Total
9311 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-44088 | 1 Attendance And Payroll System Project | 1 Attendance And Payroll System | 2022-03-24 | 7.5 HIGH | 9.8 CRITICAL |
| An SQL Injection vulnerability exists in Sourcecodester Attendance and Payroll System v1.0 which allows a remote attacker to bypass authentication via unsanitized login parameters. | |||||
| CVE-2021-45794 | 1 Slims | 1 Senayan Library Management System | 2022-03-23 | 5.0 MEDIUM | 7.5 HIGH |
| Slims9 Bulian 9.4.2 is affected by SQL injection in /admin/modules/system/backup.php. User data can be obtained. | |||||
| CVE-2021-45793 | 1 Slims | 1 Senayan Library Management System | 2022-03-23 | 5.0 MEDIUM | 7.5 HIGH |
| Slims9 Bulian 9.4.2 is affected by SQL injection in lib/comment.inc.php. User data can be obtained. | |||||
| CVE-2021-45791 | 1 Slims | 1 Senayan Library Management System | 2022-03-23 | 6.5 MEDIUM | 8.8 HIGH |
| Slims8 Akasia 8.3.1 is affected by SQL injection in /admin/modules/bibliography/index.php, /admin/modules/membership/member_type.php, /admin/modules/system/user_group.php, and /admin/modules/membership/index.php through the dir parameter. It can be used by remotely authenticated librarian users. | |||||
| CVE-2022-25494 | 1 Online Banking System Project | 1 Online Banking System | 2022-03-23 | 7.5 HIGH | 9.8 CRITICAL |
| Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via staff_login.php. | |||||
| CVE-2022-25488 | 1 Thedigitalcraft | 1 Atomcms | 2022-03-23 | 7.5 HIGH | 9.8 CRITICAL |
| Atom CMS v2.0 was discovered to contain a SQL injection vulnerability via the id parameter in /admin/ajax/avatar.php. | |||||
| CVE-2022-25506 | 1 Freetakserver-ui Project | 1 Freetakserver-ui | 2022-03-22 | 4.0 MEDIUM | 6.5 MEDIUM |
| FreeTAKServer-UI v1.9.8 was discovered to contain a SQL injection vulnerability via the API endpoint /AuthenticateUser. | |||||
| CVE-2022-0478 | 1 Mage-people | 1 Event Manager And Tickets Selling For Woocommerce | 2022-03-21 | 6.5 MEDIUM | 8.8 HIGH |
| The Event Manager and Tickets Selling for WooCommerce WordPress plugin before 3.5.8 does not validate and escape the post_author_gutenberg parameter before using it in a SQL statement when creating/editing events, which could allow users with a role as low as contributor to perform SQL Injection attacks | |||||
| CVE-2022-0254 | 1 Highfivery | 1 Zero-spam | 2022-03-21 | 7.5 HIGH | 9.8 CRITICAL |
| The WordPress Zero Spam WordPress plugin before 5.2.11 does not properly sanitise and escape the order and orderby parameters before using them in a SQL statement in the admin dashboard, leading to a SQL injection | |||||
| CVE-2022-0658 | 1 Wielebenwir | 1 Commonsbooking | 2022-03-21 | 7.5 HIGH | 9.8 CRITICAL |
| The CommonsBooking WordPress plugin before 2.6.8 does not sanitise and escape the location parameter of the calendar_data AJAX action (available to unauthenticated users) before it is used in dynamically constructed SQL queries, leading to an unauthenticated SQL injection | |||||
| CVE-2022-22735 | 1 Sedlex | 1 Simple Quotation | 2022-03-21 | 6.5 MEDIUM | 8.8 HIGH |
| The Simple Quotation WordPress plugin through 1.3.2 does not have authorisation (and CSRF) checks in various of its AJAX actions and is lacking escaping of user data when using it in SQL statements, allowing any authenticated users, such as subscriber to perform SQL injection attacks | |||||
| CVE-2022-0169 | 1 10web | 1 Photo Gallery | 2022-03-20 | 7.5 HIGH | 9.8 CRITICAL |
| The Photo Gallery by 10Web WordPress plugin before 1.6.0 does not validate and escape the bwg_tag_id_bwg_thumbnails_0 parameter before using it in a SQL statement via the bwg_frontend_data AJAX action (available to unauthenticated and authenticated users), leading to an unauthenticated SQL injection | |||||
| CVE-2021-25007 | 1 Molie Instructure Canvas Linking Tool Project | 1 Molie Instructure Canvas Linking Tool | 2022-03-19 | 7.5 HIGH | 9.8 CRITICAL |
| The MOLIE WordPress plugin through 0.5 does not validate and escape a post parameter before using in a SQL statement, leading to an SQL Injection | |||||
| CVE-2021-24959 | 1 Techspawn | 1 Wp-email-users | 2022-03-19 | 6.5 MEDIUM | 8.8 HIGH |
| The WP Email Users WordPress plugin through 1.7.6 does not escape the data_raw parameter in the weu_selected_users_1 AJAX action, available to any authenticated users, allowing them to perform SQL injection attacks. | |||||
| CVE-2021-24762 | 1 Getperfectsurvey | 1 Perfect Survey | 2022-03-18 | 7.5 HIGH | 9.8 CRITICAL |
| The Perfect Survey WordPress plugin before 1.5.2 does not validate and escape the question_id GET parameter before using it in a SQL statement in the get_question AJAX action, allowing unauthenticated users to perform SQL injection. | |||||
| CVE-2021-25076 | 1 Wedevs | 1 Wp User Frontend | 2022-03-18 | 6.5 MEDIUM | 8.8 HIGH |
| The WP User Frontend WordPress plugin before 3.5.26 does not validate and escape the status parameter before using it in a SQL statement in the Subscribers dashboard, leading to an SQL injection. Due to the lack of sanitisation and escaping, this could also lead to Reflected Cross-Site Scripting | |||||
| CVE-2021-32474 | 1 Moodle | 1 Moodle | 2022-03-18 | 6.5 MEDIUM | 7.2 HIGH |
| An SQL injection risk existed on sites with MNet enabled and configured, via an XML-RPC call from the connected peer host. Note that this required site administrator access or access to the keypair. Moodle 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected. | |||||
| CVE-2022-24607 | 1 Luocms Project | 1 Luocms | 2022-03-17 | 7.5 HIGH | 9.8 CRITICAL |
| Luocms v2.0 is affected by SQL Injection in /admin/news/news_ok.php. | |||||
| CVE-2022-24606 | 1 Luocms Project | 1 Luocms | 2022-03-17 | 7.5 HIGH | 9.8 CRITICAL |
| Luocms v2.0 is affected by SQL Injection in /admin/news/sort_ok.php. | |||||
| CVE-2022-24605 | 1 Luocms Project | 1 Luocms | 2022-03-17 | 7.5 HIGH | 9.8 CRITICAL |
| Luocms v2.0 is affected by SQL Injection in /admin/link/link_ok.php. | |||||