Vulnerabilities (CVE)

Filtered by CWE-89
Total 15483 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-36675 1 Simple Task Scheduling System Project 1 Simple Task Scheduling System 2024-11-21 N/A 7.2 HIGH
Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /schedules/manage_schedule.php.
CVE-2022-36674 1 Simple Task Scheduling System Project 1 Simple Task Scheduling System 2024-11-21 N/A 7.2 HIGH
Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /schedules/view_schedule.php.
CVE-2022-36669 1 Hospital Information System Project 1 Hospital Information System 2024-11-21 N/A 9.8 CRITICAL
Hospital Information System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
CVE-2022-36636 1 Garage Management System Project 1 Garage Management System 2024-11-21 N/A 8.8 HIGH
Garage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /print.php.
CVE-2022-36635 1 Zkteco 1 Zkbiosecurity V5000 2024-11-21 N/A 8.8 HIGH
ZKteco ZKBioSecurity V5000 4.1.3 was discovered to contain a SQL injection vulnerability via the component /baseOpLog.do.
CVE-2022-36609 1 Oretnom23 1 Clinic\'s Patient Management System 2024-11-21 N/A 9.8 CRITICAL
Clinic's Patient Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /pms/update_patient.php.
CVE-2022-36606 1 Yimihome 1 Ywoa 2024-11-21 N/A 9.8 CRITICAL
Ywoa before v6.1 was discovered to contain a SQL injection vulnerability via /oa/setup/checkPool?database.
CVE-2022-36605 1 Yimihome 1 Ywoa 2024-11-21 N/A 9.8 CRITICAL
Yimioa v6.1 was discovered to contain a SQL injection vulnerability via the orderbyGET parameter.
CVE-2022-36599 1 Mingsoft 1 Mcms 2024-11-21 N/A 9.8 CRITICAL
Mingsoft MCMS 5.2.8 was discovered to contain a SQL injection vulnerability in /mdiy/model/delete URI via models Lists.
CVE-2022-36594 1 Mybatis 1 Mapper 2024-11-21 N/A 9.8 CRITICAL
Mapper v4.0.0 to v4.2.0 was discovered to contain a SQL injection vulnerability via the ids parameter at the selectByIds function.
CVE-2022-36581 1 Online Ordering System Project 1 Online Ordering System 2024-11-21 N/A 7.5 HIGH
Online Ordering System v2.3.2 was discovered to contain a SQL injection vulnerability via the user_email parameter at /admin/login.php.
CVE-2022-36578 1 Jizhicms 1 Jizhicms 2024-11-21 N/A 9.8 CRITICAL
jizhicms v2.3.1 has SQL injection in the background.
CVE-2022-36545 1 Edoc-doctor-appointment-system Project 1 Edoc-doctor-appointment-system 2024-11-21 N/A 9.8 CRITICAL
Edoc-doctor-appointment-system v1.0.1 was discovered to contain a SQL injection vulnerability via the id parameter at /patient/settings.php.
CVE-2022-36544 1 Edoc-doctor-appointment-system Project 1 Edoc-doctor-appointment-system 2024-11-21 N/A 9.8 CRITICAL
Edoc-doctor-appointment-system v1.0.1 was discovered to contain a SQL injection vulnerability via the id parameter at /patient/booking.php.
CVE-2022-36543 1 Edoc-doctor-appointment-system Project 1 Edoc-doctor-appointment-system 2024-11-21 N/A 9.8 CRITICAL
Edoc-doctor-appointment-system v1.0.1 was discovered to contain a SQL injection vulnerability via the id parameter at /patient/doctors.php.
CVE-2022-36529 1 Kensite Cms Project 1 Kensite Cms 2024-11-21 N/A 8.8 HIGH
Kensite CMS v1.0 was discovered to contain multiple SQL injection vulnerabilities via the name and oldname parameters at /framework/mod/db/DBMapper.xml.
CVE-2022-36394 1 Contest-gallery 1 Contest Gallery 2024-11-21 N/A 7.6 HIGH
Authenticated (author+) SQL Injection (SQLi) vulnerability in Contest Gallery plugin <= 17.0.4 at WordPress.
CVE-2022-36276 1 Tcman 1 Gim 2024-11-21 N/A 9.9 CRITICAL
TCMAN GIM v8.0.1 is vulnerable to a SQL injection via the 'SqlWhere' parameter inside the function 'BuscarESM'. The exploitation of this vulnerability might allow a remote attacker to directly interact with the database.
CVE-2022-36272 1 Mingsoft 1 Mcms 2024-11-21 N/A 9.8 CRITICAL
Mingsoft MCMS 5.2.8 was discovered to contain a SQL injection vulnerability in /mdiy/page/verify URI via fieldName parameter.
CVE-2022-36259 1 Inventorymanagementsystem Project 1 Inventorymanagementsystem 2024-11-21 N/A 7.5 HIGH
A SQL injection vulnerability in ConnectionFactory.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as "username", "password", etc.