Total
9311 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-29980 | 1 Simple Client Management System Project | 1 Simple Client Management System | 2022-05-18 | 7.5 HIGH | 9.8 CRITICAL |
| Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/admin/?page=user/manage_user&id=. | |||||
| CVE-2022-29999 | 1 Insurance Management System Project | 1 Insurance Management System | 2022-05-18 | 7.5 HIGH | 9.8 CRITICAL |
| Insurance Management System 1.0 is vulnerable to SQL Injection via /insurance/editClient.php?client_id=. | |||||
| CVE-2022-30001 | 1 Insurance Management System Project | 1 Insurance Management System | 2022-05-18 | 7.5 HIGH | 9.8 CRITICAL |
| Insurance Management System 1.0 is vulnerable to SQL Injection via /insurance/editAgent.php?agent_id=. | |||||
| CVE-2022-30000 | 1 Insurance Management System Project | 1 Insurance Management System | 2022-05-18 | 7.5 HIGH | 9.8 CRITICAL |
| Insurance Management System 1.0 is vulnerable to SQL Injection via /insurance/editPayment.php?recipt_no=. | |||||
| CVE-2022-29745 | 1 Money Transfer Management System Project | 1 Money Transfer Management System | 2022-05-18 | 7.5 HIGH | 9.8 CRITICAL |
| Money Transfer Management System 1.0 is vulnerable to SQL Injection via \mtms\classes\Master.php?f=delete_transaction. | |||||
| CVE-2022-29998 | 1 Insurance Management System Project | 1 Insurance Management System | 2022-05-18 | 7.5 HIGH | 9.8 CRITICAL |
| Insurance Management System 1.0 is vulnerable to SQL Injection via /insurance/clientStatus.php?client_id=. | |||||
| CVE-2022-29317 | 1 Simple Bus Ticket Booking System Project | 1 Simple Bus Ticket Booking System | 2022-05-18 | 7.5 HIGH | 9.8 CRITICAL |
| Simple Bus Ticket Booking System v1.0 was discovered to contain multiple SQL injection vulnerbilities via the username and password parameters at /assets/partials/_handleLogin.php. | |||||
| CVE-2022-29316 | 1 Complete Online Job Search System Project | 1 Complete Online Job Search System | 2022-05-18 | 7.5 HIGH | 9.8 CRITICAL |
| Complete Online Job Search System v1.0 was discovered to contain a SQL injection vulnerability via /eris/index.php?q=result&searchfor=advancesearch. | |||||
| CVE-2022-26116 | 1 Fortinet | 1 Fortinac | 2022-05-18 | 6.5 MEDIUM | 8.8 HIGH |
| Multiple improper neutralization of special elements used in SQL commands ('SQL Injection') vulnerability [CWE-89] in FortiNAC version 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below, 8.7.6 and below, 8.8.11 and below, 9.1.5 and below, 9.2.2 and below may allow an authenticated attacker to execute unauthorized code or commands via specifically crafted strings parameters. | |||||
| CVE-2022-1453 | 1 Rsvpmaker Project | 1 Rsvpmaker | 2022-05-18 | 5.0 MEDIUM | 7.5 HIGH |
| The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to missing SQL escaping and parameterization on user supplied data passed to a SQL query in the rsvpmaker-util.php file. This makes it possible for unauthenticated attackers to steal sensitive information from the database in versions up to and including 9.2.5. | |||||
| CVE-2022-1505 | 1 Rsvpmaker Project | 1 Rsvpmaker | 2022-05-17 | 5.0 MEDIUM | 7.5 HIGH |
| The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to missing SQL escaping and parameterization on user supplied data passed to a SQL query in the rsvpmaker-api-endpoints.php file. This makes it possible for unauthenticated attackers to steal sensitive information from the database in versions up to and including 9.2.6. | |||||
| CVE-2022-29656 | 1 Wedding Management System Project | 1 Wedding Management System | 2022-05-17 | 7.5 HIGH | 9.8 CRITICAL |
| Wedding Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /Wedding-Management/package_detail.php. | |||||
| CVE-2021-43010 | 1 Safedog | 1 Safedog Apache | 2022-05-17 | 5.0 MEDIUM | 7.5 HIGH |
| In Safedog Apache v4.0.30255, attackers can bypass this product for SQL injection. Attackers can bypass access to sensitive data. | |||||
| CVE-2022-30335 | 1 Wealth | 1 Bonanza Wealth Management System | 2022-05-17 | 7.5 HIGH | 9.8 CRITICAL |
| Bonanza Wealth Management System (BWM) 7.3.2 allows SQL injection via the login form. Users who supply the application with a SQL injection payload in the User Name textbox could collect all passwords in encrypted format from the Microsoft SQL Server component. | |||||
| CVE-2021-43094 | 1 Openmrs | 2 Openmrs, Reference Application | 2022-05-17 | 7.5 HIGH | 9.8 CRITICAL |
| An SQL Injection vulnerability exists in OpenMRS Reference Application Standalone Edition <=2.11 and Platform Standalone Edition <=2.4.0 via GET requests on arbitrary parameters in patient.page. | |||||
| CVE-2022-28110 | 1 Hotel Management System Project | 1 Hotel Management System | 2022-05-17 | 7.5 HIGH | 9.8 CRITICAL |
| Hotel Management System v1.0 was discovered to contain a SQL injection vulnerability via the username parameter at the login page. | |||||
| CVE-2022-27412 | 1 Exploreit | 1 Explore Cms | 2022-05-17 | 7.5 HIGH | 9.8 CRITICAL |
| Explore CMS v1.0 was discovered to contain a SQL injection vulnerability via a /page.php?id= request. | |||||
| CVE-2022-29535 | 1 Zohocorp | 1 Manageengine Opmanager | 2022-05-17 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine OPManager through 125588 allows SQL Injection via a few default reports. | |||||
| CVE-2022-0814 | 1 Ubigeo De Peru Para Woocommerce Project | 1 Ubigeo De Peru Para Woocommerce | 2022-05-17 | 7.5 HIGH | 9.8 CRITICAL |
| The Ubigeo de Perú para Woocommerce WordPress plugin before 3.6.4 does not properly sanitise and escape some parameters before using them in SQL statements via various AJAX actions, some of which are available to unauthenticated users, leading to SQL Injections | |||||
| CVE-2022-1013 | 1 Ays-pro | 1 Personal Dictionary | 2022-05-17 | 7.5 HIGH | 9.8 CRITICAL |
| The Personal Dictionary WordPress plugin before 1.3.4 fails to properly sanitize user supplied POST data before it is being interpolated in an SQL statement and then executed, leading to a blind SQL injection vulnerability. | |||||