Total
11593 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-26268 | 1 Xiaohuanxiong Project | 1 Xiaohuanxiong | 2022-03-30 | 7.5 HIGH | 9.8 CRITICAL |
| Xiaohuanxiong v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /app/controller/Books.php. | |||||
| CVE-2021-44617 | 1 Glpi-project | 1 Glpi | 2022-03-30 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL Injection vulnerability exits in the Ramo plugin for GLPI 9.4.6 via the idu parameter in plugins/ramo/ramoapirest.php/getOutdated. | |||||
| CVE-2021-27472 | 1 Rockwellautomation | 1 Factorytalk Assetcentre | 2022-03-29 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability exists in the RunSearch function of SearchService service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier, which may allow for the execution of remote unauthenticated arbitrary SQL statements. | |||||
| CVE-2021-43091 | 1 Yeswiki | 1 Yeswiki | 2022-03-29 | 5.0 MEDIUM | 7.5 HIGH |
| An SQL Injection vlnerability exits in Yeswiki doryphore 20211012 via the email parameter in the registration form. | |||||
| CVE-2021-27468 | 1 Rockwellautomation | 1 Factorytalk Assetcentre | 2022-03-29 | 7.5 HIGH | 9.8 CRITICAL |
| The AosService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier exposes functions lacking proper authentication. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary SQL statements. | |||||
| CVE-2021-27464 | 1 Rockwellautomation | 1 Factorytalk Assetcentre | 2022-03-29 | 7.5 HIGH | 9.8 CRITICAL |
| The ArchiveService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier exposes functions lacking proper authentication. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary SQL statements. | |||||
| CVE-2022-26301 | 1 Yejiao | 1 Tuzicms | 2022-03-29 | 7.5 HIGH | 9.8 CRITICAL |
| TuziCMS v2.0.6 was discovered to contain a SQL injection vulnerability via the component App\Manage\Controller\ZhuantiController.class.php. | |||||
| CVE-2018-18805 | 1 Pointofsales Project | 1 Pointofsales | 2022-03-29 | 7.5 HIGH | 9.8 CRITICAL |
| Point Of Sales 1.0 allows SQL injection via the login screen, related to LoginForm1.vb. | |||||
| CVE-2022-26285 | 1 Simple Client Management System Project | 1 Simple Client Management System | 2022-03-29 | 7.5 HIGH | 9.8 CRITICAL |
| Simple Subscription Website v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the apply endpoint. This vulnerability allows attackers to dump the application's database via crafted HTTP requests. | |||||
| CVE-2021-44655 | 1 Online Pre-owned\/used Car Showroom Management System Project | 1 Online Pre-owned\/used Car Showroom Management System | 2022-03-29 | 7.5 HIGH | 9.8 CRITICAL |
| Online Pre-owned/Used Car Showroom Management System 1.0 contains a SQL injection authentication bypass vulnerability. Admin panel authentication can be bypassed due to SQL injection vulnerability in the login form allowing attacker to get admin access on the application. | |||||
| CVE-2021-43084 | 1 Dreamer Cms Project | 1 Dreamer Cms | 2022-03-29 | 7.5 HIGH | 9.8 CRITICAL |
| An SQL Injection vulnerability exists in Dreamer CMS 4.0.0 via the tableName parameter. | |||||
| CVE-2022-0153 | 1 Fork-cms | 1 Fork Cms | 2022-03-29 | 4.3 MEDIUM | 7.5 HIGH |
| SQL Injection in GitHub repository forkcms/forkcms prior to 5.11.1. | |||||
| CVE-2021-43700 | 1 Apimanager Project | 1 Apimanager | 2022-03-29 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in ApiManager 1.1. there is sql injection vulnerability that can use in /index.php?act=api&tag=8. | |||||
| CVE-2022-26283 | 1 Simple Subscription Website Project | 1 Simple Subscription Website | 2022-03-29 | 7.5 HIGH | 9.8 CRITICAL |
| Simple Subscription Website v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the view_plan endpoint. This vulnerability allows attackers to dump the application's database via crafted HTTP requests. | |||||
| CVE-2022-26284 | 1 Simple Client Management System Project | 1 Simple Client Management System | 2022-03-29 | 7.5 HIGH | 9.8 CRITICAL |
| Simple Client Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the manage_client endpoint. This vulnerability allows attackers to dump the application's database via crafted HTTP requests. | |||||
| CVE-2022-25505 | 1 Taogogo | 1 Taocms | 2022-03-29 | 7.5 HIGH | 9.8 CRITICAL |
| Taocms v3.0.2 was discovered to contain a SQL injection vulnerability via the id parameter in \include\Model\Category.php. | |||||
| CVE-2021-43735 | 1 Cmswing | 1 Cmswing | 2022-03-29 | 7.5 HIGH | 9.8 CRITICAL |
| CmsWing 1.3.7 is affected by a SQLi vulnerability via parameter: behavior rule. | |||||
| CVE-2022-25222 | 1 Money Transfer Management System Project | 1 Money Transfer Management System | 2022-03-29 | 7.5 HIGH | 9.8 CRITICAL |
| Money Transfer Management System Version 1.0 allows an unauthenticated user to inject SQL queries in 'admin/maintenance/manage_branch.php' and 'admin/maintenance/manage_fee.php' via the 'id' parameter. | |||||
| CVE-2022-25223 | 1 Money Transfer Management System Project | 1 Money Transfer Management System | 2022-03-28 | 4.0 MEDIUM | 4.3 MEDIUM |
| Money Transfer Management System Version 1.0 allows an authenticated user to inject SQL queries in 'mtms/admin/?page=transaction/view_details' via the 'id' parameter. | |||||
| CVE-2021-43650 | 1 Softwell | 1 Webrun | 2022-03-28 | 7.5 HIGH | 9.8 CRITICAL |
| WebRun 3.6.0.42 is vulnerable to SQL Injection via the P_0 parameter used to set the username during the login process. | |||||