiliate Referral Script | 2022-07-20 | N/A | 9.8 CRITICAL |
| A vulnerability was found in KB Affiliate Referral Script 1.0. It has been classified as critical. This affects an unknown part of the file /index.php. The manipulation of the argument username/password with the input 'or''=' leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2017-20127 | 1 Kb Login Authentication Script Project | 1 Kb Login Authentication Script | 2022-07-20 | N/A | 9.8 CRITICAL |
| A vulnerability was found in KB Login Authentication Script 1.1 and classified as critical. Affected by this issue is some unknown functionality. The manipulation of the argument username/password with the input 'or''=' leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2022-29601 | 1 Oliverklee | 1 Seminars | 2022-07-19 | 7.5 HIGH | 9.8 CRITICAL |
| The seminars (aka Seminar Manager) extension through 4.1.3 for TYPO3 allows SQL Injection. | |||||
| CVE-2022-29600 | 1 Oliverklee | 1 Oelib | 2022-07-19 | 7.5 HIGH | 9.8 CRITICAL |
| The oelib (aka One is Enough Library) extension through 4.1.5 for TYPO3 allows SQL Injection. | |||||
| CVE-2022-2263 | 1 Online Hotel Booking Project | 1 Online Hotel Booking | 2022-07-19 | 6.5 MEDIUM | 7.2 HIGH |
| A vulnerability was found in Online Hotel Booking System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file edit_room_cat.php of the component Room Handler. The manipulation of the argument roomname leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2022-2262 | 1 Online Hotel Booking Project | 1 Online Hotel Booking | 2022-07-19 | 6.5 MEDIUM | 7.2 HIGH |
| A vulnerability has been found in Online Hotel Booking System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file edit_all_room.php of the component Room Handler. The manipulation of the argument id with the input 2828%27%20AND%20(SELECT%203766%20FROM%20(SELECT(SLEEP(5)))BmIK)%20AND%20%27YLPl%27=%27YLPl leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2019-5117 | 1 Youphptube | 1 Youphptube | 2022-07-19 | 6.5 MEDIUM | 8.8 HIGH |
| Exploitable SQL injection vulnerabilities exists in the authenticated portion of YouPHPTube 7.6. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and in certain configuration, access the underlying operating system. | |||||
| CVE-2019-5116 | 1 Youphptube | 1 Youphptube | 2022-07-19 | 6.5 MEDIUM | 8.8 HIGH |
| An exploitable SQL injection vulnerability exists in the authenticated part of YouPHPTube 7.6. Specially crafted web requests can cause a SQL injection. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and in certain configuration, access the underlying operating system. | |||||
| CVE-2017-20138 | 1 Itechscripts | 1 Auction Script | 2022-07-19 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability was found in Itech Auction Script 6.49. It has been classified as critical. This affects an unknown part of the file /mcategory.php. The manipulation of the argument mcid with the input 4' AND 1734=1734 AND 'Ggks'='Ggks leads to sql injection (Blind). It is possible to initiate the attack remotely. | |||||
| CVE-2017-20137 | 1 Itechscripts | 1 B2b Script | 2022-07-19 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability was found in Itech B2B Script 4.28. It has been rated as critical. This issue affects some unknown processing of the file /catcompany.php. The manipulation of the argument token with the input 704667c6a1e7ce56d3d6fa748ab6d9af3fd7' AND 6539=6539 AND 'Fakj'='Fakj leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2017-20136 | 1 Itechscripts | 1 Classifieds Script | 2022-07-19 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability classified as critical has been found in Itech Classifieds Script 7.27. Affected is an unknown function of the file /subpage.php. The manipulation of the argument scat with the input =51' AND 4941=4941 AND 'hoCP'='hoCP leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2022-28623 | 3 Hp, Hpe, Redhat | 3 Hp-ux, Icewall Sso Certd, Enterprise Linux | 2022-07-18 | 7.5 HIGH | 9.8 CRITICAL |
| Security vulnerabilities in HPE IceWall SSO 10.0 certd could be exploited remotely to allow SQL injection or unauthorized data injection. HPE has provided the following updated modules to resolve these vulnerabilities. HPE IceWall SSO version 10.0 certd library Patch 9 for RHEL and HPE IceWall SSO version 10.0 certd library Patch 9 for HP-UX. | |||||
| CVE-2022-32416 | 1 Product Show Room Site Project | 1 Product Show Room Site | 2022-07-18 | 6.5 MEDIUM | 7.2 HIGH |
| Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/classes/Master.php?f=delete_product. | |||||
| CVE-2022-32415 | 1 Product Show Room Site Project | 1 Product Show Room Site | 2022-07-18 | 6.5 MEDIUM | 8.8 HIGH |
| Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/?p=products/view_product&id=. | |||||