Total
9311 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-4056 | 2 Coturn Project, Debian | 2 Coturn, Debian Linux | 2022-06-07 | 7.5 HIGH | 9.8 CRITICAL |
| An exploitable SQL injection vulnerability exists in the administrator web portal function of coTURN prior to version 4.5.0.9. A login message with a specially crafted username can cause an SQL injection, resulting in authentication bypass, which could give access to the TURN server administrator web portal. An attacker can log in via the external interface of the TURN server to trigger this vulnerability. | |||||
| CVE-2022-27385 | 1 Mariadb | 1 Mariadb | 2022-06-07 | 5.0 MEDIUM | 7.5 HIGH |
| An issue in the component Used_tables_and_const_cache::used_tables_and_const_cache_join of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. | |||||
| CVE-2022-1361 | 1 Cambiumnetworks | 1 Cnmaestro | 2022-06-06 | 5.0 MEDIUM | 7.5 HIGH |
| The affected On-Premise cnMaestro is vulnerable to a pre-auth data exfiltration through improper neutralization of special elements used in an SQL command. This could allow an attacker to exfiltrate data about other user’s accounts and devices. | |||||
| CVE-2022-1358 | 1 Cambiumnetworks | 1 Cnmaestro | 2022-06-06 | 5.0 MEDIUM | 7.5 HIGH |
| The affected On-Premise is vulnerable to data exfiltration through improper neutralization of special elements used in an SQL command. This could allow an attacker to exfiltrate and dump all data held in the cnMaestro database. | |||||
| CVE-2017-4972 | 2 Cloudfoundry, Pivotal Software | 3 Cf-release, Cloud Foundry Uaa Bosh, Cloud Foundry Uaa | 2022-06-03 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v257; UAA release 2.x versions prior to v2.7.4.14, 3.6.x versions prior to v3.6.8, 3.9.x versions prior to v3.9.10, and other versions prior to v3.15.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.12, 24.x versions prior to v24.7, and other versions prior to v30. An attacker can use a blind SQL injection attack to query the contents of the UAA database. | |||||
| CVE-2022-28862 | 1 Archibus | 1 Web Central | 2022-06-03 | 7.5 HIGH | 9.8 CRITICAL |
| In Archibus Web Central before 26.2, multiple SQL Injection vulnerabilities occur in dwr/call/plaincall/workflow.runWorkflowRule.dwr. Through the injection of arbitrary SQL statements, a potential attacker can modify query syntax and perform unauthorized (and unexpected) operations against the remote database. This is fixed in all recent versions, such as version 26.2. | |||||
| CVE-2022-1883 | 1 Camptocamp | 1 Terraboard | 2022-06-03 | 6.5 MEDIUM | 8.8 HIGH |
| SQL Injection in GitHub repository camptocamp/terraboard prior to 2.2.0. | |||||
| CVE-2021-38694 | 1 Softvibe | 1 Saraban | 2022-06-03 | 5.0 MEDIUM | 7.5 HIGH |
| SoftVibe SARABAN for INFOMA 1.1 allows SQL Injection. | |||||
| CVE-2022-30493 | 1 Automotive Shop Management System Project | 1 Automotive Shop Management System | 2022-06-03 | 10.0 HIGH | 9.8 CRITICAL |
| In oretnom23 Automotive Shop Management System v1.0, the product id parameter suffers from a blind SQL Injection Vulnerability allowing remote attackers to dump all database credential and gain admin access(privilege escalation). | |||||
| CVE-2021-21465 | 1 Sap | 1 Business Warehouse | 2022-06-03 | 6.5 MEDIUM | 9.9 CRITICAL |
| The BW Database Interface allows an attacker with low privileges to execute any crafted database queries, exposing the backend database. An attacker can include their own SQL commands which the database will execute without properly sanitizing the untrusted data leading to SQL injection vulnerability which can fully compromise the affected SAP system. | |||||
| CVE-2022-29650 | 1 Online Food Ordering System Project | 1 Online Food Ordering System | 2022-06-03 | 7.5 HIGH | 9.8 CRITICAL |
| Online Food Ordering System v1.0 was discovered to contain a SQL injection vulnerability via the Search parameter at /online-food-order/food-search.php. | |||||
| CVE-2022-30516 | 1 Hospital Management System Project | 1 Hospital Management System | 2022-06-03 | 7.5 HIGH | 9.8 CRITICAL |
| In Hospital-Management-System v1.0, the editid parameter in the doctor.php page is vulnerable to SQL injection attacks. | |||||
| CVE-2022-30500 | 1 Jflyfox | 1 Jfinal Cms | 2022-06-02 | 7.5 HIGH | 9.8 CRITICAL |
| Jfinal cms 5.1.0 is vulnerable to SQL Injection. | |||||
| CVE-2022-1838 | 1 Home Clean Services Management System Project | 1 Home Clean Services Management System | 2022-06-02 | 6.5 MEDIUM | 7.2 HIGH |
| A vulnerability classified as critical has been found in Home Clean Services Management System 1.0. This affects an unknown part of admin/login.php. The manipulation of the argument username with the input admin%'/**/AND/**/(SELECT/**/5383/**/FROM/**/(SELECT(SLEEP(5)))JPeh)/**/AND/**/'frfq%'='frfq leads to sql injection. It is possible to initiate the attack remotely but it requires authentication. Exploit details have been disclosed to the public. | |||||
| CVE-2022-1839 | 1 Home Clean Services Management System Project | 1 Home Clean Services Management System | 2022-06-02 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability classified as critical was found in Home Clean Services Management System 1.0. This vulnerability affects the file login.php. The manipulation of the argument email with the input admin%'/**/AND/**/(SELECT/**/5383/**/FROM/**/(SELECT(SLEEP(2)))JPeh)/**/AND/**/'frfq%'='frfq leads to sql injection. The attack can be initiated remotely but it requires authentication. Exploit details have been disclosed to the public. | |||||
| CVE-2021-37413 | 1 Grandcom | 1 Dynweb | 2022-06-01 | 7.5 HIGH | 9.8 CRITICAL |
| GRANDCOM DynWEB before 4.2 contains a SQL Injection vulnerability in the admin login interface. A remote unauthenticated attacker can exploit this vulnerability to obtain administrative access to the webpage, access the user database, modify web content and upload custom files. The backend login script does not verify and sanitize user-provided strings. | |||||
| CVE-2021-42655 | 1 Sscms | 1 Siteserver Cms | 2022-05-31 | 6.5 MEDIUM | 8.8 HIGH |
| SiteServer CMS V6.15.51 is affected by a SQL injection vulnerability. | |||||
| CVE-2022-29721 | 1 74cms | 1 74cmsse | 2022-05-31 | 5.0 MEDIUM | 7.5 HIGH |
| 74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability via the keyword parameter at /home/jobfairol/resumelist. | |||||
| CVE-2021-40317 | 1 Piwigo | 1 Piwigo | 2022-05-31 | 6.5 MEDIUM | 8.8 HIGH |
| Piwigo 11.5.0 is affected by a SQL injection vulnerability via admin.php and the id parameter. | |||||
| CVE-2020-6126 | 1 Os4ed | 1 Opensis | 2022-05-31 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability exists in the CoursePeriodModal.php page of OS4Ed openSIS 7.3. The course_period_id parameter in the page CoursePeriodModal.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger these vulnerabilities. | |||||