Total
9311 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-28411 | 1 Simple Real Estate Portal System Portal | 1 Simple Real Estate Portal System | 2022-04-28 | 7.5 HIGH | 9.8 CRITICAL |
| Simple Real Estate Portal System v1.0 was discovered to contain a SQL injection vulnerability via /reps/admin/?page=agents/manage_agent. | |||||
| CVE-2022-28410 | 1 Simple Real Estate Portal System Project | 1 Simple Real Estate Portal System | 2022-04-28 | 7.5 HIGH | 9.8 CRITICAL |
| Simple Real Estate Portal System v1.0 was discovered to contain a SQL injection vulnerability via /reps/classes/Users.php?f=delete_agent. | |||||
| CVE-2022-28028 | 1 Simple Real Estate Portal System Project | 1 Simple Real Estate Portal System | 2022-04-28 | 7.5 HIGH | 9.8 CRITICAL |
| Simple Real Estate Portal System v1.0 was discovered to contain a SQL injection vulnerability via /reps/classes/Master.php?f=delete_amenity. | |||||
| CVE-2022-28029 | 1 Simple Real Estate Portal System Project | 1 Simple Real Estate Portal System | 2022-04-28 | 7.5 HIGH | 9.8 CRITICAL |
| Simple Real Estate Portal System v1.0 was discovered to contain a SQL injection vulnerability via /reps/classes/Master.php?f=delete_type. | |||||
| CVE-2022-28030 | 1 Simple Real Estate Portal System Project | 1 Simple Real Estate Portal System | 2022-04-28 | 7.5 HIGH | 9.8 CRITICAL |
| Simple Real Estate Portal System v1.0 was discovered to contain a SQL injection vulnerability via /reps/classes/Master.php?f=delete_estate. | |||||
| CVE-2022-28026 | 1 Student Grading System Project | 1 Student Grading System | 2022-04-28 | 7.5 HIGH | 9.8 CRITICAL |
| Student Grading System v1.0 was discovered to contain a SQL injection vulnerability via /student-grading-system/rms.php?page=student_p&id=. | |||||
| CVE-2022-28024 | 1 Student Grading System Project | 1 Student Grading System | 2022-04-28 | 7.5 HIGH | 9.8 CRITICAL |
| Student Grading System v1.0 was discovered to contain a SQL injection vulnerability via /student-grading-system/rms.php?page=grade. | |||||
| CVE-2022-28025 | 1 Student Grading System Project | 1 Student Grading System | 2022-04-28 | 7.5 HIGH | 9.8 CRITICAL |
| Student Grading System v1.0 was discovered to contain a SQL injection vulnerability via /student-grading-system/rms.php?page=school_year. | |||||
| CVE-2022-28437 | 1 Baby Care System Project | 1 Baby Care System | 2022-04-27 | 7.5 HIGH | 9.8 CRITICAL |
| Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/uesrs.php&action=type&userrole=Admin&userid=3. | |||||
| CVE-2022-28022 | 1 Purchase Order Management System Project | 1 Purchase Order Management System | 2022-04-27 | 7.5 HIGH | 9.8 CRITICAL |
| Purchase Order Management System v1.0 was discovered to contain a SQL injection vulnerability via /purchase_order/classes/Master.php?f=delete_item. | |||||
| CVE-2022-24231 | 1 Simple Student Information System Project | 1 Simple Student Information System | 2022-04-27 | 10.0 HIGH | 9.8 CRITICAL |
| Simple Student Information System v1.0 was discovered to contain a SQL injection vulnerability via add/Student. | |||||
| CVE-2020-12720 | 1 Vbulletin | 1 Vbulletin | 2022-04-27 | 7.5 HIGH | 9.8 CRITICAL |
| vBulletin before 5.5.6pl1, 5.6.0 before 5.6.0pl1, and 5.6.1 before 5.6.1pl1 has incorrect access control. | |||||
| CVE-2022-27104 | 1 Formalms | 1 Formalms | 2022-04-27 | 7.5 HIGH | 9.8 CRITICAL |
| An Unauthenticated time-based blind SQL injection vulnerability exists in Forma LMS prior to v.1.4.3. | |||||
| CVE-2022-0785 | 1 Daily Prayer Time Project | 1 Daily Prayer Time | 2022-04-26 | 7.5 HIGH | 9.8 CRITICAL |
| The Daily Prayer Time WordPress plugin before 2022.03.01 does not sanitise and escape the month parameter before using it in a SQL statement via the get_monthly_timetable AJAX action (available to unauthenticated users), leading to an unauthenticated SQL injection | |||||
| CVE-2020-13590 | 1 Rukovoditel | 1 Rukovoditel | 2022-04-26 | 6.5 MEDIUM | 7.2 HIGH |
| Multiple exploitable SQL injection vulnerabilities exist in the 'entities/fields' page of the Rukovoditel Project Management App 2.7.2. A specially crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger these vulnerabilities, this can be done either with administrator credentials or through cross-site request forgery. | |||||
| CVE-2020-13567 | 2 Open-emr, Phpgacl Project | 2 Openemr, Phpgacl | 2022-04-26 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple SQL injection vulnerabilities exist in phpGACL 3.3.7. A specially crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2022-26631 | 1 Automatic Question Paper Generator Project | 1 Automatic Question Paper Generator | 2022-04-26 | 7.5 HIGH | 9.8 CRITICAL |
| Automatic Question Paper Generator v1.0 contains a Time-Based Blind SQL injection vulnerability via the id GET parameter. | |||||
| CVE-2022-27908 | 1 Zohocorp | 1 Manageengine Opmanager | 2022-04-26 | 6.5 MEDIUM | 8.8 HIGH |
| Zoho ManageEngine OpManager before 125588 (and before 125603) is vulnerable to authenticated SQL Injection in the Inventory Reports module. | |||||
| CVE-2021-3278 | 1 Local Services Search Engine Management System Project | 1 Local Services Search Engine Management System | 2022-04-26 | 7.5 HIGH | 9.8 CRITICAL |
| Local Service Search Engine Management System 1.0 has a vulnerability through authentication bypass using SQL injection . Using this vulnerability, an attacker can bypass the login page. | |||||
| CVE-2022-27423 | 1 Chamilo | 1 Chamilo Lms | 2022-04-25 | 7.5 HIGH | 9.8 CRITICAL |
| Chamilo LMS v1.11.13 was discovered to contain a SQL injection vulnerability via the blog_id parameter at /blog/blog.php. | |||||