Total
11593 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-29664 | 1 Chshcms | 1 Cscms Music Portal System | 2022-05-28 | 6.5 MEDIUM | 8.8 HIGH |
| CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/type/pl_save. | |||||
| CVE-2022-29663 | 1 Chshcms | 1 Cscms Music Portal System | 2022-05-28 | 6.5 MEDIUM | 7.2 HIGH |
| CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/type/hy. | |||||
| CVE-2022-29662 | 1 Chshcms | 1 Cscms Music Portal System | 2022-05-28 | 6.5 MEDIUM | 7.2 HIGH |
| CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/news/admin/news/save. | |||||
| CVE-2022-29661 | 1 Chshcms | 1 Cscms Music Portal System | 2022-05-28 | 6.5 MEDIUM | 7.2 HIGH |
| CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/pic/admin/type/save. | |||||
| CVE-2022-29660 | 1 Chshcms | 1 Cscms Music Portal System | 2022-05-28 | 7.5 HIGH | 9.8 CRITICAL |
| CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/pic/del. | |||||
| CVE-2022-0781 | 1 Nirweb | 1 Nirweb Support | 2022-05-28 | 7.5 HIGH | 9.8 CRITICAL |
| The Nirweb support WordPress plugin before 2.8.2 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action (available to unauthenticated users), leading to an SQL injection | |||||
| CVE-2021-24125 | 1 Contact Form Submissions Project | 1 Contact Form Submissions | 2022-05-27 | 6.5 MEDIUM | 7.2 HIGH |
| Unvalidated input in the Contact Form Submissions WordPress plugin before 1.7.1, could lead to SQL injection in the wpcf7_contact_form GET parameter when submitting a filter request as a high privilege user (admin+) | |||||
| CVE-2022-26632 | 1 Multi-vendor Online Groceries Management System Project | 1 Multi-vendor Online Groceries Management System | 2022-05-26 | 7.5 HIGH | 9.8 CRITICAL |
| Multi-Vendor Online Groceries Management System v1.0 was discovered to contain a blind SQL injection vulnerability via the id parameter in /products/view_product.php. | |||||
| CVE-2022-26633 | 1 Simple Student Quarterly Result\/grade System Project | 1 Simple Student Quarterly Result\/grade System | 2022-05-26 | 7.5 HIGH | 9.8 CRITICAL |
| Simple Student Quarterly Result/Grade System v1.0 was discovered to contain a SQL injection vulnerability via /sqgs/Actions.php. | |||||
| CVE-2022-28531 | 1 Covid-19 Directory On Vaccination System Project | 1 Covid-19 Directory On Vaccination System | 2022-05-26 | 7.5 HIGH | 9.8 CRITICAL |
| Sourcecodester Covid-19 Directory on Vaccination System1.0 is vulnerable to SQL Injection via the admin/login.php txtusername (aka Username) field. | |||||
| CVE-2022-30886 | 1 School Dormitory Management System Project | 1 School Dormitory Management System | 2022-05-26 | 7.5 HIGH | 9.8 CRITICAL |
| School Dormitory Management System v1.0 was discovered to contain a SQL injection vulnerability via the month parameter at /dms/admin/reports/daily_collection_report.php. | |||||
| CVE-2022-30518 | 1 Chatbot Application With A Suggestion Feature Project | 1 Chatbot Application With A Suggestion Feature | 2022-05-26 | 7.5 HIGH | 9.8 CRITICAL |
| ChatBot Application with a Suggestion Feature 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /simple_chat_bot/admin/responses/view_response.php. | |||||
| CVE-2022-28105 | 1 Online Sports Complex Booking System Project | 1 Online Sports Complex Booking System | 2022-05-26 | 7.5 HIGH | 9.8 CRITICAL |
| Online Sports Complex Booking System v1.0 was discovered to contain a blind SQL injection vulnerability via the id parameter in /scbs/view_facility.php. | |||||
| CVE-2022-28961 | 1 Spip | 1 Spip | 2022-05-26 | 6.5 MEDIUM | 8.8 HIGH |
| Spip Web Framework v3.1.13 and below was discovered to contain multiple SQL injection vulnerabilities at /ecrire via the lier_trad and where parameters. | |||||
| CVE-2022-24391 | 1 Fidelissecurity | 2 Deception, Network | 2022-05-26 | 6.5 MEDIUM | 8.8 HIGH |
| Vulnerability in Fidelis Network and Deception CommandPost enables SQL injection through the web interface by an attacker with user level access. The vulnerability is present in Fidelis Network and Deception versions prior to 9.4.5. Patches and updates are available to address this vulnerability. | |||||
| CVE-2020-3937 | 1 Sysjust | 1 Syuan-gu-da-shin | 2022-05-25 | 5.0 MEDIUM | 7.5 HIGH |
| SQL Injection in SysJust Syuan-Gu-Da-Shih, versions before 20191223, allowing attackers to perform unwanted SQL queries and access arbitrary file in the database. | |||||
| CVE-2022-30054 | 1 Covid 19 Travel Pass Management Project | 1 Covid 19 Travel Pass Management | 2022-05-25 | 7.5 HIGH | 9.8 CRITICAL |
| In Covid 19 Travel Pass Management 1.0, the code parameter is vulnerable to SQL injection attacks. | |||||
| CVE-2022-30053 | 1 Toll Tax Management System Project | 1 Toll Tax Management System | 2022-05-25 | 7.5 HIGH | 9.8 CRITICAL |
| In Toll Tax Management System 1.0, the id parameter appears to be vulnerable to SQL injection attacks. | |||||
| CVE-2022-30052 | 1 Home Clean Service System Project | 1 Home Clean Service System | 2022-05-25 | 7.5 HIGH | 9.8 CRITICAL |
| In Home Clean Service System 1.0, the password parameter is vulnerable to SQL injection attacks. | |||||
| CVE-2022-1182 | 1 Visual Slide Box Builder Project | 1 Visual Slide Box Builder | 2022-05-25 | 6.5 MEDIUM | 8.8 HIGH |
| The Visual Slide Box Builder WordPress plugin through 3.2.9 does not sanitise and escape various parameters before using them in SQL statements via some of its AJAX actions available to any authenticated users (such as subscriber), leading to SQL Injections | |||||