Total
17769 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-1082 | 1 Microfinance Management System Project | 1 Microfinance Management System | 2024-11-21 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in SourceCodester Microfinance Management System 1.0. It has been rated as critical. This issue affects the file /mims/login.php of the Login Page. The manipulation of the argument username/password with the input '||1=1# leads to sql injection. The attack may be initiated remotely. | |||||
| CVE-2022-1080 | 1 One Church Management System Project | 1 One Church Management System | 2024-11-21 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in SourceCodester One Church Management System 1.0. It has been declared as critical. This vulnerability affects code of the file attendancy.php as the manipulation of the argument search2 leads to sql injection. The attack can be initiated remotely. | |||||
| CVE-2022-1078 | 1 College Website Management System Project | 1 College Website Management System | 2024-11-21 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in SourceCodester College Website Management System 1.0. It has been classified as critical. Affected is the file /cwms/admin/?page=articles/view_article/. The manipulation of the argument id with the input ' and (select * from(select(sleep(10)))Avx) and 'abc' = 'abc with an unknown input leads to sql injection. It is possible to launch the attack remotely and without authentication. | |||||
| CVE-2022-1064 | 1 Fork-cms | 1 Fork Cms | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection through marking blog comments on bulk as spam in GitHub repository forkcms/forkcms prior to 5.11.1. | |||||
| CVE-2022-1057 | 1 Varktech | 1 Pricing Deals For Woocommerce | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The Pricing Deals for WooCommerce WordPress plugin through 2.0.2.02 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to an unauthenticated SQL injection | |||||
| CVE-2022-1023 | 1 Secondlinethemes | 1 Podcast Importer Secondline | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| The Podcast Importer SecondLine WordPress plugin before 1.3.8 does not sanitise and properly escape some imported data, which could allow SQL injection attacks to be performed by imported a malicious podcast file | |||||
| CVE-2022-1014 | 1 Labarta | 1 Wp Contacts Manager | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The WP Contacts Manager WordPress plugin through 2.2.4 fails to properly sanitize user supplied POST data before it is being interpolated in an SQL statement and then executed, leading to an SQL injection vulnerability. | |||||
| CVE-2022-1013 | 1 Ays-pro | 1 Personal Dictionary | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The Personal Dictionary WordPress plugin before 1.3.4 fails to properly sanitize user supplied POST data before it is being interpolated in an SQL statement and then executed, leading to a blind SQL injection vulnerability. | |||||
| CVE-2022-1006 | 1 Elbtide | 1 Advanced Booking Calendar | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| The Advanced Booking Calendar WordPress plugin before 1.7.1 does not sanitise and escape the id parameter when editing Calendars, which could allow high privilege users such as admin to perform SQL injection attacks | |||||
| CVE-2022-0983 | 2 Fedoraproject, Moodle | 3 Extra Packages For Enterprise Linux, Fedora, Moodle | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| An SQL injection risk was identified in Badges code relating to configuring criteria. Access to the relevant capability was limited to teachers and managers by default. | |||||
| CVE-2022-0949 | 1 Stopbadbots | 1 Block And Stop Bad Bots | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection WordPress plugin before 6.930 does not properly sanitise and escape the fingerprint parameter before using it in a SQL statement via the stopbadbots_grava_fingerprint AJAX action, available to unauthenticated users, leading to a SQL injection | |||||
| CVE-2022-0948 | 1 Pluginbazaar | 1 Order Listener For Woocommerce | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The Order Listener for WooCommerce WordPress plugin before 3.2.2 does not sanitise and escape the id parameter before using it in a SQL statement via a REST route available to unauthenticated users, leading to an SQL injection | |||||
| CVE-2022-0923 | 1 Deltaww | 1 Diaenergie | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in HandlerDialog_KID.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. | |||||
| CVE-2022-0887 | 1 Cybernetikz | 1 Easy Social Icons | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| The Easy Social Icons WordPress plugin before 3.1.4 does not sanitize the selected_icons attribute to the cnss_widget before using it in an SQL statement, leading to a SQL injection vulnerability. | |||||
| CVE-2022-0867 | 1 Reputeinfosystems | 1 Pricing Table | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The Pricing Table WordPress plugin before 3.6.1 fails to properly sanitize and escape user supplied POST data before it is being interpolated in an SQL statement and then executed via an AJAX action available to unauthenticated users | |||||
| CVE-2022-0846 | 1 Speakout\! Email Petitions Project | 1 Speakout\! Email Petitions | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The SpeakOut! Email Petitions WordPress plugin before 2.14.15.1 does not sanitise and escape the id parameter before using it in a SQL statement via the dk_speakout_sendmail AJAX action, leading to an SQL Injection exploitable by unauthenticated users | |||||
| CVE-2022-0842 | 1 Mcafee | 1 Epolicy Orchestrator | 2024-11-21 | 4.0 MEDIUM | 5.4 MEDIUM |
| A blind SQL injection vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote authenticated attacker to potentially obtain information from the ePO database. The data obtained is dependent on the privileges the attacker has and to obtain sensitive data the attacker would require administrator privileges. | |||||
| CVE-2022-0836 | 1 Semadatacoop | 1 Sema Api | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The SEMA API WordPress plugin before 4.02 does not properly sanitise and escape some parameters before using them in SQL statements via an AJAX action, leading to SQL Injections exploitable by unauthenticated users | |||||
| CVE-2022-0827 | 1 Presspage | 1 Bestbooks | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The Bestbooks WordPress plugin through 2.6.3 does not sanitise and escape some parameters before using them in a SQL statement via an AJAX action, leading to an SQL Injection exploitable by unauthenticated users | |||||
| CVE-2022-0826 | 1 Wp-video-gallery-free Project | 1 Wp-video-gallery-free | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The WP Video Gallery WordPress plugin through 1.7.1 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action, leading to an SQL Injection exploitable by unauthenticated users | |||||