Total
9311 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-24604 | 1 Luocms Project | 1 Luocms | 2022-03-17 | 7.5 HIGH | 9.8 CRITICAL |
| Luocms v2.0 is affected by SQL Injection in /admin/link/link_mod.php. | |||||
| CVE-2022-24600 | 1 Luocms Project | 1 Luocms | 2022-03-17 | 7.5 HIGH | 9.8 CRITICAL |
| Luocms v2.0 is affected by SQL Injection through /admin/login.php. An attacker can log in to the background through SQL injection statements. | |||||
| CVE-2022-24603 | 1 Luocms Project | 1 Luocms | 2022-03-17 | 7.5 HIGH | 9.8 CRITICAL |
| Luocms v2.0 is affected by SQL Injection in /admin/news/sort_mod.php. | |||||
| CVE-2022-24602 | 1 Luocms Project | 1 Luocms | 2022-03-17 | 7.5 HIGH | 9.8 CRITICAL |
| Luocms v2.0 is affected by SQL Injection in /admin/news/news_mod.php. | |||||
| CVE-2022-24601 | 1 Luocms Project | 1 Luocms | 2022-03-17 | 5.0 MEDIUM | 7.5 HIGH |
| Luocms v2.0 is affected by SQL Injection in /admin/manager/admin_mod.php. An attacker can obtain sensitive information through SQL injection statements. | |||||
| CVE-2021-3935 | 4 Debian, Fedoraproject, Pgbouncer and 1 more | 4 Debian Linux, Fedora, Pgbouncer and 1 more | 2022-03-16 | 5.1 MEDIUM | 8.1 HIGH |
| When PgBouncer is configured to use "cert" authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of TLS certificate verification and encryption. This flaw affects PgBouncer versions prior to 1.16.1. | |||||
| CVE-2013-3523 | 1 Gajennings | 1 This | 2022-03-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in This HTML Is Simple (THIS) before 1.2.4 allows remote to execute arbitrary SQL commands via vectors related to op=page&id= in the URL. | |||||
| CVE-2022-25225 | 1 Softinventive | 1 Network Olympus | 2022-03-15 | 6.5 MEDIUM | 7.2 HIGH |
| Network Olympus version 1.8.0 allows an authenticated admin user to inject SQL queries in '/api/eventinstance' via the 'sqlparameter' JSON parameter. It is also possible to achieve remote code execution in the default installation (PostgreSQL) by exploiting this issue. | |||||
| CVE-2021-43969 | 1 Quicklert | 1 Quicklert | 2022-03-15 | 7.8 HIGH | 6.5 MEDIUM |
| The login.jsp page of Quicklert for Digium 10.0.0 (1043) is affected by both Blind SQL Injection with Out-of-Band Interaction (DNS) and Blind Time-Based SQL Injections. Exploitation can be used to disclose all data within the database (up to and including the administrative accounts' login IDs and passwords) via the login.jsp uname parameter. | |||||
| CVE-2022-26171 | 1 Bank Management System Project | 1 Bank Management System | 2022-03-14 | 7.5 HIGH | 9.8 CRITICAL |
| Bank Management System v1.o was discovered to contain a SQL injection vulnerability via the email parameter. | |||||
| CVE-2022-26170 | 1 Simple Mobile Comparison Website Project | 1 Simple Mobile Comparison Website | 2022-03-14 | 7.5 HIGH | 9.8 CRITICAL |
| Simple Mobile Comparison Website v1.0 was discovered to contain a SQL injection vulnerability via the search parameter. | |||||
| CVE-2022-26169 | 1 Air Cargo Management System Project | 1 Air Cargo Management System | 2022-03-14 | 7.5 HIGH | 9.8 CRITICAL |
| Air Cargo Management System v1.0 was discovered to contain a SQL injection vulnerability via the ref_code parameter. | |||||
| CVE-2022-25399 | 1 Simple Real Estate Portal System Project | 1 Simple Real Estate Portal System | 2022-03-14 | 7.5 HIGH | 9.8 CRITICAL |
| Simple Real Estate Portal System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter. | |||||
| CVE-2022-25398 | 1 Auto Spare Parts Management Project | 1 Auto Spare Parts Management | 2022-03-14 | 7.5 HIGH | 9.8 CRITICAL |
| Auto Spare Parts Management v1.0 was discovered to contain a SQL injection vulnerability via the user parameter. | |||||
| CVE-2022-25396 | 1 Cosmetics And Beauty Product Online Store Project | 1 Cosmetics And Beauty Product Online Store | 2022-03-14 | 7.5 HIGH | 9.8 CRITICAL |
| Cosmetics and Beauty Product Online Store v1.0 was discovered to contain a SQL injection vulnerability via the search parameter. | |||||
| CVE-2022-25394 | 1 Medical Store Management System Project | 1 Medical Store Management System | 2022-03-14 | 10.0 HIGH | 9.8 CRITICAL |
| Medical Store Management System v1.0 was discovered to contain a SQL injection vulnerability via the cid parameter under customer-add.php. | |||||
| CVE-2022-25393 | 1 Simple Bakery Shop Management Project | 1 Simple Bakery Shop Management | 2022-03-14 | 5.0 MEDIUM | 7.5 HIGH |
| Simple Bakery Shop Management v1.0 was discovered to contain a SQL injection vulnerability via the username parameter. | |||||
| CVE-2022-0349 | 1 Wpdeveloper | 1 Notificationx | 2022-03-11 | 7.5 HIGH | 9.8 CRITICAL |
| The NotificationX WordPress plugin before 2.3.9 does not sanitise and escape the nx_id parameter before using it in a SQL statement, leading to an Unauthenticated Blind SQL Injection | |||||
| CVE-2022-0267 | 1 Adrotate Project | 1 Adrotate | 2022-03-11 | 6.5 MEDIUM | 7.2 HIGH |
| The AdRotate WordPress plugin before 5.8.22 does not sanitise and escape the adrotate_action before using it in a SQL statement via the adrotate_request_action function available to admins, leading to a SQL injection | |||||
| CVE-2021-24952 | 1 Tatvic | 1 Conversios.io | 2022-03-11 | 6.5 MEDIUM | 8.8 HIGH |
| The Conversios.io WordPress plugin before 4.6.2 does not sanitise, validate and escape the sync_progressive_data parameter for the tvcajax_product_sync_bantch_wise AJAX action before using it in a SQL statement, allowing any authenticated user to perform SQL injection attacks. | |||||