Total
9311 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-43700 | 1 Apimanager Project | 1 Apimanager | 2022-03-29 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in ApiManager 1.1. there is sql injection vulnerability that can use in /index.php?act=api&tag=8. | |||||
| CVE-2022-26283 | 1 Simple Subscription Website Project | 1 Simple Subscription Website | 2022-03-29 | 7.5 HIGH | 9.8 CRITICAL |
| Simple Subscription Website v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the view_plan endpoint. This vulnerability allows attackers to dump the application's database via crafted HTTP requests. | |||||
| CVE-2022-26284 | 1 Simple Client Management System Project | 1 Simple Client Management System | 2022-03-29 | 7.5 HIGH | 9.8 CRITICAL |
| Simple Client Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the manage_client endpoint. This vulnerability allows attackers to dump the application's database via crafted HTTP requests. | |||||
| CVE-2022-0842 | 1 Mcafee | 1 Epolicy Orchestrator | 2022-03-29 | 4.0 MEDIUM | 4.9 MEDIUM |
| A blind SQL injection vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote authenticated attacker to potentially obtain information from the ePO database. The data obtained is dependent on the privileges the attacker has and to obtain sensitive data the attacker would require administrator privileges. | |||||
| CVE-2022-25505 | 1 Taogogo | 1 Taocms | 2022-03-28 | 7.5 HIGH | 9.8 CRITICAL |
| Taocms v3.0.2 was discovered to contain a SQL injection vulnerability via the id parameter in \include\Model\Category.php. | |||||
| CVE-2021-43735 | 1 Cmswing | 1 Cmswing | 2022-03-28 | 7.5 HIGH | 9.8 CRITICAL |
| CmsWing 1.3.7 is affected by a SQLi vulnerability via parameter: behavior rule. | |||||
| CVE-2022-25222 | 1 Money Transfer Management System Project | 1 Money Transfer Management System | 2022-03-28 | 7.5 HIGH | 9.8 CRITICAL |
| Money Transfer Management System Version 1.0 allows an unauthenticated user to inject SQL queries in 'admin/maintenance/manage_branch.php' and 'admin/maintenance/manage_fee.php' via the 'id' parameter. | |||||
| CVE-2022-25223 | 1 Money Transfer Management System Project | 1 Money Transfer Management System | 2022-03-28 | 4.0 MEDIUM | 4.3 MEDIUM |
| Money Transfer Management System Version 1.0 allows an authenticated user to inject SQL queries in 'mtms/admin/?page=transaction/view_details' via the 'id' parameter. | |||||
| CVE-2021-43650 | 1 Softwell | 1 Webrun | 2022-03-28 | 7.5 HIGH | 9.8 CRITICAL |
| WebRun 3.6.0.42 is vulnerable to SQL Injection via the P_0 parameter used to set the username during the login process. | |||||
| CVE-2022-25517 | 1 Baomidou | 1 Mybatis-plus | 2022-03-28 | 7.5 HIGH | 9.8 CRITICAL |
| MyBatis plus v3.4.3 was discovered to contain a SQL injection vulnerability via the Column parameter in /core/conditions/AbstractWrapper.java. | |||||
| CVE-2022-0386 | 1 Sophos | 1 Unified Threat Management | 2022-03-28 | 6.5 MEDIUM | 8.8 HIGH |
| A post-auth SQL injection vulnerability in the Mail Manager potentially allows an authenticated attacker to execute code in Sophos UTM before version 9.710. | |||||
| CVE-2022-0747 | 1 Quantumcloud | 1 Infographic Maker | 2022-03-28 | 7.5 HIGH | 9.8 CRITICAL |
| The Infographic Maker WordPress plugin before 4.3.8 does not validate and escape the post_id parameter before using it in a SQL statement via the qcld_upvote_action AJAX action (available to unauthenticated and authenticated users), leading to an unauthenticated SQL Injection | |||||
| CVE-2022-0760 | 1 Quantumcloud | 1 Simple Link Directory | 2022-03-28 | 7.5 HIGH | 9.8 CRITICAL |
| The Simple Link Directory WordPress plugin before 7.7.2 does not validate and escape the post_id parameter before using it in a SQL statement via the qcopd_upvote_action AJAX action (available to unauthenticated and authenticated users), leading to an unauthenticated SQL Injection | |||||
| CVE-2022-0739 | 1 Reputeinfosystems | 1 Bookingpress | 2022-03-28 | 7.5 HIGH | 9.8 CRITICAL |
| The BookingPress WordPress plugin before 1.0.11 fails to properly sanitize user supplied POST data before it is used in a dynamically constructed SQL query via the bookingpress_front_get_category_services AJAX action (available to unauthenticated users), leading to an unauthenticated SQL Injection | |||||
| CVE-2022-0694 | 1 Elbtide | 1 Advanced Booking Calendar | 2022-03-28 | 7.5 HIGH | 9.8 CRITICAL |
| The Advanced Booking Calendar WordPress plugin before 1.7.0 does not validate and escape the calendar parameter before using it in a SQL statement via the abc_booking_getSingleCalendar AJAX action (available to both unauthenticated and authenticated users), leading to an unauthenticated SQL injection | |||||
| CVE-2022-26266 | 1 Piwigo | 1 Piwigo | 2022-03-28 | 6.5 MEDIUM | 8.8 HIGH |
| Piwigo v12.2.0 was discovered to contain a SQL injection vulnerability via pwg.users.php. | |||||
| CVE-2021-45821 | 1 Btiteam | 1 Xbtit | 2022-03-28 | 6.5 MEDIUM | 8.8 HIGH |
| A blind SQL injection vulnerability exists in Xbtit 3.1 via the sid parameter in ajaxchat/getHistoryChatData.php file that is accessible by a registered user. As a result, a malicious user can extract sensitive data such as usernames and passwords and in some cases use this vulnerability in order to get a remote code execution on the remote web server. | |||||
| CVE-2022-26293 | 1 Online Project Time Management System Project | 1 Online Project Time Management System | 2022-03-28 | 7.5 HIGH | 9.8 CRITICAL |
| Online Project Time Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the function save_employee at /ptms/classes/Users.php. | |||||
| CVE-2022-25607 | 1 Foliovision | 1 Fv Flowplayer Video Player | 2022-03-25 | 6.5 MEDIUM | 7.2 HIGH |
| Authenticated (author or higher user role) SQL Injection (SQLi) vulnerability discovered in FV Flowplayer Video Player WordPress plugin (versions <= 7.5.15.727). | |||||
| CVE-2022-24752 | 1 Sylius | 1 Syliusgridbundle | 2022-03-25 | 7.5 HIGH | 9.8 CRITICAL |
| SyliusGridBundle is a package of generic data grids for Symfony applications. Prior to versions 1.10.1 and 1.11-rc2, values added at the end of query sorting were passed directly to the database. The maintainers do not know if this could lead to direct SQL injections but took steps to remediate the vulnerability. The issue is fixed in versions 1.10.1 and 1.11-rc2. As a workaround, overwrite the`Sylius\Component\Grid\Sorting\Sorter.php` class and register it in the container. More information about this workaround is available in the GitHub Security Advisory. | |||||