Total
11593 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-32311 | 1 Ingredient Stock Management System Project | 1 Ingredient Stock Management System | 2022-07-13 | 7.5 HIGH | 9.8 CRITICAL |
| Ingredient Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /isms/admin/stocks/view_stock.php. | |||||
| CVE-2022-31856 | 1 Newsletter Module Project | 1 Newsletter Module | 2022-07-13 | 7.5 HIGH | 9.8 CRITICAL |
| Newsletter Module v3.x was discovered to contain a SQL injection vulnerability via the zemez_newsletter_email parameter at /index.php. | |||||
| CVE-2021-44915 | 1 Taogogo | 1 Taocms | 2022-07-13 | 6.5 MEDIUM | 7.2 HIGH |
| Taocms 3.0.2 was discovered to contain a blind SQL injection vulnerability via the function Edit category. | |||||
| CVE-2021-38176 | 1 Sap | 4 Landscape Transformation, Landscape Transformation Replication Server, S\/4hana and 1 more | 2022-07-12 | 9.0 HIGH | 8.8 HIGH |
| Due to improper input sanitization, an authenticated user with certain specific privileges can remotely call NZDT function modules listed in Solution Section to execute manipulated query or inject ABAP code to gain access to Backend Database. On successful exploitation the threat actor could completely compromise confidentiality, integrity, and availability of the system. | |||||
| CVE-2021-26685 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2022-07-12 | 5.5 MEDIUM | 6.5 MEDIUM |
| A remote authenticated SQL Injection vulnerabilitiy was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the web-based management interface API of ClearPass could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass instance. An attacker could exploit this vulnerability to obtain and modify sensitive information in the underlying database. | |||||
| CVE-2021-32428 | 1 Viaviweb | 1 Ebook | 2022-07-12 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection vulnerability in viaviwebtech Android EBook App (Books App, PDF, ePub, Online Book Reading, Download Books) 10 via the author_id parameter to api.php. | |||||
| CVE-2022-33128 | 1 Ruijienetworks | 2 Rg-eg350, Rg-eg350 Firmware | 2022-07-11 | 6.4 MEDIUM | 9.1 CRITICAL |
| RG-EG series gateway EG350 EG_RGOS 11.1(6) was discovered to contain a SQL injection vulnerability via the function get_alarmAction at /alarm_pi/alarmService.php. | |||||
| CVE-2022-32094 | 1 Hospital Management System Project | 1 Hospital Management System | 2022-07-09 | 7.5 HIGH | 9.8 CRITICAL |
| Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the loginid parameter at doctorlogin.php. | |||||
| CVE-2022-32095 | 1 Hospital Management System Project | 1 Hospital Management System | 2022-07-09 | 7.5 HIGH | 9.8 CRITICAL |
| Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter at orders.php. | |||||
| CVE-2022-31092 | 1 Pimcore | 1 Pimcore | 2022-07-08 | 6.8 MEDIUM | 8.1 HIGH |
| Pimcore is an Open Source Data & Experience Management Platform. Pimcore offers developers listing classes to make querying data easier. This listing classes also allow to order or group the results based on one or more columns which should be quoted by default. The actual issue is that quoting is not done properly in both cases, so there's the theoretical possibility to inject custom SQL if the developer is using this methods with input data and not doing proper input validation in advance and so relies on the auto-quoting being done by the listing classes. This issue has been resolved in version 10.4.4. Users are advised to upgrade or to apple the patch manually. There are no known workarounds for this issue. | |||||
| CVE-2017-20125 | 1 Bestsoftinc | 1 Online Hotel Booking System | 2022-07-08 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability classified as critical was found in Online Hotel Booking System Pro 1.2. Affected by this vulnerability is an unknown functionality of the file /roomtype-details.php. The manipulation of the argument tid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2022-32093 | 1 Hospital Management System Project | 1 Hospital Management System | 2022-07-08 | 7.5 HIGH | 9.8 CRITICAL |
| Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the loginid parameter at adminlogin.php. | |||||
| CVE-2017-20124 | 1 Bestsoftinc | 1 Online Hotel Booking System | 2022-07-08 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability classified as critical has been found in Online Hotel Booking System Pro Plugin 1.0. Affected is an unknown function of the file /front/roomtype-details.php. The manipulation of the argument tid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2022-33042 | 1 Online Railway Reservation System Project | 1 Online Railway Reservation System | 2022-07-07 | 6.5 MEDIUM | 7.2 HIGH |
| Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/inquiries/view_details.php. | |||||
| CVE-2022-33061 | 1 Online Railway Reservation System Project | 1 Online Railway Reservation System | 2022-07-07 | 6.5 MEDIUM | 7.2 HIGH |
| Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_service. | |||||
| CVE-2022-33060 | 1 Online Railway Reservation System Project | 1 Online Railway Reservation System | 2022-07-07 | 6.5 MEDIUM | 7.2 HIGH |
| Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_schedule. | |||||
| CVE-2022-33059 | 1 Online Railway Reservation System Project | 1 Online Railway Reservation System | 2022-07-07 | 6.5 MEDIUM | 7.2 HIGH |
| Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_train. | |||||
| CVE-2022-33058 | 1 Online Railway Reservation System Project | 1 Online Railway Reservation System | 2022-07-07 | 6.5 MEDIUM | 7.2 HIGH |
| Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_message. | |||||
| CVE-2022-33057 | 1 Online Railway Reservation System Project | 1 Online Railway Reservation System | 2022-07-07 | 6.5 MEDIUM | 7.2 HIGH |
| Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_reservation. | |||||
| CVE-2017-20103 | 1 Wp-kama | 1 Kama Click Counter | 2022-07-07 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability classified as critical has been found in Kama Click Counter Plugin up to 3.4.8. This affects an unknown part of the file wp-admin/admin.php. The manipulation of the argument order_by/order with the input ASC%2c(select*from(select(sleep(2)))a) leads to sql injection (Blind). It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.4.9 is able to address this issue. It is recommended to upgrade the affected component. | |||||