Total
9311 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-1690 | 1 Datainterlock | 1 Note Press | 2022-06-15 | 4.0 MEDIUM | 2.7 LOW |
| The Note Press WordPress plugin through 0.1.10 does not sanitise and escape the ids from the bulk actions before using them in a SQL statement in an admin page, leading to an SQL injection | |||||
| CVE-2022-1689 | 1 Datainterlock | 1 Note Press | 2022-06-15 | 4.0 MEDIUM | 2.7 LOW |
| The Note Press WordPress plugin through 0.1.10 does not sanitise and escape the Update parameter before using it in a SQL statement when updating a note via the admin dashboard, leading to an SQL injection | |||||
| CVE-2022-1688 | 1 Datainterlock | 1 Note Press | 2022-06-15 | 4.0 MEDIUM | 2.7 LOW |
| The Note Press WordPress plugin through 0.1.10 does not sanitise and escape the id parameter before using it in various SQL statement via the admin dashboard, leading to SQL Injections | |||||
| CVE-2022-1687 | 1 Logo Slider Project | 1 Logo Slider | 2022-06-15 | 4.0 MEDIUM | 2.7 LOW |
| The Logo Slider WordPress plugin through 1.4.8 does not sanitise and escape the lsp_slider_id parameter before using it in a SQL statement via the Manage Slider Images admin page, leading to an SQL Injection | |||||
| CVE-2022-1686 | 1 Five Minute Webshop Project | 1 Five Minute Webshop | 2022-06-15 | 4.0 MEDIUM | 2.7 LOW |
| The Five Minute Webshop WordPress plugin through 1.3.2 does not sanitise and escape the id parameter before using it in a SQL statement when editing a product via the admin dashboard, leading to an SQL Injection | |||||
| CVE-2022-2018 | 1 Prison Management System Project | 1 Prison Management System | 2022-06-15 | 7.5 HIGH | 7.2 HIGH |
| A vulnerability classified as critical has been found in SourceCodester Prison Management System 1.0. Affected is an unknown function of the file /admin/?page=inmates/view_inmate of the component Inmate Handler. The manipulation of the argument id with the input 1%27%20and%201=2%20union%20select%201,user(),3,4,5,6,7,8,9,0,database(),2,3,4,5,6,7,8,9,0,1,2,3,4--+ leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2022-2017 | 1 Prison Management System Project | 1 Prison Management System | 2022-06-15 | 6.5 MEDIUM | 7.2 HIGH |
| A vulnerability was found in SourceCodester Prison Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /pms/admin/visits/view_visit.php of the component Visit Handler. The manipulation of the argument id with the input 2%27and%201=2%20union%20select%201,2,3,4,5,6,7,user(),database()--+ leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2022-1685 | 1 Five Minute Webshop Project | 1 Five Minute Webshop | 2022-06-15 | 4.0 MEDIUM | 4.9 MEDIUM |
| The Five Minute Webshop WordPress plugin through 1.3.2 does not properly validate and sanitise the orderby parameter before using it in a SQL statement via the Manage Products admin page, leading to an SQL Injection | |||||
| CVE-2022-1684 | 1 Webpsilon | 1 Cube Slider | 2022-06-15 | 4.0 MEDIUM | 2.7 LOW |
| The Cube Slider WordPress plugin through 1.2 does not sanitise and escape the idslider parameter before using it in various SQL queries, leading to SQL Injections exploitable by high privileged users such as admin | |||||
| CVE-2022-1683 | 1 Amtythumb Project | 1 Amtythumb | 2022-06-15 | 6.5 MEDIUM | 8.8 HIGH |
| The amtyThumb WordPress plugin through 4.2.0 does not sanitise and escape a parameter before using it in a SQL statement via its shortcode, leading to an SQL injection and is exploitable by any authenticated user (and not just Author+ like the original advisory mention) due to the fact that they can execute shortcodes via an AJAX action | |||||
| CVE-2020-15792 | 1 Siemens | 1 Desigo Insight | 2022-06-14 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability has been identified in Desigo Insight (All versions). The web service does not properly apply input validation for some query parameters in a reserved area. This could allow an authenticated attacker to retrieve data via a content-based blind SQL injection attack. | |||||
| CVE-2017-20017 | 1 Tngsitebuilding | 1 The Next Generation Of Genealogy Sitebuilding | 2022-06-14 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability, which was classified as critical, has been found in The Next Generation of Genealogy Sitebuilding up to 11.1.0. This issue affects some unknown processing of the file /timeline2.php. The manipulation of the argument primaryID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 11.1.1 is able to address this issue. It is recommended to upgrade the affected component. | |||||
| CVE-2022-30927 | 1 Simple Task Scheduling System Project | 1 Simple Task Scheduling System | 2022-06-14 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL injection vulnerability exists in Simple Task Scheduling System 1.0 when MySQL is being used as the application database. An attacker can issue SQL commands to the MySQL database through the vulnerable "id" parameter. | |||||
| CVE-2020-36538 | 1 Etan | 1 Etan Cms | 2022-06-14 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability was found in Eatan CMS. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to sql injection. The attack can be launched remotely. | |||||
| CVE-2022-30469 | 1 Afian | 1 Filerun | 2022-06-14 | 6.5 MEDIUM | 8.8 HIGH |
| In Afian Filerun 20220202, lack of sanitization of the POST parameter "metadata[]" in `/?module=fileman§ion=get&page=grid` leads to SQL injection. | |||||
| CVE-2022-31768 | 1 Ibm | 1 Infosphere Information Server | 2022-06-14 | 7.5 HIGH | 9.8 CRITICAL |
| IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. | |||||
| CVE-2020-36537 | 1 Everywhere | 1 Everywhere Cms | 2022-06-14 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability was found in Everywhere CMS. It has been classified as critical. Affected is an unknown function. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. | |||||
| CVE-2020-36536 | 1 Brandbugle | 1 Brandbugle | 2022-06-14 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability was found in Brandbugle. It has been rated as critical. Affected by this issue is some unknown functionality of the file /main.php. The manipulation leads to sql injection. The attack may be launched remotely. | |||||
| CVE-2020-36535 | 1 Minmax | 1 Minmax | 2022-06-14 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability classified as critical has been found in MINMAX. This affects an unknown part of the file /newsDia.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. | |||||
| CVE-2020-36530 | 1 Ibm | 1 Sevone Network Performance Management | 2022-06-14 | 6.0 MEDIUM | 8.8 HIGH |
| A vulnerability classified as critical was found in SevOne Network Management System up to 5.7.2.22. This vulnerability affects the Alert Summary. The manipulation leads to sql injection. The attack can be initiated remotely. | |||||