Total
11593 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-26669 | 1 Asus | 1 Control Center | 2022-06-27 | 4.0 MEDIUM | 6.5 MEDIUM |
| ASUS Control Center is vulnerable to SQL injection. An authenticated remote attacker with general user privilege can inject SQL command to specific API parameters to acquire database schema or access data. | |||||
| CVE-2021-41487 | 1 Nokia | 1 Vitalsuite | 2022-06-27 | 7.5 HIGH | 9.8 CRITICAL |
| NOKIA VitalSuite SPM 2020 is affected by SQL injection through UserName'. | |||||
| CVE-2020-35597 | 1 Victor Cms Project | 1 Victor Cms | 2022-06-27 | 6.5 MEDIUM | 8.8 HIGH |
| Victor CMS 1.0 is vulnerable to SQL injection via c_id parameter of admin_edit_comment.php, p_id parameter of admin_edit_post.php, u_id parameter of admin_edit_user.php, and edit parameter of admin_update_categories.php. | |||||
| CVE-2019-5070 | 1 Epignosishq | 1 Efront Lms | 2022-06-27 | 6.4 MEDIUM | 6.5 MEDIUM |
| An exploitable SQL injection vulnerability exists in the unauthenticated portion of eFront LMS, versions v5.2.12 and earlier. Specially crafted web request to login page can cause SQL injections, resulting in data compromise. An attacker can use a browser to trigger these vulnerabilities, and no special tools are required. | |||||
| CVE-2019-5122 | 1 Youphptube | 1 Youphptube | 2022-06-27 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerabilities exists in the authenticated part of YouPHPTube 7.6. Specially crafted web requests can cause SQL injections. An attacker can send a web request with Parameter name in /objects/pluginSwitch.json.php. | |||||
| CVE-2019-5123 | 1 Youphptube | 1 Youphptube | 2022-06-27 | 6.5 MEDIUM | 8.8 HIGH |
| Specially crafted web requests can cause SQL injections in YouPHPTube 7.6. An attacker can send a web request with Parameter dir in /objects/pluginSwitch.json.php. | |||||
| CVE-2019-5150 | 1 Youphptube | 1 Youphptube | 2022-06-27 | 6.8 MEDIUM | 8.1 HIGH |
| An exploitable SQL injection vulnerability exist in YouPHPTube 7.7. When the "VideoTags" plugin is enabled, a specially crafted unauthenticated HTTP request can cause a SQL injection, possibly leading to denial of service, exfiltration of the database and local file inclusion, which could potentially further lead to code execution. An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2019-5151 | 1 Youphptube | 1 Youphptube | 2022-06-27 | 7.5 HIGH | 9.8 CRITICAL |
| An exploitable SQL injection vulnerability exist in YouPHPTube 7.7. A specially crafted unauthenticated HTTP request can cause a SQL injection, possibly leading to denial of service, exfiltration of the database and local file inclusion, which could potentially further lead to code execution. An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2021-41662 | 1 South Gate Inn Online Reservation System Project | 1 South Gate Inn Online Reservation System | 2022-06-27 | 7.5 HIGH | 9.8 CRITICAL |
| The South Gate Inn Online Reservation System v1.0 contains an SQL injection vulnerability that can be chained with a malicious PHP file upload, which is caused by improper file handling in the editImg function. This vulnerability leads to remote code execution. | |||||
| CVE-2021-41661 | 1 Church Management System Project | 1 Church Management System | 2022-06-27 | 7.5 HIGH | 9.8 CRITICAL |
| Church Management System version 1.0 is affected by a SQL anjection vulnerability through creating a user with a PHP file as an avatar image, which is accessible through the /uploads directory. This can lead to RCE on the web server by uploading a PHP webshell. | |||||
| CVE-2022-23169 | 1 Amodat | 1 Mobile Application Gateway | 2022-06-27 | 6.5 MEDIUM | 7.2 HIGH |
| attacker needs to craft a SQL payload. the vulnerable parameter is "agentid" must be authenticated to the admin panel. | |||||
| CVE-2021-41654 | 1 Wuzhicms | 1 Wuzhicms | 2022-06-27 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerabilities exist in Wuzhicms v4.1.0 which allows attackers to execute arbitrary SQL commands via the $keyValue parameter in /coreframe/app/pay/admin/index.php | |||||
| CVE-2022-31908 | 1 Student Registration And Fee Payment System Project | 1 Student Registration And Fee Payment System | 2022-06-27 | 6.5 MEDIUM | 7.2 HIGH |
| Student Registration and Fee Payment System v1.0 is vulnerable to SQL Injection via /scms/student.php. | |||||
| CVE-2022-31911 | 1 Online Discussion Forum Site Project | 1 Online Discussion Forum Site | 2022-06-27 | 6.5 MEDIUM | 7.2 HIGH |
| Online Discussion Forum Site v1.0 is vulnerable to SQL Injection via /odfs/classes/Master.php?f=delete_team. | |||||
| CVE-2022-31912 | 1 Online Tutor Portal Site Project | 1 Online Tutor Portal Site | 2022-06-27 | 6.5 MEDIUM | 7.2 HIGH |
| Online Tutor Portal Site v1.0 is vulnerable to SQL Injection via /otps/classes/Master.php?f=delete_team. | |||||
| CVE-2022-32370 | 1 Advanced School Management System Project | 1 Advanced School Management System | 2022-06-24 | 6.5 MEDIUM | 7.2 HIGH |
| itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_classroom.php?id=. | |||||
| CVE-2022-32371 | 1 Advanced School Management System Project | 1 Advanced School Management System | 2022-06-24 | 6.5 MEDIUM | 7.2 HIGH |
| itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_teacher.php?id=. | |||||
| CVE-2022-32372 | 1 Advanced School Management System Project | 1 Advanced School Management System | 2022-06-24 | 6.5 MEDIUM | 7.2 HIGH |
| itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_subject.php?id=. | |||||
| CVE-2022-32374 | 1 Advanced School Management System Project | 1 Advanced School Management System | 2022-06-24 | 6.5 MEDIUM | 7.2 HIGH |
| itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_subject_routing.php?id=. | |||||
| CVE-2022-32373 | 1 Advanced School Management System Project | 1 Advanced School Management System | 2022-06-24 | 6.5 MEDIUM | 7.2 HIGH |
| itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_exam.php?id=. | |||||