Total
9311 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-1376 | 1 Deltaww | 1 Diaenergie | 2022-05-10 | 10.0 HIGH | 9.8 CRITICAL |
| Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_privgrpHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. | |||||
| CVE-2022-28505 | 1 Jflyfox | 1 Jfinal Cms | 2022-05-10 | 6.5 MEDIUM | 7.2 HIGH |
| Jfinal_cms 5.1.0 is vulnerable to SQL Injection via com.jflyfox.system.log.LogController.java. | |||||
| CVE-2022-1375 | 1 Deltaww | 1 Diaenergie | 2022-05-10 | 10.0 HIGH | 9.8 CRITICAL |
| Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_slogHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. | |||||
| CVE-2022-1374 | 1 Deltaww | 1 Diaenergie | 2022-05-10 | 10.0 HIGH | 9.8 CRITICAL |
| Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_unHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. | |||||
| CVE-2022-1372 | 1 Deltaww | 1 Diaenergie | 2022-05-10 | 10.0 HIGH | 9.8 CRITICAL |
| Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in dlSlog.aspx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. | |||||
| CVE-2022-1371 | 1 Deltaww | 1 Diaenergie | 2022-05-10 | 10.0 HIGH | 9.8 CRITICAL |
| Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in ReadRegf. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. | |||||
| CVE-2022-1370 | 1 Deltaww | 1 Diaenergie | 2022-05-10 | 10.0 HIGH | 9.8 CRITICAL |
| Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in ReadREGbyID. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. | |||||
| CVE-2022-1369 | 1 Deltaww | 1 Diaenergie | 2022-05-10 | 10.0 HIGH | 9.8 CRITICAL |
| Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in ReadRegIND. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. | |||||
| CVE-2022-1367 | 1 Deltaww | 1 Diaenergie | 2022-05-10 | 10.0 HIGH | 9.8 CRITICAL |
| Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in Handler_TCV.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. | |||||
| CVE-2022-1366 | 1 Deltaww | 1 Diaenergie | 2022-05-10 | 10.0 HIGH | 9.8 CRITICAL |
| Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in HandlerChart.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. | |||||
| CVE-2022-29904 | 1 Mediawiki | 1 Mediawiki | 2022-05-10 | 7.5 HIGH | 9.8 CRITICAL |
| The SemanticDrilldown extension for MediaWiki through 1.37.2 (before e688bdba6434591b5dff689a45e4d53459954773) allows SQL injection with certain '-' and '_' constraints. | |||||
| CVE-2022-27466 | 1 Mingsoft | 1 Mcms | 2022-05-10 | 7.5 HIGH | 9.8 CRITICAL |
| MCMS v5.2.27 was discovered to contain a SQL injection vulnerability in the orderBy parameter at /dict/list.do. | |||||
| CVE-2022-28585 | 1 Phome | 1 Empirecms | 2022-05-09 | 7.5 HIGH | 9.8 CRITICAL |
| EmpireCMS 7.5 has a SQL injection vulnerability in AdClass.php | |||||
| CVE-2022-27962 | 1 Bluecms Project | 1 Bluecms | 2022-05-09 | 7.5 HIGH | 9.8 CRITICAL |
| Bluecms 1.6 has a SQL injection vulnerability at cooike. | |||||
| CVE-2022-0771 | 1 Marketingheroes | 1 Sitesupercharger | 2022-05-09 | 7.5 HIGH | 9.8 CRITICAL |
| The SiteSuperCharger WordPress plugin before 5.2.0 does not validate, sanitise and escape various user inputs before using them in SQL statements via AJAX actions (available to both unauthenticated and authenticated users), leading to Unauthenticated SQL Injections | |||||
| CVE-2022-0773 | 1 Documentor Project | 1 Documentor | 2022-05-09 | 7.5 HIGH | 9.8 CRITICAL |
| The Documentor WordPress plugin through 1.5.3 fails to sanitize and escape user input before it is being interpolated in an SQL statement and then executed, leading to an SQL Injection exploitable by unauthenticated users. | |||||
| CVE-2022-1281 | 1 10web | 1 Photo Gallery | 2022-05-09 | 7.5 HIGH | 9.8 CRITICAL |
| The Photo Gallery WordPress plugin through 1.6.3 does not properly escape the $_POST['filter_tag'] parameter, which is appended to an SQL query, making SQL Injection attacks possible. | |||||
| CVE-2022-28060 | 1 Victor Cms Project | 1 Victor Cms | 2022-05-06 | 5.0 MEDIUM | 7.5 HIGH |
| SQL Injection vulnerability in Victor CMS v1.0, via the user_name parameter to /includes/login.php. | |||||
| CVE-2022-27299 | 1 Hospital Management System Project | 1 Hospital Management System | 2022-05-05 | 7.5 HIGH | 9.8 CRITICAL |
| Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the component room.php. | |||||
| CVE-2022-29419 | 1 3xsocializer Project | 1 3xsocializer | 2022-05-05 | 6.5 MEDIUM | 8.8 HIGH |
| SQL Injection (SQLi) vulnerability in Don Crowther's 3xSocializer plugin <= 0.98.22 at WordPress possible for users with a low role like a subscriber or higher. | |||||