Total
9311 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-27175 | 1 Deltaww | 1 Diaenergie | 2022-04-01 | 10.0 HIGH | 9.8 CRITICAL |
| Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in GetCalcTagList. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. | |||||
| CVE-2022-1064 | 1 Fork-cms | 1 Fork Cms | 2022-03-31 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection through marking blog comments on bulk as spam in GitHub repository forkcms/forkcms prior to 5.11.1. | |||||
| CVE-2022-23882 | 1 Tuzicms | 1 Tuzicms | 2022-03-31 | 7.5 HIGH | 9.8 CRITICAL |
| TuziCMS 2.0.6 is affected by SQL injection in \App\Manage\Controller\BannerController.class.php. | |||||
| CVE-2022-0983 | 2 Fedoraproject, Moodle | 3 Extra Packages For Enterprise Linux, Fedora, Moodle | 2022-03-30 | 6.5 MEDIUM | 8.8 HIGH |
| An SQL injection risk was identified in Badges code relating to configuring criteria. Access to the relevant capability was limited to teachers and managers by default. | |||||
| CVE-2021-26599 | 1 Impresscms | 1 Impresscms | 2022-03-30 | 7.5 HIGH | 9.8 CRITICAL |
| ImpressCMS before 1.4.3 allows include/findusers.php groups SQL Injection. | |||||
| CVE-2022-26268 | 1 Xiaohuanxiong Project | 1 Xiaohuanxiong | 2022-03-30 | 7.5 HIGH | 9.8 CRITICAL |
| Xiaohuanxiong v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /app/controller/Books.php. | |||||
| CVE-2021-44617 | 1 Glpi-project | 1 Glpi | 2022-03-30 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL Injection vulnerability exits in the Ramo plugin for GLPI 9.4.6 via the idu parameter in plugins/ramo/ramoapirest.php/getOutdated. | |||||
| CVE-2021-29099 | 1 Esri | 1 Arcgis Server | 2022-03-30 | 5.0 MEDIUM | 5.3 MEDIUM |
| A SQL injection vulnerability exists in some configurations of ArcGIS Server versions 10.8.1 and earlier. Specially crafted web requests can expose information that is not intended to be disclosed (not customer datasets). Web Services that use file based data sources (file Geodatabase or Shape Files or tile cached services) are unaffected by this issue. | |||||
| CVE-2021-29114 | 1 Esri | 1 Arcgis Server | 2022-03-30 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL injection vulnerability in feature services provided by Esri ArcGIS Server 10.9 and below allows a remote, unauthenticated attacker to impact the confidentiality, integrity and availability of targeted services via specifically crafted queries. | |||||
| CVE-2021-27472 | 1 Rockwellautomation | 1 Factorytalk Assetcentre | 2022-03-29 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability exists in the RunSearch function of SearchService service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier, which may allow for the execution of remote unauthenticated arbitrary SQL statements. | |||||
| CVE-2021-43091 | 1 Yeswiki | 1 Yeswiki | 2022-03-29 | 5.0 MEDIUM | 7.5 HIGH |
| An SQL Injection vlnerability exits in Yeswiki doryphore 20211012 via the email parameter in the registration form. | |||||
| CVE-2021-27468 | 1 Rockwellautomation | 1 Factorytalk Assetcentre | 2022-03-29 | 7.5 HIGH | 9.8 CRITICAL |
| The AosService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier exposes functions lacking proper authentication. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary SQL statements. | |||||
| CVE-2021-27464 | 1 Rockwellautomation | 1 Factorytalk Assetcentre | 2022-03-29 | 7.5 HIGH | 9.8 CRITICAL |
| The ArchiveService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier exposes functions lacking proper authentication. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary SQL statements. | |||||
| CVE-2022-26301 | 1 Yejiao | 1 Tuzicms | 2022-03-29 | 7.5 HIGH | 9.8 CRITICAL |
| TuziCMS v2.0.6 was discovered to contain a SQL injection vulnerability via the component App\Manage\Controller\ZhuantiController.class.php. | |||||
| CVE-2018-18805 | 1 Pointofsales Project | 1 Pointofsales | 2022-03-29 | 7.5 HIGH | 9.8 CRITICAL |
| Point Of Sales 1.0 allows SQL injection via the login screen, related to LoginForm1.vb. | |||||
| CVE-2022-26285 | 1 Simple Client Management System Project | 1 Simple Client Management System | 2022-03-29 | 7.5 HIGH | 9.8 CRITICAL |
| Simple Subscription Website v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the apply endpoint. This vulnerability allows attackers to dump the application's database via crafted HTTP requests. | |||||
| CVE-2021-44655 | 1 Online Pre-owned\/used Car Showroom Management System Project | 1 Online Pre-owned\/used Car Showroom Management System | 2022-03-29 | 7.5 HIGH | 9.8 CRITICAL |
| Online Pre-owned/Used Car Showroom Management System 1.0 contains a SQL injection authentication bypass vulnerability. Admin panel authentication can be bypassed due to SQL injection vulnerability in the login form allowing attacker to get admin access on the application. | |||||
| CVE-2021-44653 | 1 Online Magazine Management System Project | 1 Online Magazine Management System | 2022-03-29 | 7.5 HIGH | 9.8 CRITICAL |
| Online Magazine Management System 1.0 contains a SQL injection authentication bypass vulnerability. The Admin panel authentication can be bypassed due to SQL injection vulnerability in the login form allowing attacker to gain access as admin to the application. | |||||
| CVE-2021-43084 | 1 Dreamer Cms Project | 1 Dreamer Cms | 2022-03-29 | 7.5 HIGH | 9.8 CRITICAL |
| An SQL Injection vulnerability exists in Dreamer CMS 4.0.0 via the tableName parameter. | |||||
| CVE-2022-0153 | 1 Fork-cms | 1 Fork Cms | 2022-03-29 | 4.3 MEDIUM | 7.5 HIGH |
| SQL Injection in GitHub repository forkcms/forkcms prior to 5.11.1. | |||||