Total
9311 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-23314 | 1 Mingsoft | 1 Mcms | 2022-01-26 | 7.5 HIGH | 9.8 CRITICAL |
| MCMS v5.2.4 was discovered to contain a SQL injection vulnerability via /ms/mdiy/model/importJson.do. | |||||
| CVE-2021-40595 | 1 Online Leave Management System Project | 1 Online Leave Management System | 2022-01-26 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in Sourcecodester Online Leave Management System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username parameter to /leave_system/classes/Login.php. | |||||
| CVE-2021-44245 | 1 Covid 19 Testing Management System Project | 1 Covid 19 Testing Management System | 2022-01-26 | 7.5 HIGH | 9.8 CRITICAL |
| An SQL Injection vulnerability exists in Courcecodester COVID 19 Testing Management System (CTMS) 1.0 via the (1) username and (2) contactno parameters. | |||||
| CVE-2021-44244 | 1 Sourcecodester Logistic Hub Parcel\'s Management System Project | 1 Sourcecodester Logistic Hub Parcel\'s Management System | 2022-01-26 | 7.5 HIGH | 9.8 CRITICAL |
| An SQL Injection vulnerabiity exists in Sourcecodester Logistic Hub Parcel's Management System 1.0 via the username parameter in login.php. | |||||
| CVE-2021-44092 | 1 Pharmacy Management Project | 1 Pharmacy Management | 2022-01-26 | 7.5 HIGH | 9.8 CRITICAL |
| An SQL Injection vulnerability exists in code-projects Pharmacy Management 1.0 via the username parameter in the administer login form. | |||||
| CVE-2021-44090 | 1 Sourcecodester Online Reviewer System Project | 1 Sourcecodester Online Reviewer System | 2022-01-26 | 7.5 HIGH | 9.8 CRITICAL |
| An SQL Injection vulnerability exists in Sourcecodester Online Reviewer System 1.0 via the password parameter. | |||||
| CVE-2022-0258 | 1 Pimcore | 1 Pimcore | 2022-01-25 | 6.5 MEDIUM | 8.8 HIGH |
| pimcore is vulnerable to Improper Neutralization of Special Elements used in an SQL Command | |||||
| CVE-2021-46204 | 1 Taogogo | 1 Taocms | 2022-01-25 | 7.5 HIGH | 9.8 CRITICAL |
| Taocms v3.0.2 was discovered to contain an arbitrary file read vulnerability via the path parameter. SQL injection vulnerability via taocms\include\Model\Article.php. | |||||
| CVE-2021-27021 | 1 Puppet | 3 Puppet, Puppet Enterprise, Puppetdb | 2022-01-24 | 6.5 MEDIUM | 8.8 HIGH |
| A flaw was discovered in Puppet DB, this flaw results in an escalation of privileges which allows the user to delete tables via an SQL query. | |||||
| CVE-2021-25037 | 1 Aioseo | 1 All In One Seo | 2022-01-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| The All in One SEO WordPress plugin before 4.1.5.3 is affected by an authenticated SQL injection issue, which was discovered during an internal audit by the Jetpack Scan team, and could grant attackers access to privileged information from the affected site’s database (e.g., usernames and hashed passwords). | |||||
| CVE-2020-8435 | 1 Metagauss | 1 Registrationmagic | 2022-01-21 | 5.5 MEDIUM | 8.1 HIGH |
| An issue was discovered in the RegistrationMagic plugin 4.6.0.0 for WordPress. There is SQL injection via the rm_analytics_show_form rm_form_id parameter. | |||||
| CVE-2021-45406 | 1 Salonerp Project | 1 Salonerp | 2022-01-21 | 6.5 MEDIUM | 8.8 HIGH |
| In SalonERP 3.0.1, a SQL injection vulnerability allows an attacker to inject payload using 'sql' parameter in SQL query while generating a report. Upon successfully discovering the login admin password hash, it can be decrypted to obtain the plain-text password. | |||||
| CVE-2022-21643 | 1 Useful Simple Open-source Cms Project | 1 Useful Simple Open-source Cms | 2022-01-21 | 7.5 HIGH | 9.8 CRITICAL |
| USOC is an open source CMS with a focus on simplicity. In affected versions USOC allows for SQL injection via register.php. In particular usernames, email addresses, and passwords provided by the user were not sanitized and were used directly to construct a sql statement. Users are advised to upgrade as soon as possible. There are not workarounds for this issue. | |||||
| CVE-2022-21644 | 1 Useful Simple Open-source Cms Project | 1 Useful Simple Open-source Cms | 2022-01-21 | 6.5 MEDIUM | 7.2 HIGH |
| USOC is an open source CMS with a focus on simplicity. In affected versions USOC allows for SQL injection via usersearch.php. In search terms provided by the user were not sanitized and were used directly to construct a sql statement. The only users permitted to search are site admins. Users are advised to upgrade as soon as possible. There are not workarounds for this issue. | |||||
| CVE-2022-22055 | 1 Le-yan Dental Management System Project | 1 Le-yan Dental Management System | 2022-01-20 | 10.0 HIGH | 9.8 CRITICAL |
| The Le-yan dental management system contains an SQL-injection vulnerability. An unauthenticated remote attacker can inject SQL commands into the input field of the login page to acquire administrator’s privilege and perform arbitrary operations on the system or disrupt service. | |||||
| CVE-2020-28679 | 1 Zohocorp | 1 Manageengine Applications Manager | 2022-01-19 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability in the showReports module of Zoho ManageEngine Applications Manager before build 14550 allows authenticated attackers to execute a SQL injection via a crafted request. | |||||
| CVE-2021-43971 | 1 Sysaid | 1 Sysaid | 2022-01-19 | 6.5 MEDIUM | 8.8 HIGH |
| A SQL injection vulnerability in /mobile/SelectUsers.jsp in SysAid ITIL 20.4.74 b10 allows a remote authenticated attacker to execute arbitrary SQL commands via the filterText parameter. | |||||
| CVE-2022-21666 | 1 Useful Simple Open-source Cms Project | 1 Useful Simple Open-source Cms | 2022-01-19 | 6.5 MEDIUM | 7.2 HIGH |
| Useful Simple Open-Source CMS (USOC) is a content management system (CMS) for programmers. Versions prior to Pb2.4Bfx3 allowed Sql injection in usersearch.php only for users with administrative privileges. Users should replace the file `admin/pages/useredit.php` with a newer version. USOC version Pb2.4Bfx3 contains a fixed version of `admin/pages/useredit.php`. | |||||
| CVE-2021-24949 | 1 Posimyth | 1 The Plus Addons For Elementor | 2022-01-18 | 7.5 HIGH | 9.8 CRITICAL |
| The "WP Search Filters" widget of The Plus Addons for Elementor - Pro WordPress plugin before 5.0.7 does not sanitise and escape the option parameter before using it in a SQL statement, which could lead to SQL injection | |||||
| CVE-2021-25054 | 1 Wow-company | 1 Wpcalc | 2022-01-14 | 6.5 MEDIUM | 8.8 HIGH |
| The WPcalc WordPress plugin through 2.1 does not sanitize user input into the 'did' parameter and uses it in a SQL statement, leading to an authenticated SQL Injection vulnerability. | |||||