CWE-CWE-89 CVE - OpenCVE

Filtered by CWE-89

Total 11593 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2022-28533	1 Medical Hub Directory Site Project	1 Medical Hub Directory Site	2022-05-11	7.5 HIGH	9.8 CRITICAL
Sourcecodester Medical Hub Directory Site 1.0 is vulnerable to SQL Injection via /mhds/clinic/view_details.php.
CVE-2022-27431	1 Wuzhicms	1 Wuzhi Cms	2022-05-11	7.5 HIGH	9.8 CRITICAL
Wuzhicms v4.1.0 was discovered to contain a SQL injection vulnerability via the groupid parameter at /coreframe/app/member/admin/group.php.
CVE-2022-27420	1 Hospital Management System Project	1 Hospital Management System	2022-05-11	7.5 HIGH	9.8 CRITICAL
Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the patient_contact parameter in patientsearch.php.
CVE-2021-41942	1 Msvod	1 Msvod Cms	2022-05-11	5.0 MEDIUM	7.5 HIGH
The Magic CMS MSVOD v10 video system has a SQL injection vulnerability. Attackers can use vulnerabilities to obtain sensitive information in the database.
CVE-2022-1378	1 Deltaww	1 Diaenergie	2022-05-11	10.0 HIGH	9.8 CRITICAL
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_pgHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
CVE-2022-1377	1 Deltaww	1 Diaenergie	2022-05-11	10.0 HIGH	9.8 CRITICAL
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_rltHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
CVE-2022-1376	1 Deltaww	1 Diaenergie	2022-05-10	10.0 HIGH	9.8 CRITICAL
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_privgrpHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
CVE-2022-28505	1 Jflyfox	1 Jfinal Cms	2022-05-10	6.5 MEDIUM	7.2 HIGH
Jfinal_cms 5.1.0 is vulnerable to SQL Injection via com.jflyfox.system.log.LogController.java.
CVE-2022-1375	1 Deltaww	1 Diaenergie	2022-05-10	10.0 HIGH	9.8 CRITICAL
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_slogHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
CVE-2022-1374	1 Deltaww	1 Diaenergie	2022-05-10	10.0 HIGH	9.8 CRITICAL
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_unHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
CVE-2022-1372	1 Deltaww	1 Diaenergie	2022-05-10	10.0 HIGH	9.8 CRITICAL
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in dlSlog.aspx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
CVE-2022-1371	1 Deltaww	1 Diaenergie	2022-05-10	10.0 HIGH	9.8 CRITICAL
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in ReadRegf. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
CVE-2022-1370	1 Deltaww	1 Diaenergie	2022-05-10	10.0 HIGH	9.8 CRITICAL
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in ReadREGbyID. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
CVE-2022-1369	1 Deltaww	1 Diaenergie	2022-05-10	10.0 HIGH	9.8 CRITICAL
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in ReadRegIND. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
CVE-2022-1367	1 Deltaww	1 Diaenergie	2022-05-10	10.0 HIGH	9.8 CRITICAL
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in Handler_TCV.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
CVE-2022-1366	1 Deltaww	1 Diaenergie	2022-05-10	10.0 HIGH	9.8 CRITICAL
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in HandlerChart.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
CVE-2022-29904	1 Mediawiki	1 Mediawiki	2022-05-10	7.5 HIGH	9.8 CRITICAL
The SemanticDrilldown extension for MediaWiki through 1.37.2 (before e688bdba6434591b5dff689a45e4d53459954773) allows SQL injection with certain '-' and '_' constraints.
CVE-2022-27466	1 Mingsoft	1 Mcms	2022-05-10	7.5 HIGH	9.8 CRITICAL
MCMS v5.2.27 was discovered to contain a SQL injection vulnerability in the orderBy parameter at /dict/list.do.
CVE-2022-28585	1 Phome	1 Empirecms	2022-05-09	7.5 HIGH	9.8 CRITICAL
EmpireCMS 7.5 has a SQL injection vulnerability in AdClass.php
CVE-2022-27962	1 Bluecms Project	1 Bluecms	2022-05-09	7.5 HIGH	9.8 CRITICAL
Bluecms 1.6 has a SQL injection vulnerability at cooike.

Vulnerabilities (CVE)