Total
9311 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-26114 | 1 Fortinet | 1 Fortiwan | 2022-04-13 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple improper neutralization of special elements used in an SQL command vulnerabilities in FortiWAN before 4.5.9 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests. | |||||
| CVE-2022-26628 | 1 Matrimony Project | 1 Matrimony | 2022-04-13 | 7.5 HIGH | 9.8 CRITICAL |
| Matrimony v1.0 was discovered to contain a SQL injection vulnerability via the Password parameter. | |||||
| CVE-2022-26986 | 1 Impresscms | 1 Impresscms | 2022-04-12 | 8.5 HIGH | 7.2 HIGH |
| SQL Injection in ImpressCMS 1.4.3 and earlier allows remote attackers to inject into the code in unintended way, this allows an attacker to read and modify the sensitive information from the database used by the application. If misconfigured, an attacker can even upload a malicious web shell to compromise the entire system. | |||||
| CVE-2022-21664 | 3 Debian, Fedoraproject, Wordpress | 3 Debian Linux, Fedora, Wordpress | 2022-04-12 | 6.5 MEDIUM | 8.8 HIGH |
| WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Due to lack of proper sanitization in one of the classes, there's potential for unintended SQL queries to be executed. This has been patched in WordPress version 5.8.3. Older affected versions are also fixed via security release, that go back till 4.1.34. We strongly recommend that you keep auto-updates enabled. There are no known workarounds for this issue. | |||||
| CVE-2022-28116 | 1 Online Banking System Project | 1 Online Banking System | 2022-04-12 | 7.5 HIGH | 9.8 CRITICAL |
| Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter. | |||||
| CVE-2022-28468 | 1 Payroll Management System Project | 1 Payroll Management System | 2022-04-12 | 7.5 HIGH | 9.8 CRITICAL |
| Payroll Management System v1.0 was discovered to contain a SQL injection vulnerability via the username parameter. | |||||
| CVE-2022-28115 | 1 Online Sports Complex Booking Project | 1 Online Sports Complex Booking | 2022-04-12 | 7.5 HIGH | 9.8 CRITICAL |
| Online Sports Complex Booking v1.0 was discovered to contain a SQL injection vulnerability via the id parameter. | |||||
| CVE-2022-21661 | 3 Debian, Fedoraproject, Wordpress | 3 Debian Linux, Fedora, Wordpress | 2022-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Due to improper sanitization in WP_Query, there can be cases where SQL injection is possible through plugins or themes that use it in a certain way. This has been patched in WordPress version 5.8.3. Older affected versions are also fixed via security release, that go back till 3.7.37. We strongly recommend that you keep auto-updates enabled. There are no known workarounds for this vulnerability. | |||||
| CVE-2022-28467 | 1 Online Student Admission Project | 1 Online Student Admission | 2022-04-12 | 7.5 HIGH | 9.8 CRITICAL |
| Online Student Admission v1.0 was discovered to contain a SQL injection vulnerability via the txtapplicationID parameter. | |||||
| CVE-2020-27660 | 1 Synology | 1 Safeaccess | 2022-04-12 | 10.0 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in request.cgi in Synology SafeAccess before 1.2.3-0234 allows remote attackers to execute arbitrary SQL commands via the domain parameter. | |||||
| CVE-2022-24260 | 1 Voipmonitor | 1 Voipmonitor | 2022-04-12 | 10.0 HIGH | 9.8 CRITICAL |
| A SQL injection vulnerability in Voipmonitor GUI before v24.96 allows attackers to escalate privileges to the Administrator level. | |||||
| CVE-2022-25003 | 1 Hospital\'s Patient Records Management System Project | 1 Hospital\'s Patient Records Management System | 2022-04-12 | 7.5 HIGH | 9.8 CRITICAL |
| Hospital Patient Record Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in /admin/doctors/view_doctor.php. | |||||
| CVE-2022-27124 | 1 Insurance Management System Project | 1 Insurance Management System | 2022-04-12 | 7.5 HIGH | 9.8 CRITICAL |
| Insurance Management System 1.0 was discovered to contain a SQL injection vulnerability via the username parameter. | |||||
| CVE-2022-27304 | 1 Student Grading System Project | 1 Student Grading System | 2022-04-12 | 7.5 HIGH | 9.8 CRITICAL |
| Student Grading System v1.0 was discovered to contain a SQL injection vulnerability via the user parameter. | |||||
| CVE-2022-27123 | 1 Employee Performance Evaluation Project | 1 Employee Performance Evaluation | 2022-04-12 | 7.5 HIGH | 9.8 CRITICAL |
| Employee Performance Evaluation v1.0 was discovered to contain a SQL injection vulnerability via the email parameter. | |||||
| CVE-2022-26585 | 1 Mingsoft | 1 Mcms | 2022-04-12 | 7.5 HIGH | 9.8 CRITICAL |
| Mingsoft MCMS v5.2.7 was discovered to contain a SQL injection vulnerability via /cms/content/list. | |||||
| CVE-2022-0887 | 1 Cybernetikz | 1 Easy Social Icons | 2022-04-11 | 6.5 MEDIUM | 7.2 HIGH |
| The Easy Social Icons WordPress plugin before 3.1.4 does not sanitize the selected_icons attribute to the cnss_widget before using it in an SQL statement, leading to a SQL injection vulnerability. | |||||
| CVE-2021-32957 | 1 Auvesy-mdt | 2 Autosave, Autosave For System Platform | 2022-04-11 | 5.0 MEDIUM | 7.5 HIGH |
| A function in MDT AutoSave versions prior to v6.02.06 is used to retrieve system information for a specific process, and this information collection executes multiple commands and summarizes the information into an XML. This function and subsequent process gives full path to the executable and is therefore vulnerable to binary hijacking. | |||||
| CVE-2021-36625 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2022-04-11 | 6.5 MEDIUM | 8.8 HIGH |
| An SQL Injection vulnerability exists in Dolibarr ERP/CRM 13.0.2 (fixed version is 14.0.0) via a POST request to the country_id parameter in an UPDATE statement. | |||||
| CVE-2021-32953 | 1 Auvesy-mdt | 2 Autosave, Autosave For System Platform | 2022-04-11 | 7.5 HIGH | 9.8 CRITICAL |
| An attacker could utilize SQL commands to create a new user MDT AutoSave versions prior to v6.02.06 and update the user’s permissions, granting the attacker the ability to login. | |||||