Total
9311 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-28961 | 1 Spip | 1 Spip | 2022-05-25 | 6.5 MEDIUM | 8.8 HIGH |
| Spip Web Framework v3.1.13 and below was discovered to contain multiple SQL injection vulnerabilities at /ecrire via the lier_trad and where parameters. | |||||
| CVE-2022-24391 | 1 Fidelissecurity | 2 Deception, Network | 2022-05-25 | 6.5 MEDIUM | 8.8 HIGH |
| Vulnerability in Fidelis Network and Deception CommandPost enables SQL injection through the web interface by an attacker with user level access. The vulnerability is present in Fidelis Network and Deception versions prior to 9.4.5. Patches and updates are available to address this vulnerability. | |||||
| CVE-2020-3937 | 1 Sysjust | 1 Syuan-gu-da-shin | 2022-05-25 | 5.0 MEDIUM | 7.5 HIGH |
| SQL Injection in SysJust Syuan-Gu-Da-Shih, versions before 20191223, allowing attackers to perform unwanted SQL queries and access arbitrary file in the database. | |||||
| CVE-2022-30054 | 1 Covid 19 Travel Pass Management Project | 1 Covid 19 Travel Pass Management | 2022-05-25 | 7.5 HIGH | 9.8 CRITICAL |
| In Covid 19 Travel Pass Management 1.0, the code parameter is vulnerable to SQL injection attacks. | |||||
| CVE-2022-30052 | 1 Home Clean Service System Project | 1 Home Clean Service System | 2022-05-25 | 7.5 HIGH | 9.8 CRITICAL |
| In Home Clean Service System 1.0, the password parameter is vulnerable to SQL injection attacks. | |||||
| CVE-2022-30053 | 1 Toll Tax Management System Project | 1 Toll Tax Management System | 2022-05-25 | 7.5 HIGH | 9.8 CRITICAL |
| In Toll Tax Management System 1.0, the id parameter appears to be vulnerable to SQL injection attacks. | |||||
| CVE-2022-1182 | 1 Visual Slide Box Builder Project | 1 Visual Slide Box Builder | 2022-05-25 | 6.5 MEDIUM | 8.8 HIGH |
| The Visual Slide Box Builder WordPress plugin through 3.2.9 does not sanitise and escape various parameters before using them in SQL statements via some of its AJAX actions available to any authenticated users (such as subscriber), leading to SQL Injections | |||||
| CVE-2022-1731 | 1 Allgeier | 1 Metasonic Doc Webclient | 2022-05-24 | 6.8 MEDIUM | 9.8 CRITICAL |
| Metasonic Doc WebClient 7.0.14.0 / 7.0.12.0 / 7.0.3.0 is vulnerable to a SQL injection attack in the username field. SSO or System authentication are required to be enabled for vulnerable conditions to exist. | |||||
| CVE-2022-0867 | 1 Reputeinfosystems | 1 Pricing Table | 2022-05-24 | 7.5 HIGH | 9.8 CRITICAL |
| The Pricing Table WordPress plugin before 3.6.1 fails to properly sanitize and escape user supplied POST data before it is being interpolated in an SQL statement and then executed via an AJAX action available to unauthenticated users | |||||
| CVE-2022-30011 | 1 Hospital Managment System Project | 1 Hospital Managment System | 2022-05-24 | 7.5 HIGH | 9.8 CRITICAL |
| In HMS 1.0 when requesting appointment.php through POST, multiple parameters can lead to a SQL injection vulnerability. | |||||
| CVE-2022-30765 | 1 Calibre-web Project | 1 Calibre-web | 2022-05-24 | 7.5 HIGH | 9.8 CRITICAL |
| Calibre-Web before 0.6.18 allows user table SQL Injection. | |||||
| CVE-2022-28930 | 1 Erp-pro Project | 1 Erp-pro | 2022-05-24 | 7.5 HIGH | 9.8 CRITICAL |
| ERP-Pro v3.7.5 was discovered to contain a SQL injection vulnerability via the component /base/SysEveMenuAuthPointMapper.xml.. | |||||
| CVE-2022-30012 | 1 Hospital Management System Project | 1 Hospital Management System | 2022-05-24 | 5.0 MEDIUM | 7.5 HIGH |
| In the POST request of the appointment.php page of HMS v.0, there are SQL injection vulnerabilities in multiple parameters, and database information can be obtained through injection. | |||||
| CVE-2022-24831 | 1 Openclinica | 1 Openclinica | 2022-05-24 | 7.5 HIGH | 9.8 CRITICAL |
| OpenClinica is an open source software for Electronic Data Capture (EDC) and Clinical Data Management (CDM). Versions prior to 3.16.1 are vulnerable to SQL injection due to the use of string concatenation to create SQL queries instead of prepared statements. No known workarounds exist. This issue has been patched in 3.16.1, 3.15.9, 3.14.1, and 3.13.1 and users are advised to upgrade. | |||||
| CVE-2022-29383 | 1 Netgear | 2 Ssl312, Ssl312 Firmware | 2022-05-24 | 7.5 HIGH | 9.8 CRITICAL |
| NETGEAR ProSafe SSL VPN firmware FVS336Gv2 and FVS336Gv3 was discovered to contain a SQL injection vulnerability via USERDBDomains.Domainname at cgi-bin/platform.cgi. | |||||
| CVE-2021-41965 | 1 Churchcrm | 1 Churchcrm | 2022-05-23 | 6.5 MEDIUM | 8.8 HIGH |
| A SQL injection vulnerability exists in ChurchCRM version 2.0.0 to 4.4.5 that allows an authenticated attacker to issue an arbitrary SQL command to the database through the unsanitized EN_tyid, theID and EID fields used when an Edit action on an existing record is being performed. | |||||
| CVE-2022-28929 | 1 Hospital Management System Project | 1 Hospital Management System | 2022-05-23 | 7.5 HIGH | 9.8 CRITICAL |
| Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the delid parameter at viewtreatmentrecord.php. | |||||
| CVE-2022-30413 | 1 Covid 19 Travel Pass Management System Project | 1 Covid 19 Travel Pass Management System | 2022-05-23 | 7.5 HIGH | 9.8 CRITICAL |
| Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL Injection via /ctpms/classes/Master.php?f=delete_application. | |||||
| CVE-2022-30412 | 1 Covid 19 Travel Pass Management System Project | 1 Covid 19 Travel Pass Management System | 2022-05-23 | 6.5 MEDIUM | 7.2 HIGH |
| Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL Injection via /ctpms/admin/individuals/update_status.php?id=. | |||||
| CVE-2022-30411 | 1 Covid 19 Travel Pass Management System Project | 1 Covid 19 Travel Pass Management System | 2022-05-23 | 6.5 MEDIUM | 7.2 HIGH |
| Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL Injection via /ctpms/admin/?page=individuals/view_individual&id=. | |||||