Total
11593 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-0757 | 1 Rapid7 | 1 Nexpose | 2022-04-07 | 6.5 MEDIUM | 8.8 HIGH |
| Rapid7 Nexpose versions 6.6.93 and earlier are susceptible to an SQL Injection vulnerability, whereby valid search operators are not defined. This lack of validation can allow a logged-in, authenticated attacker to manipulate the "ANY" and "OR" operators in the SearchCriteria and inject SQL code. This issue was fixed in Rapid7 Nexpose version 6.6.129. | |||||
| CVE-2021-43109 | 1 Puneethreddyhc Online-shopping-system Project | 1 Puneethreddyhc Online-shopping-system | 2022-04-06 | 5.0 MEDIUM | 7.5 HIGH |
| An SQL Injection vulnerability exits in PuneethReddyHC online-shopping-system as of 11/01/2021 via the p parameter in product.php. | |||||
| CVE-2021-43506 | 1 Simple Client Management System Project | 1 Simple Client Management System | 2022-04-06 | 7.5 HIGH | 9.8 CRITICAL |
| An SQL Injection vulnerability exists in Sourcecodester Simple Client Management System 1.0 via the password parameter in Login.php. | |||||
| CVE-2021-24848 | 1 Frenify | 1 Mediamatic | 2022-04-05 | 6.5 MEDIUM | 8.8 HIGH |
| The mediamaticAjaxRenameCategory AJAX action of the Mediamatic WordPress plugin before 2.8.1, available to any authenticated user, does not sanitise the categoryID parameter before using it in a SQL statement, leading to an SQL injection | |||||
| CVE-2022-24124 | 1 Casbin | 1 Casdoor | 2022-04-05 | 5.0 MEDIUM | 7.5 HIGH |
| The query API in Casdoor before 1.13.1 has a SQL injection vulnerability related to the field and value parameters, as demonstrated by api/get-organizations. | |||||
| CVE-2022-24956 | 1 Shopware | 1 B2b Suite | 2022-04-05 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Shopware B2B-Suite through 4.4.1. The sort-by parameter of the search functionality of b2border and b2borderlist allows SQL injection. Possible techniques are boolean-based blind, time-based blind, and potentially stacked queries. The vulnerability allows a remote authenticated attacker to dump the underlying database. | |||||
| CVE-2020-24770 | 1 Nexusphp | 1 Nexusphp | 2022-04-05 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in modrules.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2020-24769 | 1 Nexusphp | 1 Nexusphp | 2022-04-05 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in takeconfirm.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the classes parameter. | |||||
| CVE-2022-0923 | 1 Deltaww | 1 Diaenergie | 2022-04-05 | 7.5 HIGH | 9.8 CRITICAL |
| Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in HandlerDialog_KID.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. | |||||
| CVE-2021-43701 | 1 Cszcms | 1 Csz Cms | 2022-04-05 | 4.0 MEDIUM | 6.5 MEDIUM |
| CSZ CMS 1.2.9 has a Time and Boolean-based Blind SQL Injection vulnerability in the endpoint /admin/export/getcsv/article_db, via the fieldS[] and orderby parameters. | |||||
| CVE-2020-35848 | 1 Agentejo | 1 Cockpit | 2022-04-05 | 7.5 HIGH | 9.8 CRITICAL |
| Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php newpassword function. | |||||
| CVE-2020-35847 | 1 Agentejo | 1 Cockpit | 2022-04-05 | 7.5 HIGH | 9.8 CRITICAL |
| Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php resetpassword function. | |||||
| CVE-2021-40644 | 1 Oasys Project | 1 Oasys | 2022-04-05 | 4.0 MEDIUM | 6.5 MEDIUM |
| An SQL Injection vulnerability exists in oasys oa_system as of 9/7/2021 in resources/mappers/notice-mapper.xml. | |||||
| CVE-2022-1083 | 1 Microfinance Management System Project | 1 Microfinance Management System | 2022-04-05 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability classified as critical has been found in Microfinance Management System. The manipulation of arguments like customer_type_number/account_number/account_status_number/account_type_number with the input ' and (select * from(select(sleep(10)))Avx) and 'abc' = 'abc leads to sql injection in multiple files. It is possible to launch the attack remotely. | |||||
| CVE-2022-26245 | 1 Open-falcon | 1 Falcon-plus | 2022-04-05 | 7.5 HIGH | 9.8 CRITICAL |
| Falcon-plus v0.3 was discovered to contain a SQL injection vulnerability via the parameter grpName in /config/service/host.go. | |||||
| CVE-2022-23797 | 1 Joomla | 1 Joomla\! | 2022-04-05 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0. Inadequate filtering on the selected Ids on an request could resulted into an possible SQL injection. | |||||
| CVE-2021-44581 | 1 Kreado | 1 Kreasfero | 2022-04-04 | 5.0 MEDIUM | 7.5 HIGH |
| An SQL Injection vulnerabilty exists in Kreado Kreasfero 1.5 via the id parameter. | |||||
| CVE-2022-1078 | 1 College Website Management System Project | 1 College Website Management System | 2022-04-04 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability was found in SourceCodester College Website Management System 1.0. It has been classified as critical. Affected is the file /cwms/admin/?page=articles/view_article/. The manipulation of the argument id with the input ' and (select * from(select(sleep(10)))Avx) and 'abc' = 'abc with an unknown input leads to sql injection. It is possible to launch the attack remotely and without authentication. | |||||
| CVE-2022-1080 | 1 One Church Management System Project | 1 One Church Management System | 2022-04-04 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability was found in SourceCodester One Church Management System 1.0. It has been declared as critical. This vulnerability affects code of the file attendancy.php as the manipulation of the argument search2 leads to sql injection. The attack can be initiated remotely. | |||||
| CVE-2021-25068 | 1 Dpl | 1 Sync Woocommerce Product Feed To Google Shopping | 2022-04-04 | 6.5 MEDIUM | 7.2 HIGH |
| The Sync WooCommerce Product feed to Google Shopping WordPress plugin through 1.2.4 uses the 'feed_id' POST parameter which is not properly sanitized for use in a SQL statement, leading to a SQL injection vulnerability in the admin dashboard | |||||