Total
9311 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-34117 | 1 Seopanel | 1 Seo Panel | 2023-02-22 | N/A | 7.5 HIGH |
| SQL Injection vulnerability in SEO Panel 4.9.0 in api/user.api.php in function getUserName in the username parameter, allows attackers to gain sensitive information. | |||||
| CVE-2020-21119 | 1 Kliqqi | 1 Kliqqi Cms | 2023-02-22 | N/A | 9.8 CRITICAL |
| SQL Injection vulnerability in Kliqqi-CMS 2.0.2 in admin/admin_update_module_widgets.php in recordIDValue parameter, allows attackers to gain escalated privileges and execute arbitrary code. | |||||
| CVE-2022-4546 | 1 Conceptbeans | 1 Mapwiz | 2023-02-22 | N/A | 7.2 HIGH |
| The Mapwiz WordPress plugin through 1.0.1 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin. | |||||
| CVE-2019-16119 | 1 10web | 1 Photo Gallery | 2023-02-22 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via the admin/controllers/Albumsgalleries.php album_id parameter. | |||||
| CVE-2023-24647 | 1 Online Food Ordering System Project | 1 Online Food Ordering System | 2023-02-22 | N/A | 7.5 HIGH |
| Food Ordering System v2.0 was discovered to contain a SQL injection vulnerability via the email parameter. | |||||
| CVE-2022-45962 | 1 Os4ed | 1 Opensis | 2023-02-22 | N/A | 6.5 MEDIUM |
| Open Solutions for Education, Inc openSIS Community Edition v8.0 and earlier is vulnerable to SQL Injection via CalendarModal.php. | |||||
| CVE-2021-24390 | 1 Alipay Project | 1 Alipay | 2023-02-22 | 6.5 MEDIUM | 7.2 HIGH |
| A proid GET parameter of the WordPress支付�Alipay|财付通Tenpay|��PayPal集��件 WordPress plugin through 3.7.2 is not sanitised, properly escaped or validated before inserting to a SQL statement not delimited by quotes, leading to SQL injection. | |||||
| CVE-2021-41081 | 1 Zohocorp | 1 Manageengine Network Configuration Manager | 2023-02-22 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine Network Configuration Manager before ??125465 is vulnerable to SQL Injection in a configuration search. | |||||
| CVE-2021-41080 | 1 Zohocorp | 1 Manageengine Network Configuration Manager | 2023-02-22 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine Network Configuration Manager before ??125465 is vulnerable to SQL Injection in a hardware details search. | |||||
| CVE-2021-44345 | 1 Wvti | 1 One Card Integrated Management System | 2023-02-22 | 5.0 MEDIUM | 7.5 HIGH |
| Beijing Wisdom Vision Technology Industry Co., Ltd One Card Integrated Management System 3.0 is vulnerable to SQL Injection. | |||||
| CVE-2022-45089 | 1 Gruparge | 1 Smartpower Web | 2023-02-22 | N/A | 8.8 HIGH |
| Improper Input Validation vulnerability in Group Arge Energy and Control Systems Smartpower Web allows SQL Injection.This issue affects Smartpower Web: before 23.01.01. | |||||
| CVE-2023-0784 | 1 Best Online News Portal Project | 1 Best Online News Portal | 2023-02-22 | N/A | 9.8 CRITICAL |
| A vulnerability classified as critical has been found in SourceCodester Best Online News Portal 1.0. Affected is an unknown function of the component Login Page. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-220644. | |||||
| CVE-2023-24084 | 1 Chikoi Project | 1 Chikoi | 2023-02-21 | N/A | 9.8 CRITICAL |
| ChiKoi v1.0 was discovered to contain a SQL injection vulnerability via the load_file function. | |||||
| CVE-2022-45090 | 1 Gruparge | 1 Smartpower Web | 2023-02-21 | N/A | 8.8 HIGH |
| Improper Input Validation vulnerability in Group Arge Energy and Control Systems Smartpower Web allows SQL Injection.This issue affects Smartpower Web: before 23.01.01. | |||||
| CVE-2022-41731 | 2 Ibm, Redhat | 2 Watson Knowledge Catalog On Cloud Pak For Data, Openshift | 2023-02-21 | N/A | 9.8 CRITICAL |
| IBM Watson Knowledge Catalog on Cloud Pak for Data 4.5.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 237402. | |||||
| CVE-2023-0098 | 1 Getlasso | 1 Simple Urls | 2023-02-21 | N/A | 8.8 HIGH |
| The Simple URLs WordPress plugin before 115 does not escape some parameters before using them in various SQL statements used by AJAX actions available by any authenticated users, leading to a SQL injection exploitable by low privilege users such as subscriber. | |||||
| CVE-2023-23948 | 1 Owncloud | 1 Owncloud | 2023-02-21 | N/A | 5.5 MEDIUM |
| The ownCloud Android app allows ownCloud users to access, share, and edit files and folders. Version 2.21.1 of the ownCloud Android app is vulnerable to SQL injection in `FileContentProvider.kt`. This issue can lead to information disclosure. Two databases, `filelist` and `owncloud_database`, are affected. In version 3.0, the `filelist` database was deprecated. However, injections affecting `owncloud_database` remain relevant as of version 3.0. | |||||
| CVE-2023-23163 | 1 Art Gallery Management System Project | 1 Art Gallery Management System | 2023-02-21 | N/A | 9.8 CRITICAL |
| Art Gallery Management System Project v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter. | |||||
| CVE-2023-23162 | 1 Art Gallery Management System Project | 1 Art Gallery Management System | 2023-02-21 | N/A | 9.8 CRITICAL |
| Art Gallery Management System Project v1.0 was discovered to contain a SQL injection vulnerability via the cid parameter at product.php. | |||||
| CVE-2023-0781 | 1 Canteen Management System Project | 1 Canteen Management System | 2023-02-21 | N/A | 9.8 CRITICAL |
| A vulnerability was found in SourceCodester Canteen Management System 1.0. It has been declared as critical. This vulnerability affects the function query of the file removeOrder.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-220624. | |||||