Total
11593 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-26114 | 1 Fortinet | 1 Fortiwan | 2022-04-13 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple improper neutralization of special elements used in an SQL command vulnerabilities in FortiWAN before 4.5.9 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests. | |||||
| CVE-2022-26628 | 1 Matrimony Project | 1 Matrimony | 2022-04-13 | 7.5 HIGH | 9.8 CRITICAL |
| Matrimony v1.0 was discovered to contain a SQL injection vulnerability via the Password parameter. | |||||
| CVE-2022-28468 | 1 Payroll Management System Project | 1 Payroll Management System | 2022-04-12 | 7.5 HIGH | 9.8 CRITICAL |
| Payroll Management System v1.0 was discovered to contain a SQL injection vulnerability via the username parameter. | |||||
| CVE-2022-28115 | 1 Online Sports Complex Booking Project | 1 Online Sports Complex Booking | 2022-04-12 | 7.5 HIGH | 9.8 CRITICAL |
| Online Sports Complex Booking v1.0 was discovered to contain a SQL injection vulnerability via the id parameter. | |||||
| CVE-2022-28116 | 1 Online Banking System Project | 1 Online Banking System | 2022-04-12 | 7.5 HIGH | 9.8 CRITICAL |
| Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter. | |||||
| CVE-2022-28467 | 1 Online Student Admission Project | 1 Online Student Admission | 2022-04-12 | 7.5 HIGH | 9.8 CRITICAL |
| Online Student Admission v1.0 was discovered to contain a SQL injection vulnerability via the txtapplicationID parameter. | |||||
| CVE-2020-27660 | 1 Synology | 1 Safeaccess | 2022-04-12 | 10.0 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in request.cgi in Synology SafeAccess before 1.2.3-0234 allows remote attackers to execute arbitrary SQL commands via the domain parameter. | |||||
| CVE-2022-24260 | 1 Voipmonitor | 1 Voipmonitor | 2022-04-12 | 10.0 HIGH | 9.8 CRITICAL |
| A SQL injection vulnerability in Voipmonitor GUI before v24.96 allows attackers to escalate privileges to the Administrator level. | |||||
| CVE-2022-25003 | 1 Hospital\'s Patient Records Management System Project | 1 Hospital\'s Patient Records Management System | 2022-04-12 | 7.5 HIGH | 9.8 CRITICAL |
| Hospital Patient Record Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in /admin/doctors/view_doctor.php. | |||||
| CVE-2022-27123 | 1 Employee Performance Evaluation Project | 1 Employee Performance Evaluation | 2022-04-12 | 7.5 HIGH | 9.8 CRITICAL |
| Employee Performance Evaluation v1.0 was discovered to contain a SQL injection vulnerability via the email parameter. | |||||
| CVE-2022-27124 | 1 Insurance Management System Project | 1 Insurance Management System | 2022-04-12 | 7.5 HIGH | 9.8 CRITICAL |
| Insurance Management System 1.0 was discovered to contain a SQL injection vulnerability via the username parameter. | |||||
| CVE-2022-27304 | 1 Student Grading System Project | 1 Student Grading System | 2022-04-12 | 7.5 HIGH | 9.8 CRITICAL |
| Student Grading System v1.0 was discovered to contain a SQL injection vulnerability via the user parameter. | |||||
| CVE-2022-26585 | 1 Mingsoft | 1 Mcms | 2022-04-12 | 7.5 HIGH | 9.8 CRITICAL |
| Mingsoft MCMS v5.2.7 was discovered to contain a SQL injection vulnerability via /cms/content/list. | |||||
| CVE-2022-0887 | 1 Cybernetikz | 1 Easy Social Icons | 2022-04-11 | 6.5 MEDIUM | 7.2 HIGH |
| The Easy Social Icons WordPress plugin before 3.1.4 does not sanitize the selected_icons attribute to the cnss_widget before using it in an SQL statement, leading to a SQL injection vulnerability. | |||||
| CVE-2021-32957 | 1 Auvesy-mdt | 2 Autosave, Autosave For System Platform | 2022-04-11 | 5.0 MEDIUM | 7.5 HIGH |
| A function in MDT AutoSave versions prior to v6.02.06 is used to retrieve system information for a specific process, and this information collection executes multiple commands and summarizes the information into an XML. This function and subsequent process gives full path to the executable and is therefore vulnerable to binary hijacking. | |||||
| CVE-2021-36625 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2022-04-11 | 6.5 MEDIUM | 8.8 HIGH |
| An SQL Injection vulnerability exists in Dolibarr ERP/CRM 13.0.2 (fixed version is 14.0.0) via a POST request to the country_id parameter in an UPDATE statement. | |||||
| CVE-2021-32953 | 1 Auvesy-mdt | 2 Autosave, Autosave For System Platform | 2022-04-11 | 7.5 HIGH | 9.8 CRITICAL |
| An attacker could utilize SQL commands to create a new user MDT AutoSave versions prior to v6.02.06 and update the user’s permissions, granting the attacker the ability to login. | |||||
| CVE-2021-44135 | 1 Pagekit | 1 Pagekit | 2022-04-08 | 10.0 HIGH | 9.8 CRITICAL |
| pagekit all versions, as of 15-10-2021, is vulnerable to SQL Injection via Comment listing. | |||||
| CVE-2021-40645 | 1 Jfinaloa Project | 1 Jfinaloa | 2022-04-08 | 4.0 MEDIUM | 6.5 MEDIUM |
| An SQL Injection vulnerability exists in glorylion JFinalOA as of 9/7/2021 in the defkey parameter getHaveDoneTaskDataList method of the FlowTaskController. | |||||
| CVE-2021-43484 | 1 Simple Client Management System Project | 1 Simple Client Management System | 2022-04-07 | 7.5 HIGH | 9.8 CRITICAL |
| A Remote Code Execution (RCE) vulnerability exists in Simple Client Management System 1.0 in create.php due to the failure to validate the extension of the file being sent in a request. | |||||