Total
9311 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-44581 | 1 Kreado | 1 Kreasfero | 2022-04-04 | 5.0 MEDIUM | 7.5 HIGH |
| An SQL Injection vulnerabilty exists in Kreado Kreasfero 1.5 via the id parameter. | |||||
| CVE-2022-1078 | 1 College Website Management System Project | 1 College Website Management System | 2022-04-04 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability was found in SourceCodester College Website Management System 1.0. It has been classified as critical. Affected is the file /cwms/admin/?page=articles/view_article/. The manipulation of the argument id with the input ' and (select * from(select(sleep(10)))Avx) and 'abc' = 'abc with an unknown input leads to sql injection. It is possible to launch the attack remotely and without authentication. | |||||
| CVE-2022-1080 | 1 One Church Management System Project | 1 One Church Management System | 2022-04-04 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability was found in SourceCodester One Church Management System 1.0. It has been declared as critical. This vulnerability affects code of the file attendancy.php as the manipulation of the argument search2 leads to sql injection. The attack can be initiated remotely. | |||||
| CVE-2021-25068 | 1 Dpl | 1 Sync Woocommerce Product Feed To Google Shopping | 2022-04-04 | 6.5 MEDIUM | 7.2 HIGH |
| The Sync WooCommerce Product feed to Google Shopping WordPress plugin through 1.2.4 uses the 'feed_id' POST parameter which is not properly sanitized for use in a SQL statement, leading to a SQL injection vulnerability in the admin dashboard | |||||
| CVE-2021-25070 | 1 Stopbadbots | 1 Block And Stop Bad Bots | 2022-04-04 | 7.5 HIGH | 9.8 CRITICAL |
| The Block Bad Bots WordPress plugin before 6.88 does not properly sanitise and escape the User Agent before using it in a SQL statement to record logs, leading to an SQL Injection issue | |||||
| CVE-2022-0784 | 1 Title Experiments Free Project | 1 Title Experiments Free | 2022-04-04 | 7.5 HIGH | 9.8 CRITICAL |
| The Title Experiments Free WordPress plugin before 9.0.1 does not sanitise and escape the id parameter before using it in a SQL statement via the wpex_titles AJAX action (available to unauthenticated users), leading to an unauthenticated SQL injection | |||||
| CVE-2022-0787 | 1 Limit Login Attempts Project | 1 Limit Login Attempts | 2022-04-04 | 7.5 HIGH | 9.8 CRITICAL |
| The Limit Login Attempts (Spam Protection) WordPress plugin before 5.1 does not sanitise and escape some parameters before using them in SQL statements via AJAX actions (available to unauthenticated users), leading to SQL Injections | |||||
| CVE-2022-0846 | 1 Speakout\! Email Petitions Project | 1 Speakout\! Email Petitions | 2022-04-04 | 7.5 HIGH | 9.8 CRITICAL |
| The SpeakOut! Email Petitions WordPress plugin before 2.14.15.1 does not sanitise and escape the id parameter before using it in a SQL statement via the dk_speakout_sendmail AJAX action, leading to an SQL Injection exploitable by unauthenticated users | |||||
| CVE-2022-0479 | 1 Sygnoos | 1 Popup Builder | 2022-04-04 | 7.5 HIGH | 9.8 CRITICAL |
| The Popup Builder WordPress plugin before 4.1.1 does not sanitise and escape the sgpb-subscription-popup-id parameter before using it in a SQL statement in the All Subscribers admin dashboard, leading to a SQL injection, which could also be used to perform Reflected Cross-Site Scripting attack against a logged in admin opening a malicious link | |||||
| CVE-2021-25064 | 1 Wow-company | 1 Wow Countdowns | 2022-04-04 | 6.5 MEDIUM | 7.2 HIGH |
| The Wow Countdowns WordPress plugin through 3.1.2 does not sanitize user input into the 'did' parameter and uses it in a SQL statement, leading to an authenticated SQL Injection. | |||||
| CVE-2022-1082 | 1 Microfinance Management System Project | 1 Microfinance Management System | 2022-04-04 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability was found in SourceCodester Microfinance Management System 1.0. It has been rated as critical. This issue affects the file /mims/login.php of the Login Page. The manipulation of the argument username/password with the input '||1=1# leads to sql injection. The attack may be initiated remotely. | |||||
| CVE-2021-33701 | 1 Sap | 3 Dmis, S4core, Sapscore | 2022-04-01 | 6.5 MEDIUM | 9.1 CRITICAL |
| DMIS Mobile Plug-In or SAP S/4HANA, versions - DMIS 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730, 710, 2011_1_731, 710, 2011_1_752, 2020, SAPSCORE 125, S4CORE 102, 102, 103, 104, 105, allows an attacker with access to highly privileged account to execute manipulated query in NDZT tool to gain access to Superuser account, leading to SQL Injection vulnerability, that highly impacts systems Confidentiality, Integrity and Availability. | |||||
| CVE-2022-26059 | 1 Deltaww | 1 Diaenergie | 2022-04-01 | 10.0 HIGH | 9.8 CRITICAL |
| Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in GetQueryData. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. | |||||
| CVE-2022-26013 | 1 Deltaww | 1 Diaenergie | 2022-04-01 | 10.0 HIGH | 9.8 CRITICAL |
| Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in DIAE_dmdsetHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. | |||||
| CVE-2022-26069 | 1 Deltaww | 1 Diaenergie | 2022-04-01 | 10.0 HIGH | 9.8 CRITICAL |
| Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in HandlerPage_KID.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. | |||||
| CVE-2022-25980 | 1 Deltaww | 1 Diaenergie | 2022-04-01 | 10.0 HIGH | 9.8 CRITICAL |
| Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in HandlerCommon.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. | |||||
| CVE-2022-26667 | 1 Deltaww | 1 Diaenergie | 2022-04-01 | 10.0 HIGH | 9.8 CRITICAL |
| Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in GetDemandAnalysisData. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. | |||||
| CVE-2022-26514 | 1 Deltaww | 1 Diaenergie | 2022-04-01 | 10.0 HIGH | 9.8 CRITICAL |
| Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in DIAE_tagHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. | |||||
| CVE-2022-26349 | 1 Deltaww | 1 Diaenergie | 2022-04-01 | 10.0 HIGH | 9.8 CRITICAL |
| Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in DIAE_eccoefficientHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. | |||||
| CVE-2022-26836 | 1 Deltaww | 1 Diaenergie | 2022-04-01 | 10.0 HIGH | 9.8 CRITICAL |
| Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in HandlerExport.ashx/Calendar. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. | |||||