Total
18012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-0366 | 1 Capsule8 | 1 Capsule8 | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
An authenticated and authorized agent user could potentially gain administrative access via an SQLi vulnerability to Capsule8 Console between versions 4.6.0 and 4.9.1.
|
|||||
| CVE-2022-0362 | 1 Showdoc | 1 Showdoc | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL Injection in Packagist showdoc/showdoc prior to 2.10.3.
|
|||||
| CVE-2022-0349 | 1 Wpdeveloper | 1 Notificationx | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The NotificationX WordPress plugin before 2.3.9 does not sanitise and escape the nx_id parameter before using it in a SQL statement, leading to an Unauthenticated Blind SQL Injection
|
|||||
| CVE-2022-0332 | 1 Moodle | 1 Moodle | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
A flaw was found in Moodle in versions 3.11 to 3.11.4. An SQL injection risk was identified in the h5p activity web service responsible for fetching user attempt data.
|
|||||
| CVE-2022-0267 | 1 Adrotate Project | 1 Adrotate | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
The AdRotate WordPress plugin before 5.8.22 does not sanitise and escape the adrotate_action before using it in a SQL statement via the adrotate_request_action function available to admins, leading to a SQL injection
|
|||||
| CVE-2022-0258 | 1 Pimcore | 1 Pimcore | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
pimcore is vulnerable to Improper Neutralization of Special Elements used in an SQL Command
|
|||||
| CVE-2022-0255 | 1 Deliciousbrains | 1 Database Backup | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
The Database Backup for WordPress plugin before 2.5.1 does not properly sanitise and escape the fragment parameter before using it in a SQL statement in the admin dashboard, leading to a SQL injection issue
|
|||||
| CVE-2022-0254 | 1 Highfivery | 1 Zero-spam | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The WordPress Zero Spam WordPress plugin before 5.2.11 does not properly sanitise and escape the order and orderby parameters before using them in a SQL statement in the admin dashboard, leading to a SQL injection
|
|||||
| CVE-2022-0228 | 1 Sygnoos | 1 Popup Builder | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
The Popup Builder WordPress plugin before 4.0.7 does not validate and properly escape the orderby and order parameters before using them in a SQL statement in the admin dashboard, which could allow high privilege users to perform SQL injection
|
|||||
| CVE-2022-0224 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
dolibarr is vulnerable to Improper Neutralization of Special Elements used in an SQL Command
|
|||||
| CVE-2022-0190 | 1 Acnam | 1 Ad Invalid Click Protector | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
The Ad Invalid Click Protector (AICP) WordPress plugin before 1.2.6 is affected by a SQL Injection in the id parameter of the delete action.
|
|||||
| CVE-2022-0169 | 1 10web | 1 Photo Gallery | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The Photo Gallery by 10Web WordPress plugin before 1.6.0 does not validate and escape the bwg_tag_id_bwg_thumbnails_0 parameter before using it in a SQL statement via the bwg_frontend_data AJAX action (available to unauthenticated and authenticated users), leading to an unauthenticated SQL injection
|
|||||
| CVE-2022-0153 | 1 Fork-cms | 1 Fork Cms | 2024-11-21 | 4.3 MEDIUM | 7.5 HIGH |
|
SQL Injection in GitHub repository forkcms/forkcms prior to 5.11.1.
|
|||||
| CVE-2021-4340 | 1 Stylemixthemes | 1 Ulisting | 2024-11-21 | N/A | 9.8 CRITICAL |
|
The uListing plugin for WordPress is vulnerable to generic SQL Injection via the ‘listing_id’ parameter in versions up to, and including, 1.6.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
|
|||||
| CVE-2021-4336 | 1 Itrsgroup | 1 Ninja | 2024-11-21 | 5.2 MEDIUM | 5.5 MEDIUM |
|
A vulnerability was found in ITRS Group monitor-ninja up to 2021.11.1. It has been rated as critical. Affected by this issue is some unknown functionality of the file modules/reports/models/scheduled_reports.php. The manipulation leads to sql injection. Upgrading to version 2021.11.30 is able to address this issue. The name of the patch is 6da9080faec9bca1ca5342386c0421dca0a6c0cc. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-230084.
|
|||||
| CVE-2021-4328 | 1 Lionfish Cms Project | 1 Lionfish Cms | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
|
A vulnerability has been found in 狮子鱼CMS and classified as critical. Affected by this vulnerability is the function goods_detail of the file ApiController.class.php. The manipulation of the argument goods_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The associated identifier of this vulnerability is ...
