Total
9311 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-32297 | 1 Piwigo | 1 Piwigo | 2022-07-25 | 5.1 MEDIUM | 7.5 HIGH |
| Piwigo v12.2.0 was discovered to contain SQL injection vulnerability via the Search function. | |||||
| CVE-2022-34114 | 1 Dataease Project | 1 Dataease | 2022-07-25 | N/A | 8.8 HIGH |
| Dataease v1.11.1 was discovered to contain a SQL injection vulnerability via the parameter dataSourceId. | |||||
| CVE-2022-27434 | 1 Unit4 | 1 Teta | 2022-07-25 | N/A | 9.8 CRITICAL |
| UNIT4 TETA Mobile Edition (ME) before 29.5.HF17 was discovered to contain a SQL injection vulnerability via the ProfileName parameter in the errorReporting page. | |||||
| CVE-2022-26120 | 1 Fortinet | 1 Fortiadc | 2022-07-25 | N/A | 8.8 HIGH |
| Multiple improper neutralization of special elements used in an SQL Command ('SQL Injection') vulnerabilities [CWE-89] in FortiADC management interface 7.0.0 through 7.0.1, 5.0.0 through 6.2.2 may allow an authenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests. | |||||
| CVE-2022-1768 | 1 Rsvpmaker Project | 1 Rsvpmaker | 2022-07-25 | 5.0 MEDIUM | 7.5 HIGH |
| The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to insufficient escaping and parameterization on user supplied data passed to multiple SQL queries in the ~/rsvpmaker-email.php file. This makes it possible for unauthenticated attackers to steal sensitive information from the database in versions up to, and including, 9.3.2. Please note that this is separate from CVE-2022-1453 & CVE-2022-1505. | |||||
| CVE-2022-34023 | 1 Barangay Management System Project | 1 Barangay Management System | 2022-07-24 | N/A | 9.8 CRITICAL |
| Barangay Management System v1.0 was discovered to contain a SQL injection vulnerability via the hidden_id parameter at /officials/officials.php. | |||||
| CVE-2021-21931 | 1 Advantech | 1 R-seenet | 2022-07-23 | 4.0 MEDIUM | 6.5 MEDIUM |
| A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests at‘ stat_filter’ parameter to trigger this vulnerability. This can be done as any authenticated user or through cross-site request forgery. | |||||
| CVE-2021-21918 | 1 Advantech | 1 R-seenet | 2022-07-23 | 4.0 MEDIUM | 4.9 MEDIUM |
| A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘name_filter’ parameter. However, the high privilege super-administrator account needs to be used to achieve exploitation without cross-site request forgery attack. | |||||
| CVE-2021-21928 | 1 Advantech | 1 R-seenet | 2022-07-23 | 4.0 MEDIUM | 6.5 MEDIUM |
| A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests at ‘mac_filter’ parameter to trigger this vulnerability. This can be done as any authenticated user or through cross-site request forgery. | |||||
| CVE-2021-21930 | 1 Advantech | 1 R-seenet | 2022-07-23 | 4.0 MEDIUM | 6.5 MEDIUM |
| A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests at ‘sn_filter’ parameter to trigger this vulnerability. This can be done as any authenticated user or through cross-site request forgery. | |||||
| CVE-2021-21933 | 1 Advantech | 1 R-seenet | 2022-07-23 | 4.0 MEDIUM | 6.5 MEDIUM |
| A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this at ‘esn_filter’ parameter. This can be done as any authenticated user or through cross-site request forgery. | |||||
| CVE-2021-21932 | 1 Advantech | 1 R-seenet | 2022-07-23 | 4.0 MEDIUM | 6.5 MEDIUM |
| A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this at ‘name_filter’ parameter. This can be done as any authenticated user or through cross-site request forgery. | |||||
| CVE-2021-21934 | 1 Advantech | 1 R-seenet | 2022-07-23 | 4.0 MEDIUM | 6.5 MEDIUM |
| A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this at ‘imei_filter’ parameter. This can be done as any authenticated user or through cross-site request forgery. | |||||
| CVE-2021-21935 | 1 Advantech | 1 R-seenet | 2022-07-23 | 4.0 MEDIUM | 6.5 MEDIUM |
| A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘host_alt_filter2’ parameter. This can be done as any authenticated user or through cross-site request forgery. | |||||
| CVE-2021-21929 | 1 Advantech | 1 R-seenet | 2022-07-23 | 4.0 MEDIUM | 6.5 MEDIUM |
| A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests at ‘prod_filter’ parameter to trigger this vulnerability. This can be done as any authenticated user or through cross-site request forgery. | |||||
| CVE-2021-21921 | 1 Advantech | 1 R-seenet | 2022-07-22 | 4.0 MEDIUM | 4.9 MEDIUM |
| A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘name_filter’ parameter with the administrative account or through cross-site request forgery. | |||||
| CVE-2021-21922 | 1 Advantech | 1 R-seenet | 2022-07-22 | 4.0 MEDIUM | 6.5 MEDIUM |
| A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘username_filter’ parameter with the administrative account or through cross-site request forgery. | |||||
| CVE-2021-21919 | 1 Advantech | 1 R-seenet | 2022-07-22 | 4.0 MEDIUM | 4.9 MEDIUM |
| A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ord’ parameter. However, the high privilege super-administrator account needs to be used to achieve exploitation without cross-site request forgery attack. | |||||
| CVE-2021-21923 | 1 Advantech | 1 R-seenet | 2022-07-22 | 4.0 MEDIUM | 4.9 MEDIUM |
| A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘company_filter’ parameter with the administrative account or through cross-site request forgery. | |||||
| CVE-2021-21920 | 1 Advantech | 1 R-seenet | 2022-07-22 | 4.0 MEDIUM | 4.9 MEDIUM |
| A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘surname_filter’ parameter with the administrative account or through cross-site request forgery. | |||||