Total
9311 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-38731 | 1 Sem-cms | 1 Semcms | 2022-10-28 | N/A | 9.8 CRITICAL |
| SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_Zekou.php. | |||||
| CVE-2021-38732 | 1 Sem-cms | 1 Semcms | 2022-10-28 | N/A | 9.8 CRITICAL |
| SEMCMS SHOP v 1.1 is vulnerable to SQL via Ant_Message.php. | |||||
| CVE-2021-38730 | 1 Sem-cms | 1 Semcms | 2022-10-28 | N/A | 9.8 CRITICAL |
| SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_Info.php. | |||||
| CVE-2021-38729 | 1 Sem-cms | 1 Semcms | 2022-10-28 | N/A | 9.8 CRITICAL |
| SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_Plist.php. | |||||
| CVE-2021-38217 | 1 Sem-cms | 1 Semcms | 2022-10-28 | N/A | 9.8 CRITICAL |
| SEMCMS v 1.2 is vulnerable to SQL Injection via SEMCMS_User.php. | |||||
| CVE-2022-41133 | 1 Deltaww | 1 Diaenergie | 2022-10-28 | N/A | 8.8 HIGH |
| The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in GetDIAE_line_message_settingsListParameters. A low-privileged authenticated attacker could exploit this issue to inject arbitrary SQL queries. | |||||
| CVE-2022-40967 | 1 Deltaww | 1 Diaenergie | 2022-10-28 | N/A | 8.8 HIGH |
| The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in CheckIoTHubNameExisted. A low-privileged authenticated attacker could exploit this issue to inject arbitrary SQL queries. | |||||
| CVE-2021-38736 | 1 Sem-cms | 1 Semcms | 2022-10-28 | N/A | 9.8 CRITICAL |
| SEMCMS Shop V 1.1 is vulnerable to SQL Injection via Ant_Global.php. | |||||
| CVE-2021-38734 | 1 Sem-cms | 1 Semcms | 2022-10-28 | N/A | 9.8 CRITICAL |
| SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_Menu.php. | |||||
| CVE-2021-38737 | 1 Sem-cms | 1 Semcms | 2022-10-28 | N/A | 9.8 CRITICAL |
| SEMCMS v 1.1 is vulnerable to SQL Injection via Ant_Pro.php. | |||||
| CVE-2021-37782 | 1 Employee Record Management System Project | 1 Employee Record Management System | 2022-10-28 | N/A | 9.8 CRITICAL |
| Employee Record Management System v 1.2 is vulnerable to SQL Injection via editempprofile.php. | |||||
| CVE-2022-41773 | 1 Deltaww | 1 Diaenergie | 2022-10-28 | N/A | 8.8 HIGH |
| The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in CheckDIACloud. A low-privileged authenticated attacker could exploit this issue to inject arbitrary SQL queries. | |||||
| CVE-2021-35387 | 1 Hospital Management System Project | 1 Hospital Management System | 2022-10-28 | N/A | 8.8 HIGH |
| Hospital Management System v 4.0 is vulnerable to SQL Injection via file:hospital/hms/admin/view-patient.php. | |||||
| CVE-2022-43276 | 1 Canteen Management System Project | 1 Canteen Management System | 2022-10-28 | N/A | 7.2 HIGH |
| Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the productId parameter at /php_action/fetchSelectedfood.php. | |||||
| CVE-2022-3714 | 1 Online Medicine Ordering System Project | 1 Online Medicine Ordering System | 2022-10-28 | N/A | 9.8 CRITICAL |
| A vulnerability classified as critical has been found in SourceCodester Online Medicine Ordering System 1.0. Affected is an unknown function of the file admin/?page=orders/view_order. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. VDB-212346 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-37202 | 1 Jflyfox | 1 Jfinal Cms | 2022-10-28 | N/A | 8.8 HIGH |
| JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/advicefeedback/list | |||||
| CVE-2022-43775 | 1 Deltaww | 1 Diaenergie | 2022-10-27 | N/A | 9.8 CRITICAL |
| The HICT_Loop class in Delta Electronics DIAEnergy v1.9 contains a SQL Injection flaw that could allow an attacker to gain code execution on a remote system. | |||||
| CVE-2022-43774 | 1 Deltaww | 1 Diaenergie | 2022-10-27 | N/A | 9.8 CRITICAL |
| The HandlerPageP_KID class in Delta Electronics DIAEnergy v1.9 contains a SQL Injection flaw that could allow an attacker to gain code execution on a remote system. | |||||
| CVE-2022-3671 | 1 Elearning System Project | 1 Elearning System | 2022-10-27 | N/A | 9.8 CRITICAL |
| A vulnerability classified as critical was found in SourceCodester eLearning System 1.0. This vulnerability affects unknown code of the file /admin/students/manage.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-212014 is the identifier assigned to this vulnerability. | |||||
| CVE-2020-28702 | 1 Pybbs Project | 1 Pybbs | 2022-10-27 | 5.0 MEDIUM | 7.5 HIGH |
| A SQL injection vulnerability in TopicMapper.xml of PybbsCMS v5.2.1 allows attackers to access sensitive database information. | |||||