Total
11593 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-43010 | 1 Safedog | 1 Safedog Apache | 2022-05-17 | 5.0 MEDIUM | 7.5 HIGH |
| In Safedog Apache v4.0.30255, attackers can bypass this product for SQL injection. Attackers can bypass access to sensitive data. | |||||
| CVE-2022-30335 | 1 Wealth | 1 Bonanza Wealth Management System | 2022-05-17 | 7.5 HIGH | 9.8 CRITICAL |
| Bonanza Wealth Management System (BWM) 7.3.2 allows SQL injection via the login form. Users who supply the application with a SQL injection payload in the User Name textbox could collect all passwords in encrypted format from the Microsoft SQL Server component. | |||||
| CVE-2021-43094 | 1 Openmrs | 2 Openmrs, Reference Application | 2022-05-17 | 7.5 HIGH | 9.8 CRITICAL |
| An SQL Injection vulnerability exists in OpenMRS Reference Application Standalone Edition <=2.11 and Platform Standalone Edition <=2.4.0 via GET requests on arbitrary parameters in patient.page. | |||||
| CVE-2022-27412 | 1 Exploreit | 1 Explore Cms | 2022-05-17 | 7.5 HIGH | 9.8 CRITICAL |
| Explore CMS v1.0 was discovered to contain a SQL injection vulnerability via a /page.php?id= request. | |||||
| CVE-2022-29535 | 1 Zohocorp | 1 Manageengine Opmanager | 2022-05-17 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine OPManager through 125588 allows SQL Injection via a few default reports. | |||||
| CVE-2022-1013 | 1 Ays-pro | 1 Personal Dictionary | 2022-05-17 | 7.5 HIGH | 9.8 CRITICAL |
| The Personal Dictionary WordPress plugin before 1.3.4 fails to properly sanitize user supplied POST data before it is being interpolated in an SQL statement and then executed, leading to a blind SQL injection vulnerability. | |||||
| CVE-2022-0948 | 1 Pluginbazaar | 1 Order Listener For Woocommerce | 2022-05-17 | 7.5 HIGH | 9.8 CRITICAL |
| The Order Listener for WooCommerce WordPress plugin before 3.2.2 does not sanitise and escape the id parameter before using it in a SQL statement via a REST route available to unauthenticated users, leading to an SQL injection | |||||
| CVE-2022-0592 | 1 Mapsvg | 1 Mapsvg | 2022-05-16 | 7.5 HIGH | 9.8 CRITICAL |
| The MapSVG WordPress plugin before 6.2.20 does not validate and escape a parameter via a REST endpoint before using it in a SQL statement, leading to a SQL Injection exploitable by unauthenticated users. | |||||
| CVE-2022-0783 | 1 Themehigh | 1 Multiple Shipping Addresses For Woocommerce | 2022-05-16 | 7.5 HIGH | 9.8 CRITICAL |
| The Multiple Shipping Address Woocommerce WordPress plugin before 2.0 does not properly sanitise and escape numerous parameters before using them in SQL statements via some AJAX actions available to unauthenticated users, leading to unauthenticated SQL injections | |||||
| CVE-2022-0826 | 1 Wp-video-gallery-free Project | 1 Wp-video-gallery-free | 2022-05-16 | 7.5 HIGH | 9.8 CRITICAL |
| The WP Video Gallery WordPress plugin through 1.7.1 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action, leading to an SQL Injection exploitable by unauthenticated users | |||||
| CVE-2022-0817 | 1 Badgeos | 1 Badgeos | 2022-05-16 | 7.5 HIGH | 9.8 CRITICAL |
| The BadgeOS WordPress plugin through 3.7.0 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action, leading to an SQL Injection exploitable by unauthenticated users | |||||
| CVE-2022-28163 | 1 Broadcom | 1 Sannav | 2022-05-13 | 7.5 HIGH | 9.8 CRITICAL |
| In Brocade SANnav before Brocade SANnav 2.2.0, multiple endpoints associated with Zone management are susceptible to SQL injection, allowing an attacker to run arbitrary SQL commands. | |||||
| CVE-2020-19217 | 1 Piwigo | 1 Piwigo | 2022-05-13 | 6.5 MEDIUM | 8.8 HIGH |
| SQL Injection vulnerability in admin/batch_manager.php in piwigo v2.9.5, via the filter_category parameter to admin.php?page=batch_manager. | |||||
| CVE-2020-19216 | 1 Piwigo | 1 Piwigo | 2022-05-13 | 6.5 MEDIUM | 8.8 HIGH |
| SQL Injection vulnerability in admin/user_perm.php in piwigo v2.9.5, via the cat_false parameter to admin.php?page=group_perm. | |||||
| CVE-2020-19215 | 1 Piwigo | 1 Piwigo | 2022-05-13 | 6.5 MEDIUM | 8.8 HIGH |
| SQL Injection vulnerability in admin/user_perm.php in piwigo v2.9.5, via the cat_false parameter to admin.php?page=user_perm. | |||||
| CVE-2020-19213 | 1 Piwigo | 1 Piwigo | 2022-05-13 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection vulnerability in cat_move.php in piwigo v2.9.5, via the selection parameter to move_categories. | |||||
| CVE-2020-19212 | 1 Piwigo | 1 Piwigo | 2022-05-13 | 4.0 MEDIUM | 4.9 MEDIUM |
| SQL Injection vulnerability in admin/group_list.php in piwigo v2.9.5, via the group parameter to delete. | |||||
| CVE-2021-42235 | 1 Enhancesoft | 1 Osticket | 2022-05-13 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection in osTicket before 1.14.8 and 1.15.4 login and password reset process allows attackers to access the osTicket administration profile functionality. | |||||
| CVE-2021-21917 | 1 Advantech | 1 R-seenet | 2022-05-13 | 6.5 MEDIUM | 8.8 HIGH |
| An exploitable SQL injection vulnerability exist in the ‘group_list’ page of the Advantech R-SeeNet 2.4.15 (30.07.2021). A specially-crafted HTTP request at '‘ord’ parameter. An attacker can make authenticated HTTP requests to trigger this vulnerability. This can be done as any authenticated user or through cross-site request forgery. | |||||
| CVE-2021-21916 | 1 Advantech | 1 R-seenet | 2022-05-13 | 6.5 MEDIUM | 8.8 HIGH |
| An exploitable SQL injection vulnerability exist in the ‘group_list’ page of the Advantech R-SeeNet 2.4.15 (30.07.2021). A specially-crafted HTTP request at 'description_filter’ parameter. An attacker can make authenticated HTTP requests to trigger this vulnerability. This can be done as any authenticated user or through cross-site request forgery. | |||||