Total
11593 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-15363 | 1 Nexos Project | 1 Nexos | 2022-07-17 | 5.0 MEDIUM | 9.8 CRITICAL |
| The Nexos theme through 1.7 for WordPress allows side-map/?search_order= SQL Injection. | |||||
| CVE-2019-5110 | 1 Formalms | 1 Formalms | 2022-07-17 | 6.5 MEDIUM | 8.8 HIGH |
| Exploitable SQL injection vulnerabilities exist in the authenticated portion of Forma LMS 2.2.1. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and, in certain configurations, access the underlying operating system. | |||||
| CVE-2019-5109 | 1 Formalms | 1 Formalms | 2022-07-17 | 6.5 MEDIUM | 8.8 HIGH |
| Exploitable SQL injection vulnerabilities exists in the authenticated portion of Forma LMS 2.2.1. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and, in certain configurations, access the underlying operating system. | |||||
| CVE-2019-5121 | 1 Youphptube | 1 Youphptube | 2022-07-17 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerabilities exists in the authenticated part of YouPHPTube 7.6. Specially crafted web requests can cause SQL injections. An attacker can send a web request with Parameter uuid in /objects/pluginSwitch.json.php | |||||
| CVE-2019-5120 | 1 Youphptube | 1 Youphptube | 2022-07-17 | 6.5 MEDIUM | 8.8 HIGH |
| An exploitable SQL injection vulnerability exists in the authenticated part of YouPHPTube 7.6. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and in certain configurations, access the underlying operating system. | |||||
| CVE-2019-5119 | 1 Youphptube | 1 Youphptube | 2022-07-17 | 6.5 MEDIUM | 8.8 HIGH |
| An exploitable SQL injection vulnerability exist in the authenticated part of YouPHPTube 7.6. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and in certain configurations, access the underlying operating system. | |||||
| CVE-2019-5111 | 1 Formalms | 1 Formalms | 2022-07-17 | 6.5 MEDIUM | 8.8 HIGH |
| Exploitable SQL injection vulnerability exists in the authenticated portion of Forma LMS 2.2.1. The /appLms/ajax.server.php URL and parameter filter_cat was confirmed to suffer from SQL injections and could be exploited by authenticated attackers. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and, in certain configurations, access the underlying operating system. | |||||
| CVE-2019-5112 | 1 Formalms | 1 Formalms | 2022-07-17 | 6.5 MEDIUM | 8.8 HIGH |
| Exploitable SQL injection vulnerability exists in the authenticated portion of Forma LMS 2.2.1. The /appLms/ajax.server.php URL and parameter filter_status was confirmed to suffer from SQL injections and could be exploited by authenticated attackers. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and, in certain configurations, access the underlying operating system. | |||||
| CVE-2022-22463 | 1 Ibm | 1 Security Verify Access | 2022-07-16 | 6.4 MEDIUM | 6.5 MEDIUM |
| IBM Security Access Manager Appliance 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 225079. | |||||
| CVE-2022-1057 | 1 Varktech | 1 Pricing Deals For Woocommerce | 2022-07-15 | 7.5 HIGH | 9.8 CRITICAL |
| The Pricing Deals for WooCommerce WordPress plugin through 2.0.2.02 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to an unauthenticated SQL injection | |||||
| CVE-2021-35283 | 1 Atoms183 Cms Project | 1 Atoms183 Cms | 2022-07-15 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection vulnerability in product_admin.php in atoms183 CMS 1.0, allows attackers to execute arbitrary commands via the Name, Fname, and ID parameters to search.php. | |||||
| CVE-2022-31058 | 1 Enalean | 1 Tuleap | 2022-07-15 | 6.5 MEDIUM | 7.2 HIGH |
| Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In versions prior to 13.9.99.95 Tuleap does not sanitize properly user inputs when constructing the SQL query to retrieve data for the tracker reports. An attacker with the capability to create a new tracker can execute arbitrary SQL queries. Users are advised to upgrade. There is no known workaround for this issue. | |||||
| CVE-2022-32055 | 1 Nesote | 1 Inout Homestay | 2022-07-15 | 5.0 MEDIUM | 7.5 HIGH |
| Inout Homestay v2.2 was discovered to contain a SQL injection vulnerability via the guests parameter at /index.php?page=search/rentals. | |||||
| CVE-2022-32056 | 1 Online Accreditation Management System Project | 1 Online Accreditation Management System | 2022-07-15 | 7.5 HIGH | 9.8 CRITICAL |
| Online Accreditation Management v1.0 was discovered to contain a SQL injection vulnerability via the USERNAME parameter at process.php. | |||||
| CVE-2022-30619 | 1 Agilepoint | 1 Agilepoint Nx | 2022-07-14 | 6.5 MEDIUM | 8.8 HIGH |
| Editable SQL Queries behind Base64 encoding sending from the Client-Side to The Server-Side for a particular API used in legacy Work Center module. He attack is available for any authenticated user, in any kind of rule. under the function : /AgilePointServer/Extension/FetchUsingEncodedData in the parameter: EncodedData | |||||
| CVE-2022-26348 | 1 Gallagher | 1 Command Centre | 2022-07-14 | 2.1 LOW | 5.5 MEDIUM |
| Command Centre Server is vulnerable to SQL Injection via Windows Registry settings for date fields on the server. The Windows Registry setting allows an attacker using the Visitor Management Kiosk, an application designed for public use, to invoke an arbitrary SQL query that has been preloaded into the registry of the Windows Server to obtain sensitive information. This issue affects: Gallagher Command Centre 8.60 versions prior to 8.60.1652; 8.50 versions prior to 8.50.2245; 8.40 versions prior to 8.40.2216; 8.30 versions prior to 8.30.1470; version 8.20 and prior versions. | |||||
| CVE-2022-34877 | 1 Vicidial | 1 Vicidial | 2022-07-13 | 9.0 HIGH | 8.8 HIGH |
| SQL Injection vulnerability in AST Agent Time Sheet interface ((/vicidial/AST_agent_time_sheet.php) of VICIdial via the agent parameter allows attacker to spoof identity, tamper with existing data, allow the complete disclosure of all data on the system, destroy the data or make it otherwise unavailable, and become administrators of the database server. This issue affects: VICIdial 2.14b0.5 versions prior to 3555. | |||||
| CVE-2022-34878 | 1 Vicidial | 1 Vicidial | 2022-07-13 | 9.0 HIGH | 8.8 HIGH |
| SQL Injection vulnerability in User Stats interface (/vicidial/user_stats.php) of VICIdial via the file_download parameter allows attacker to spoof identity, tamper with existing data, allow the complete disclosure of all data on the system, destroy the data or make it otherwise unavailable, and become administrators of the database server. | |||||
| CVE-2022-34876 | 1 Vicidial | 1 Vicidial | 2022-07-13 | 8.5 HIGH | 8.8 HIGH |
| SQL Injection vulnerability in admin interface (/vicidial/admin.php) of VICIdial via modify_email_accounts, access_recordings, and agentcall_email parameters allows attacker to spoof identity, tamper with existing data, allow the complete disclosure of all data on the system, destroy the data or make it otherwise unavailable, and become administrators of the database server. This issue affects: VICIdial 2.14b0.5 versions prior to 3555. | |||||
| CVE-2022-34972 | 1 So Filter Shop By Project | 1 So Filter Shop By | 2022-07-13 | 7.5 HIGH | 9.8 CRITICAL |
| So Filter Shop v3.x was discovered to contain multiple blind SQL injection vulnerabilities via the att_value_id , manu_value_id , opt_value_id , and subcate_value_id parameters at /index.php?route=extension/module/so_filter_shop_by/filter_data. | |||||