Total
11593 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-26169 | 1 Air Cargo Management System Project | 1 Air Cargo Management System | 2022-03-14 | 7.5 HIGH | 9.8 CRITICAL |
| Air Cargo Management System v1.0 was discovered to contain a SQL injection vulnerability via the ref_code parameter. | |||||
| CVE-2022-25399 | 1 Simple Real Estate Portal System Project | 1 Simple Real Estate Portal System | 2022-03-14 | 7.5 HIGH | 9.8 CRITICAL |
| Simple Real Estate Portal System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter. | |||||
| CVE-2022-25398 | 1 Auto Spare Parts Management Project | 1 Auto Spare Parts Management | 2022-03-14 | 7.5 HIGH | 9.8 CRITICAL |
| Auto Spare Parts Management v1.0 was discovered to contain a SQL injection vulnerability via the user parameter. | |||||
| CVE-2022-25396 | 1 Cosmetics And Beauty Product Online Store Project | 1 Cosmetics And Beauty Product Online Store | 2022-03-14 | 7.5 HIGH | 9.8 CRITICAL |
| Cosmetics and Beauty Product Online Store v1.0 was discovered to contain a SQL injection vulnerability via the search parameter. | |||||
| CVE-2022-25394 | 1 Medical Store Management System Project | 1 Medical Store Management System | 2022-03-14 | 10.0 HIGH | 9.8 CRITICAL |
| Medical Store Management System v1.0 was discovered to contain a SQL injection vulnerability via the cid parameter under customer-add.php. | |||||
| CVE-2022-25393 | 1 Simple Bakery Shop Management Project | 1 Simple Bakery Shop Management | 2022-03-14 | 5.0 MEDIUM | 7.5 HIGH |
| Simple Bakery Shop Management v1.0 was discovered to contain a SQL injection vulnerability via the username parameter. | |||||
| CVE-2022-0349 | 1 Wpdeveloper | 1 Notificationx | 2022-03-11 | 7.5 HIGH | 9.8 CRITICAL |
| The NotificationX WordPress plugin before 2.3.9 does not sanitise and escape the nx_id parameter before using it in a SQL statement, leading to an Unauthenticated Blind SQL Injection | |||||
| CVE-2022-0267 | 1 Adrotate Project | 1 Adrotate | 2022-03-11 | 6.5 MEDIUM | 7.2 HIGH |
| The AdRotate WordPress plugin before 5.8.22 does not sanitise and escape the adrotate_action before using it in a SQL statement via the adrotate_request_action function available to admins, leading to a SQL injection | |||||
| CVE-2021-24952 | 1 Tatvic | 1 Conversios.io | 2022-03-11 | 6.5 MEDIUM | 8.8 HIGH |
| The Conversios.io WordPress plugin before 4.6.2 does not sanitise, validate and escape the sync_progressive_data parameter for the tvcajax_product_sync_bantch_wise AJAX action before using it in a SQL statement, allowing any authenticated user to perform SQL injection attacks. | |||||
| CVE-2021-24778 | 1 Wpaffiliatefeed | 1 Tradetracker-store | 2022-03-11 | 6.5 MEDIUM | 7.2 HIGH |
| The test parameter of the xmlfeed in the Tradetracker-Store WordPress plugin before 4.6.60 is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. | |||||
| CVE-2021-24777 | 1 Hotscot | 1 Contact Form | 2022-03-11 | 6.5 MEDIUM | 7.2 HIGH |
| The view submission functionality in the Hotscot Contact Form WordPress plugin before 1.3 makes a get request with the sub_id parameter which not sanitised, escaped or validated before inserting to a SQL statement, leading to an SQL injection. | |||||
| CVE-2022-0754 | 1 Salesagility | 1 Suitecrm | 2022-03-11 | 4.0 MEDIUM | 6.5 MEDIUM |
| SQL Injection in GitHub repository salesagility/suitecrm prior to 7.12.5. | |||||
| CVE-2022-0434 | 1 A3rev | 1 Page View Count | 2022-03-11 | 7.5 HIGH | 9.8 CRITICAL |
| The Page View Count WordPress plugin before 2.4.15 does not sanitise and escape the post_ids parameter before using it in a SQL statement via a REST endpoint, available to both unauthenticated and authenticated users. As a result, unauthenticated attackers could perform SQL injection attacks | |||||
| CVE-2022-0420 | 1 Metagauss | 1 Registrationmagic | 2022-03-11 | 6.5 MEDIUM | 7.2 HIGH |
| The RegistrationMagic WordPress plugin before 5.0.2.2 does not sanitise and escape the rm_form_id parameter before using it in a SQL statement in the Automation admin dashboard, allowing high privilege users to perform SQL injection attacks | |||||
| CVE-2022-26201 | 1 Victor Cms Project | 1 Victor Cms | 2022-03-10 | 7.5 HIGH | 9.8 CRITICAL |
| Victor CMS v1.0 was discovered to contain a SQL injection vulnerability. | |||||
| CVE-2021-40635 | 1 Os4ed | 1 Opensis | 2022-03-09 | 5.0 MEDIUM | 7.5 HIGH |
| OS4ED openSIS 8.0 is affected by SQL injection in ChooseCpSearch.php, ChooseRequestSearch.php. An attacker can inject a SQL query to extract information from the database. | |||||
| CVE-2021-40636 | 1 Os4ed | 1 Opensis | 2022-03-09 | 5.0 MEDIUM | 7.5 HIGH |
| OS4ED openSIS 8.0 is affected by SQL Injection in CheckDuplicateName.php, which can extract information from the database. | |||||
| CVE-2022-23898 | 1 Mingsoft | 1 Mcms | 2022-03-09 | 7.5 HIGH | 9.8 CRITICAL |
| MCMS v5.2.5 was discovered to contain a SQL injection vulnerability via the categoryId parameter in the file IContentDao.xml. | |||||
| CVE-2022-23899 | 1 Mingsoft | 1 Mcms | 2022-03-09 | 7.5 HIGH | 9.8 CRITICAL |
| MCMS v5.2.5 was discovered to contain a SQL injection vulnerability via search.do in the file /web/MCmsAction.java. | |||||
| CVE-2022-25125 | 1 Mingsoft | 1 Mcms | 2022-03-09 | 7.5 HIGH | 9.8 CRITICAL |
| MCMS v5.2.4 was discovered to contain a SQL injection vulnerability via search.do in the file /mdiy/dict/listExcludeApp. | |||||