Total
9311 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-30352 | 1 Phpabook Project | 1 Phpabook | 2022-06-09 | 7.5 HIGH | 9.8 CRITICAL |
| phpABook 0.9i is vulnerable to SQL Injection due to insufficient sanitization of user-supplied data in the "auth_user" parameter in index.php script. | |||||
| CVE-2022-29659 | 1 Responsive Online Blog Project | 1 Responsive Online Blog | 2022-06-09 | 7.5 HIGH | 9.8 CRITICAL |
| Responsive Online Blog v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at single.php. | |||||
| CVE-2021-26633 | 2 Linux, Maxb | 2 Linux Kernel, Maxboard | 2022-06-09 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection and Local File Inclusion (LFI) vulnerabilities in MaxBoard can cause information leakage and privilege escalation. This vulnerabilities can be exploited by manipulating a variable with a desired value and inserting and arbitrary file. | |||||
| CVE-2019-12351 | 1 Zzcms | 1 Zzcms | 2022-06-09 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in zzcms 2019. SQL Injection exists in dl/dl_print.php via an id parameter value with a trailing comma. | |||||
| CVE-2019-12350 | 1 Zzcms | 1 Zzcms | 2022-06-09 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in zzcms 2019. SQL Injection exists in dl/dl_download.php via an id parameter value with a trailing comma. | |||||
| CVE-2019-12349 | 1 Zzcms | 1 Zzcms | 2022-06-09 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in zzcms 2019. SQL Injection exists in /admin/dl_sendsms.php via the id parameter. | |||||
| CVE-2021-44095 | 1 Hospital Management System Project | 1 Hospital Management System | 2022-06-08 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL injection vulnerability exists in ProjectWorlds Hospital Management System in php 1.0 on login page that allows a remote attacker to compromise Application SQL database. | |||||
| CVE-2021-44096 | 1 Egavilanmedia | 1 User Registration And Login System With Admin Panel | 2022-06-08 | 7.5 HIGH | 9.8 CRITICAL |
| EGavilan Media User-Registration-and-Login-System-With-Admin-Panel 1.0 is vulnerable to SQL Injection via profile_action - update_user. This allows a remote attacker to compromise Application SQL database. | |||||
| CVE-2021-44097 | 1 Contact-form-with-messages-entry-management Project | 1 Contact-form-with-messages-entry-management | 2022-06-08 | 7.5 HIGH | 9.8 CRITICAL |
| EGavilan Media Contact-Form-With-Messages-Entry-Management 1.0 is vulnerable to SQL Injection via Addmessage.php. This allows a remote attacker to compromise Application SQL database. | |||||
| CVE-2021-44098 | 1 Egavilanmedia | 1 Expense Management System | 2022-06-08 | 7.5 HIGH | 9.8 CRITICAL |
| EGavilan Media Expense-Management-System 1.0 is vulnerable to SQL Injection via /expense_action.php. This allows a remote attacker to compromise Application SQL database. | |||||
| CVE-2022-24848 | 1 Dhis2 | 1 Dhis 2 | 2022-06-08 | 6.5 MEDIUM | 8.8 HIGH |
| DHIS2 is an information system for data capture, management, validation, analytics and visualization. A SQL injection security vulnerability affects the `/api/programs/orgUnits?programs=` API endpoint in DHIS2 versions prior to 2.36.10.1 and 2.37.6.1. The system is vulnerable to attack only from users that are logged in to DHIS2, and there is no known way of exploiting the vulnerability without first being logged in as a DHIS2 user. The vulnerability is not exposed to a non-malicious user and requires a conscious attack to be exploited. A successful exploit of this vulnerability could allow the malicious user to read, edit and delete data in the DHIS2 instance's database. Security patches are now available for DHIS2 versions 2.36.10.1 and 2.37.6.1. One may apply mitigations at the web proxy level as a workaround. More information about these mitigations is available in the GitHub Security Advisory. | |||||
| CVE-2013-10003 | 1 Telecomsoftware | 2 Samwin Agent, Samwin Contact Center | 2022-06-08 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability classified as critical has been found in Telecommunication Software SAMwin Contact Center Suite 5.1. This affects the function getCurrentDBVersion in the library SAMwinLIBVB.dll of the database handler. The manipulation leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 6.2 is able to address this issue. It is recommended to upgrade the affected component. | |||||
| CVE-2022-1556 | 1 Era404 | 1 Stafflist | 2022-06-08 | 7.5 HIGH | 9.8 CRITICAL |
| The StaffList WordPress plugin before 3.1.5 does not properly sanitise and escape a parameter before using it in a SQL statement when searching for Staff in the admin dashboard, leading to an SQL Injection | |||||
| CVE-2022-22495 | 1 Ibm | 1 I | 2022-06-07 | 6.5 MEDIUM | 8.8 HIGH |
| IBM i 7.3, 7.4, and 7.5 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 226941. | |||||
| CVE-2021-35487 | 1 Nokia | 1 Broadcast Message Center | 2022-06-07 | 4.0 MEDIUM | 6.5 MEDIUM |
| Nokia Broadcast Message Center through 11.1.0 allows an authenticated user to perform a Boolean Blind SQL Injection attack on the endpoint /owui/block/send-receive-updates (for the Manage Alerts page) via the extIdentifier HTTP POST parameter. This allows an attacker to obtain the database user, database name, and database version information, and potentially database data. | |||||
| CVE-2020-13499 | 1 Aveva | 1 Edna Enterprise Data Historian | 2022-06-07 | 7.5 HIGH | 9.8 CRITICAL |
| An SQL injection vulnerability exists in the CHaD.asmx web service functionality of eDNA Enterprise Data Historian 3.0.1.2/7.5.4989.33053. Specially crafted SOAP web requests can cause SQL injections resulting in data compromise. Parameter InstancePath in CHaD.asmx is vulnerable to unauthenticated SQL injection attacks. | |||||
| CVE-2020-13526 | 1 Processmaker | 1 Processmaker | 2022-06-07 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability exists in the handling of sort parameters in ProcessMaker 3.4.11. A specially crafted HTTP request can cause an SQL injection. The reportTables_Ajax and clientSetupAjax pages are vulnerable to SQL injection in the sort parameter.An attacker can make an authenticated HTTP request to trigger these vulnerabilities. | |||||
| CVE-2020-13525 | 1 Processmaker | 1 Processmaker | 2022-06-07 | 6.5 MEDIUM | 8.8 HIGH |
| The sort parameter in the download page /sysworkflow/en/neoclassic/reportTables/reportTables_Ajax is vulnerable to SQL injection in ProcessMaker 3.4.11. A specially crafted HTTP request can cause an SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | |||||
| CVE-2020-13501 | 1 Aveva | 1 Edna Enterprise Data Historian | 2022-06-07 | 7.5 HIGH | 9.8 CRITICAL |
| An SQL injection vulnerability exists in the CHaD.asmx web service functionality of eDNA Enterprise Data Historian 3.0.1.2/7.5.4989.33053. Specially crafted SOAP web requests can cause SQL injections resulting in data compromise. Parameter InstanceName in CHaD.asmx is vulnerable to unauthenticated SQL injection attacks. | |||||
| CVE-2020-13500 | 1 Aveva | 1 Edna Enterprise Data Historian | 2022-06-07 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability exists in the CHaD.asmx web service functionality of eDNA Enterprise Data Historian 3.0.1.2/7.5.4989.33053. Specially crafted SOAP web requests can cause SQL injections resulting in data compromise. Parameter ClassName in CHaD.asmx is vulnerable to unauthenticated SQL injection attacks. | |||||