Show More |
|||||
| CVE-2021-4313 | 1 Nethserver-phonenehome Project | 1 Nethserver-phonenehome | 2024-11-21 | 5.2 MEDIUM | 5.5 MEDIUM |
|
A vulnerability was found in NethServer phonenehome. It has been rated as critical. This issue affects the function get_info/get_country_coor of the file server/index.php. The manipulation leads to sql injection. The identifier of the patch is 759c30b0ddd7d493836bbdf695cf71624b377391. It is recommended to apply a patch to fix this issue. The identifier VDB-218393 was assigned to this vulnerability.
|
|||||
| CVE-2021-4308 | 1 Lboro | 1 Webpa | 2024-11-21 | 5.2 MEDIUM | 5.5 MEDIUM |
|
A vulnerability was found in WebPA up to 3.1.1. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to sql injection. Upgrading to version 3.1.2 is able to address this issue. The identifier of the patch is 8836c4f549181e885a68e0e7ca561fdbcbd04bf0. It is recommended to upgrade the affected component. The identifier VDB-217637 was assigned to this vulnerability.
|
|||||
| CVE-2021-4301 | 1 Phpwcms | 1 Phpwcms | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
|
A vulnerability was found in slackero phpwcms up to 1.9.26 and classified as critical. Affected by this issue is some unknown functionality. The manipulation of the argument $phpwcms['db_prepend'] leads to sql injection. The attack may be launched remotely. Upgrading to version 1.9.27 is able to address this issue. The patch is identified as 77dafb6a8cc1015f0777daeb5792f43beef77a9d. It is recommended to upgrade the affected component. VDB-217418 is the identifier assigned to this vulnerability.
|
|||||
| CVE-2021-4298 | 1 Nd | 1 Sipity | 2024-11-21 | 5.2 MEDIUM | 5.5 MEDIUM |
|
A vulnerability classified as critical has been found in Hesburgh Libraries of Notre Dame Sipity. This affects the function SearchCriteriaForWorksParameter of the file app/parameters/sipity/parameters/search_criteria_for_works_parameter.rb. The manipulation leads to sql injection. Upgrading to version 2021.8 is able to address this issue. The patch is named d1704c7363b899ffce65be03a796a0ee5fdbfbdc. It is recommended to upgrade the affected component. The associated identifier of this vulnerabili ...
Show More |
|||||
| CVE-2021-4290 | 1 Fallstudie Project | 1 Fallstudie | 2024-11-21 | N/A | 5.5 MEDIUM |
|
A vulnerability was found in DHBW Fallstudie. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file app/config/passport.js of the component Login. The manipulation of the argument id/email leads to sql injection. The name of the patch is 5c13c6a972ef4c07c5f35b417916e0598af9e123. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216907.
|
|||||
| CVE-2021-4276 | 1 Dns-stats | 1 Hedgehog | 2024-11-21 | N/A | 4.1 MEDIUM |
|
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in dns-stats hedgehog. It has been rated as problematic. Affected by this issue is the function DSCIOManager::dsc_import_input_from_source of the file src/DSCIOManager.cpp. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The name of the patch is 58922c345d3d1fe89bb2020111873a3 ...
Show More |
|||||
| CVE-2021-4262 | 1 Laravel Jqgrid Project | 1 Laravel Jqgrid | 2024-11-21 | N/A | 5.5 MEDIUM |
|
A vulnerability classified as critical was found in laravel-jqgrid. Affected by this vulnerability is the function getRows of the file src/Mgallegos/LaravelJqgrid/Repositories/EloquentRepositoryAbstract.php. The manipulation leads to sql injection. The name of the patch is fbc2d94f43d0dc772767a5bdb2681133036f935e. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216271.
|
|||||
| CVE-2021-4261 | 1 Pacman-canvas Project | 1 Pacman-canvas | 2024-11-21 | N/A | 6.3 MEDIUM |
|
A vulnerability classified as critical has been found in pacman-canvas up to 1.0.5. Affected is the function addHighscore of the file data/db-handler.php. The manipulation leads to sql injection. It is possible to launch the attack remotely. Upgrading to version 1.0.6 is able to address this issue. The name of the patch is 29522c90ca1cebfce6453a5af5a45281d99b0646. It is recommended to upgrade the affected component. VDB-216270 is the identifier assigned to this vulnerability.
