Total
11593 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-22735 | 1 Sedlex | 1 Simple Quotation | 2022-03-21 | 6.5 MEDIUM | 8.8 HIGH |
| The Simple Quotation WordPress plugin through 1.3.2 does not have authorisation (and CSRF) checks in various of its AJAX actions and is lacking escaping of user data when using it in SQL statements, allowing any authenticated users, such as subscriber to perform SQL injection attacks | |||||
| CVE-2022-0169 | 1 10web | 1 Photo Gallery | 2022-03-21 | 7.5 HIGH | 9.8 CRITICAL |
| The Photo Gallery by 10Web WordPress plugin before 1.6.0 does not validate and escape the bwg_tag_id_bwg_thumbnails_0 parameter before using it in a SQL statement via the bwg_frontend_data AJAX action (available to unauthenticated and authenticated users), leading to an unauthenticated SQL injection | |||||
| CVE-2021-25007 | 1 Molie Instructure Canvas Linking Tool Project | 1 Molie Instructure Canvas Linking Tool | 2022-03-20 | 7.5 HIGH | 9.8 CRITICAL |
| The MOLIE WordPress plugin through 0.5 does not validate and escape a post parameter before using in a SQL statement, leading to an SQL Injection | |||||
| CVE-2021-24959 | 1 Techspawn | 1 Wp-email-users | 2022-03-20 | 6.5 MEDIUM | 8.8 HIGH |
| The WP Email Users WordPress plugin through 1.7.6 does not escape the data_raw parameter in the weu_selected_users_1 AJAX action, available to any authenticated users, allowing them to perform SQL injection attacks. | |||||
| CVE-2021-24762 | 1 Getperfectsurvey | 1 Perfect Survey | 2022-03-18 | 7.5 HIGH | 9.8 CRITICAL |
| The Perfect Survey WordPress plugin before 1.5.2 does not validate and escape the question_id GET parameter before using it in a SQL statement in the get_question AJAX action, allowing unauthenticated users to perform SQL injection. | |||||
| CVE-2021-25076 | 1 Wedevs | 1 Wp User Frontend | 2022-03-18 | 6.5 MEDIUM | 8.8 HIGH |
| The WP User Frontend WordPress plugin before 3.5.26 does not validate and escape the status parameter before using it in a SQL statement in the Subscribers dashboard, leading to an SQL injection. Due to the lack of sanitisation and escaping, this could also lead to Reflected Cross-Site Scripting | |||||
| CVE-2021-32474 | 1 Moodle | 1 Moodle | 2022-03-18 | 6.5 MEDIUM | 7.2 HIGH |
| An SQL injection risk existed on sites with MNet enabled and configured, via an XML-RPC call from the connected peer host. Note that this required site administrator access or access to the keypair. Moodle 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected. | |||||
| CVE-2022-24607 | 1 Luocms Project | 1 Luocms | 2022-03-17 | 7.5 HIGH | 9.8 CRITICAL |
| Luocms v2.0 is affected by SQL Injection in /admin/news/news_ok.php. | |||||
| CVE-2022-24606 | 1 Luocms Project | 1 Luocms | 2022-03-17 | 7.5 HIGH | 9.8 CRITICAL |
| Luocms v2.0 is affected by SQL Injection in /admin/news/sort_ok.php. | |||||
| CVE-2022-24605 | 1 Luocms Project | 1 Luocms | 2022-03-17 | 7.5 HIGH | 9.8 CRITICAL |
| Luocms v2.0 is affected by SQL Injection in /admin/link/link_ok.php. | |||||
| CVE-2022-24604 | 1 Luocms Project | 1 Luocms | 2022-03-17 | 7.5 HIGH | 9.8 CRITICAL |
| Luocms v2.0 is affected by SQL Injection in /admin/link/link_mod.php. | |||||
| CVE-2022-24600 | 1 Luocms Project | 1 Luocms | 2022-03-17 | 7.5 HIGH | 9.8 CRITICAL |
| Luocms v2.0 is affected by SQL Injection through /admin/login.php. An attacker can log in to the background through SQL injection statements. | |||||
| CVE-2022-24603 | 1 Luocms Project | 1 Luocms | 2022-03-17 | 7.5 HIGH | 9.8 CRITICAL |
| Luocms v2.0 is affected by SQL Injection in /admin/news/sort_mod.php. | |||||
| CVE-2022-24602 | 1 Luocms Project | 1 Luocms | 2022-03-17 | 7.5 HIGH | 9.8 CRITICAL |
| Luocms v2.0 is affected by SQL Injection in /admin/news/news_mod.php. | |||||
| CVE-2022-24601 | 1 Luocms Project | 1 Luocms | 2022-03-17 | 5.0 MEDIUM | 7.5 HIGH |
| Luocms v2.0 is affected by SQL Injection in /admin/manager/admin_mod.php. An attacker can obtain sensitive information through SQL injection statements. | |||||
| CVE-2013-3523 | 1 Gajennings | 1 This | 2022-03-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in This HTML Is Simple (THIS) before 1.2.4 allows remote to execute arbitrary SQL commands via vectors related to op=page&id= in the URL. | |||||
| CVE-2022-25225 | 1 Softinventive | 1 Network Olympus | 2022-03-16 | 6.5 MEDIUM | 7.2 HIGH |
| Network Olympus version 1.8.0 allows an authenticated admin user to inject SQL queries in '/api/eventinstance' via the 'sqlparameter' JSON parameter. It is also possible to achieve remote code execution in the default installation (PostgreSQL) by exploiting this issue. | |||||
| CVE-2021-43969 | 1 Quicklert | 1 Quicklert | 2022-03-15 | 7.8 HIGH | 6.5 MEDIUM |
| The login.jsp page of Quicklert for Digium 10.0.0 (1043) is affected by both Blind SQL Injection with Out-of-Band Interaction (DNS) and Blind Time-Based SQL Injections. Exploitation can be used to disclose all data within the database (up to and including the administrative accounts' login IDs and passwords) via the login.jsp uname parameter. | |||||
| CVE-2022-26171 | 1 Bank Management System Project | 1 Bank Management System | 2022-03-14 | 7.5 HIGH | 9.8 CRITICAL |
| Bank Management System v1.o was discovered to contain a SQL injection vulnerability via the email parameter. | |||||
| CVE-2022-26170 | 1 Simple Mobile Comparison Website Project | 1 Simple Mobile Comparison Website | 2022-03-14 | 7.5 HIGH | 9.8 CRITICAL |
| Simple Mobile Comparison Website v1.0 was discovered to contain a SQL injection vulnerability via the search parameter. | |||||