Total
9311 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-24931 | 1 Ays-pro | 1 Secure Copy Content Protection And Content Locking | 2022-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| The Secure Copy Content Protection and Content Locking WordPress plugin before 2.8.2 does not escape the sccp_id parameter of the ays_sccp_results_export_file AJAX action (available to both unauthenticated and authenticated users) before using it in a SQL statement, leading to an SQL injection. | |||||
| CVE-2022-21176 | 1 Airspan | 9 A5x, A5x Firmware, C5c and 6 more | 2022-02-25 | 5.0 MEDIUM | 7.5 HIGH |
| MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not properly sanitize user input, which may allow an attacker to perform a SQL injection and obtain sensitive information. | |||||
| CVE-2021-44868 | 1 Mingsoft | 1 Mcms | 2022-02-24 | 7.5 HIGH | 9.8 CRITICAL |
| A problem was found in ming-soft MCMS v5.1. There is a sql injection vulnerability in /ms/cms/content/list.do | |||||
| CVE-2021-46110 | 1 Online Shopping Portal Project | 1 Online Shopping Portal | 2022-02-24 | 7.5 HIGH | 9.8 CRITICAL |
| Online Shopping Portal v3.1 was discovered to contain multiple time-based SQL injection vulnerabilities via the email and contactno parameters. | |||||
| CVE-2022-25322 | 1 Zerof | 1 Web Server | 2022-02-24 | 7.5 HIGH | 9.8 CRITICAL |
| ZEROF Web Server 2.0 allows /HandleEvent SQL Injection. | |||||
| CVE-2022-22881 | 1 Jeecg | 1 Jeecg Boot | 2022-02-24 | 7.5 HIGH | 9.8 CRITICAL |
| Jeecg-boot v3.0 was discovered to contain a SQL injection vulnerability via the code parameter in /sys/user/queryUserComponentData. | |||||
| CVE-2022-22880 | 1 Jeecg | 1 Jeecg Boot | 2022-02-24 | 7.5 HIGH | 9.8 CRITICAL |
| Jeecg-boot v3.0 was discovered to contain a SQL injection vulnerability via the code parameter in /jeecg-boot/sys/user/queryUserByDepId. | |||||
| CVE-2022-0513 | 1 Veronalabs | 1 Wp Statistics | 2022-02-24 | 4.3 MEDIUM | 7.5 HIGH |
| The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the exclusion_reason parameter found in the ~/includes/class-wp-statistics-exclusion.php file which allows attackers without authentication to inject arbitrary SQL queries to obtain sensitive information, in versions up to and including 13.1.4. This requires the "Record Exclusions" option to be enabled on the vulnerable site. | |||||
| CVE-2021-3242 | 1 Duxcms Project | 1 Duxcms | 2022-02-24 | 7.5 HIGH | 9.8 CRITICAL |
| DuxCMS v3.1.3 was discovered to contain a SQL injection vulnerability via the component s/tools/SendTpl/index?keyword=. | |||||
| CVE-2021-4134 | 1 Radykal | 1 Fancy Product Designer | 2022-02-23 | 4.0 MEDIUM | 4.9 MEDIUM |
| The Fancy Product Designer WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the ID parameter found in the ~/inc/api/class-view.php file which allows attackers with administrative level permissions to inject arbitrary SQL queries to obtain sensitive information, in versions up to and including 4.7.4. | |||||
| CVE-2022-23358 | 1 Easycms | 1 Easycms | 2022-02-23 | 7.5 HIGH | 9.8 CRITICAL |
| EasyCMS v1.6 allows for SQL injection via ArticlemAction.class.php. In the background, search terms provided by the user were not sanitized and were used directly to construct a SQL statement. | |||||
| CVE-2022-24226 | 1 Hospital Management System Project | 1 Hospital Management System | 2022-02-23 | 5.0 MEDIUM | 7.5 HIGH |
| Hospital Management System v4.0 was discovered to contain a blind SQL injection vulnerability via the register function in func2.php. | |||||
| CVE-2021-25109 | 1 Futuriowp | 1 Futurio Extra | 2022-02-22 | 4.0 MEDIUM | 2.7 LOW |
| The Futurio Extra WordPress plugin before 1.6.3 is affected by a SQL Injection vulnerability that could be used by high privilege users to extract data from the database as well as used to perform Cross-Site Scripting (XSS) against logged in admins by making send open a malicious link. | |||||
| CVE-2022-0190 | 1 Acnam | 1 Ad Invalid Click Protector | 2022-02-22 | 6.5 MEDIUM | 8.8 HIGH |
| The Ad Invalid Click Protector (AICP) WordPress plugin before 1.2.6 is affected by a SQL Injection in the id parameter of the delete action. | |||||
| CVE-2022-22295 | 1 Metinfo | 1 Metinfo | 2022-02-22 | 7.5 HIGH | 9.8 CRITICAL |
| Metinfo v7.5.0 was discovered to contain a SQL injection vulnerability in parameter_admin.class.php via the table_para parameter. | |||||
| CVE-2022-23335 | 1 Metinfo | 1 Metinfo | 2022-02-22 | 7.5 HIGH | 9.8 CRITICAL |
| Metinfo v7.5.0 was discovered to contain a SQL injection vulnerability in language_general.class.php via doModifyParameter. | |||||
| CVE-2022-23337 | 1 Dedecms | 1 Dedecms | 2022-02-22 | 7.5 HIGH | 9.8 CRITICAL |
| DedeCMS v5.7.87 was discovered to contain a SQL injection vulnerability in article_coonepage_rule.php via the ids parameter. | |||||
| CVE-2022-23336 | 1 S-cms | 1 S-cms | 2022-02-22 | 7.5 HIGH | 9.8 CRITICAL |
| S-CMS v5.0 was discovered to contain a SQL injection vulnerability in member_pay.php via the O_id parameter. | |||||
| CVE-2022-24223 | 1 Thedigitalcraft | 1 Atomcms | 2022-02-22 | 7.5 HIGH | 9.8 CRITICAL |
| AtomCMS v2.0 was discovered to contain a SQL injection vulnerability via /admin/login.php. | |||||
| CVE-2022-23902 | 1 Tongda2000 | 1 Tongda Oa | 2022-02-18 | 7.5 HIGH | 9.8 CRITICAL |
| Tongda2000 v11.10 was discovered to contain a SQL injection vulnerability in export_data.php via the d_name parameter. | |||||