|
|||||
| CVE-2021-4208 | 1 Exportfeed | 1 Exportfeed | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
The ExportFeed WordPress plugin through 2.0.1.0 does not sanitise and escape the product_id POST parameter before using it in a SQL statement, leading to a SQL injection vulnerability exploitable by high privilege users
|
|||||
| CVE-2021-4134 | 1 Radykal | 1 Fancy Product Designer | 2024-11-21 | 4.0 MEDIUM | 7.2 HIGH |
|
The Fancy Product Designer WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the ID parameter found in the ~/inc/api/class-view.php file which allows attackers with administrative level permissions to inject arbitrary SQL queries to obtain sensitive information, in versions up to and including 4.7.4.
|
|||||
| CVE-2021-4088 | 1 Mcafee | 1 Data Loss Prevention | 2024-11-21 | 6.5 MEDIUM | 8.4 HIGH |
|
SQL injection vulnerability in Data Loss Protection (DLP) ePO extension 11.8.x prior to 11.8.100, 11.7.x prior to 11.7.101, and 11.6.401 allows a remote authenticated attacker to inject unfiltered SQL into the DLP part of the ePO database. This could lead to remote code execution on the ePO server with privilege escalation.
|
|||||
| CVE-2021-46459 | 1 Victor Cms Project | 1 Victor Cms | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Victor CMS v1.0 was discovered to contain multiple SQL injection vulnerabilities in the component admin/users.php?source=add_user. These vulnerabilities can be exploited through a crafted POST request via the user_name, user_firstname,user_lastname, or user_email parameters.
|
|||||
| CVE-2021-46458 | 1 Victor Cms Project | 1 Victor Cms | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Victor CMS v1.0 was discovered to contain a SQL injection vulnerability in the component admin/posts.php?source=add_post. This vulnerability can be exploited through a crafted POST request via the post_title parameter.
|
|||||
| CVE-2021-46451 | 1 Online Project Time Management System Project | 1 Online Project Time Management System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An SQL Injection vulnerabilty exists in Sourcecodester Online Project Time Management System 1.0 via the pid parameter in the load_file function.
|
|||||
| CVE-2021-46448 | 1 Hhg-multistore | 1 Multistore | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
H.H.G Multistore v5.1.0 and below was discovered to contain a SQL injection vulnerability via /admin/customers.php?page=1&cID.
|
|||||
| CVE-2021-46446 | 1 Hhg-multistore | 1 Multistore | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
H.H.G Multistore v5.1.0 and below was discovered to contain a SQL injection vulnerability via /admin/admin.php?module=admin_access_group_edit&aagID.
|
|||||
| CVE-2021-46445 | 1 Hhg-multistore | 1 Multistore | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
H.H.G Multistore v5.1.0 and below was discovered to contain a SQL injection vulnerability via /admin/categories.php?box_group_id.
|
|||||
| CVE-2021-46444 | 1 Hhg-multistore | 1 Multistore | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
H.H.G Multistore v5.1.0 and below was discovered to contain a SQL injection vulnerability via /admin/admin.php?module=admin_group_edit&agID.
|
|||||
| CVE-2021-46436 | 1 Zzcms | 1 Zzcms | 2024-11-21 | 6.8 MEDIUM | 7.2 HIGH |
|
An issue was discovered in ZZCMS 2021. There is a SQL injection vulnerability in ad_manage.php.
|
|||||
| CVE-2021-46427 | 1 Simple Chatbot Application Project | 1 Simple Chatbot Application | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An SQL Injection vulnerability exists in Sourcecodester Simple Chatbot Application 1.0 via the message parameter in Master.php.
|
|||||
| CVE-2021-46385 | 1 Mingsoft | 1 Mcms | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
https://gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: SQL Injection. The impact is: obtain sensitive information (remote). The component is: net.mingsoft.mdiy.action.FormDataAction#queryData. The attack vector is: 0 or sleep(3). ¶¶ MCMS has a sql injection vulnerability through which attacker can get sensitive information from the database.
|
|||||
| CVE-2021-46383 | 1 Mingsoft | 1 Mcms | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
https://gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: SQL Injection. The impact is: obtain sensitive information (remote). The component is: net.mingsoft.mdiy.action.web.DictAction#list. The attack vector is: 0 or sleep(3). ¶¶ MCMS has a sql injection vulnerability through which attacker can get sensitive information from the database.
|
|||||
| CVE-2021-46377 | 1 Cskaza | 1 Cszcms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
There is a front-end sql injection vulnerability in cszcms 1.2.9 via cszcms/controllers/Member.php#viewUser
|
|||||
| CVE-2021-46309 | 1 Oretnom23 | 1 Employee And Visitor Gate Pass Logging System | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
An SQL Injection vulnerability exists in Sourcecodester Employee and Visitor Gate Pass Logging System 1.0 via the username parameter.
|
|||||