Total
11593 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-43077 | 1 Fortinet | 1 Fortiwlm | 2022-03-09 | 6.5 MEDIUM | 8.8 HIGH |
| A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiWLM version 8.6.2 and below, version 8.5.2 and below, version 8.4.2 and below, version 8.3.2 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests to the AP monitor handlers. | |||||
| CVE-2022-23387 | 1 Taocms | 1 Taocms | 2022-03-09 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in taocms 3.0.2. This is a SQL blind injection that can obtain database data through the Comment Update field. | |||||
| CVE-2022-23380 | 1 Taogogo | 1 Taocms | 2022-03-08 | 6.5 MEDIUM | 8.8 HIGH |
| There is a SQL injection vulnerability in the background of taocms 3.0.2 in parameter id:action=admin&id=2&ctrl=edit. | |||||
| CVE-2022-24571 | 1 Car Driving School Management System Project | 1 Car Driving School Management System | 2022-03-08 | 7.5 HIGH | 9.8 CRITICAL |
| Car Driving School Management System v1.0 is affected by SQL injection in the login page. An attacker can use simple SQL login injection payload to get admin access. | |||||
| CVE-2022-23911 | 1 Accesspressthemes | 1 Ap Custom Testimonial | 2022-03-08 | 6.5 MEDIUM | 7.2 HIGH |
| The Testimonial WordPress Plugin WordPress plugin before 1.4.7 does not validate and escape the id parameter before using it in a SQL statement when retrieving a testimonial to edit, leading to a SQL Injection | |||||
| CVE-2022-0412 | 1 Templateinvaders | 1 Ti Woocommerce Wishlist | 2022-03-08 | 7.5 HIGH | 9.8 CRITICAL |
| The TI WooCommerce Wishlist WordPress plugin before 1.40.1, TI WooCommerce Wishlist Pro WordPress plugin before 1.40.1 do not sanitise and escape the item_id parameter before using it in a SQL statement via the wishlist/remove_product REST endpoint, allowing unauthenticated attackers to perform SQL injection attacks | |||||
| CVE-2022-0411 | 1 Asgaros | 1 Asgaros Forum | 2022-03-08 | 6.5 MEDIUM | 8.8 HIGH |
| The Asgaros Forum WordPress plugin before 2.0.0 does not sanitise and escape the post_id parameter before using it in a SQL statement via a REST route of the plugin (accessible to any authenticated user), leading to a SQL injection | |||||
| CVE-2022-0383 | 1 Ljapps | 1 Wp Review Slider | 2022-03-08 | 6.5 MEDIUM | 7.2 HIGH |
| The WP Review Slider WordPress plugin before 11.0 does not sanitise and escape the pid parameter when copying a Twitter source, which could allow a high privilege users to perform SQL Injections attacks | |||||
| CVE-2022-25096 | 1 Home Owners Collection Management System Project | 1 Home Owners Collection Management System | 2022-03-08 | 7.5 HIGH | 9.8 CRITICAL |
| Home Owners Collection Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in /members/view_member.php. | |||||
| CVE-2021-24704 | 1 Orange-form Project | 1 Orange-form | 2022-03-07 | 6.8 MEDIUM | 8.8 HIGH |
| In the Orange Form WordPress plugin through 1.0, the process_bulk_action() function in "admin/orange-form-email.php" performs an unprepared SQL query with an unsanitized parameter ($id). Only admin can access the page that invokes the function, but because of lack of CSRF protection, it is actually exploitable and could allow attackers to make a logged in admin delete arbitrary posts for example | |||||
| CVE-2021-24864 | 1 Wpscan | 1 Wp Cloudy | 2022-03-07 | 6.5 MEDIUM | 8.8 HIGH |
| The WP Cloudy, weather plugin WordPress plugin before 4.4.9 does not escape the post_id parameter before using it in a SQL statement in the admin dashboard, leading to a SQL Injection issue | |||||
| CVE-2022-25406 | 1 Tongda2000 | 1 Tongda2000 | 2022-03-03 | 7.5 HIGH | 9.8 CRITICAL |
| Tongda2000 v11.10 was discovered to contain a SQL injection vulnerability in delete_query.php via the DELETE_STR parameter. | |||||
| CVE-2022-25405 | 1 Tongda2000 | 1 Tongda2000 | 2022-03-03 | 7.5 HIGH | 9.8 CRITICAL |
| Tongda2000 v11.10 was discovered to contain a SQL injection vulnerability in change_box.php via the DELETE_STR parameter. | |||||
| CVE-2022-25404 | 1 Tongda2000 | 1 Tongda2000 | 2022-03-03 | 7.5 HIGH | 9.8 CRITICAL |
| Tongda2000 v11.10 was discovered to contain a SQL injection vulnerability in delete.php via the DELETE_STR parameter. | |||||
| CVE-2022-25149 | 1 Veronalabs | 1 Wp Statistics | 2022-03-03 | 5.0 MEDIUM | 7.5 HIGH |
| The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the IP parameter found in the ~/includes/class-wp-statistics-hits.php file which allows attackers without authentication to inject arbitrary SQL queries to obtain sensitive information, in versions up to and including 13.1.5. | |||||
| CVE-2022-25403 | 1 Hospital Management System Project | 1 Hospital Management System | 2022-03-03 | 7.5 HIGH | 9.8 CRITICAL |
| HMS v1.0 was discovered to contain a SQL injection vulnerability via the component admin.php. | |||||
| CVE-2021-44610 | 1 Bloofox | 1 Bloofoxcms | 2022-03-03 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple SQL Injection vulnerabilities exist in bloofoxCMS 0.5.2.1 - 0.5.1 via the (1) URLs, (2) lang_id, (3) tmpl_id, (4) mod_rewrite (5) eta_doctype. (6) meta_charset, (7) default_group, and (8) page group parameters in the settings mode in admin/index.php. | |||||
| CVE-2021-44567 | 1 Rosariosis | 1 Rosariosis | 2022-03-03 | 7.5 HIGH | 9.8 CRITICAL |
| An unauthenticated SQL Injection vulnerability exists in RosarioSIS before 7.6.1 via the votes parameter in ProgramFunctions/PortalPollsNotes.fnc.php. | |||||
| CVE-2022-0651 | 1 Veronalabs | 1 Wp Statistics | 2022-03-03 | 5.0 MEDIUM | 7.5 HIGH |
| The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the current_page_type parameter found in the ~/includes/class-wp-statistics-hits.php file which allows attackers without authentication to inject arbitrary SQL queries to obtain sensitive information, in versions up to and including 13.1.5. | |||||
| CVE-2022-23986 | 1 Phpuploader Project | 1 Phpuploader | 2022-03-02 | 5.0 MEDIUM | 7.5 HIGH |
| SQL injection vulnerability in the phpUploader v1.2 and earlier allows a remote unauthenticated attacker to obtain the information in the database via unspecified vectors. | |||||