Vulnerabilities (CVE)

Filtered by CWE-89
Total 15409 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-24265 1 Cuppacms 1 Cuppacms 2024-11-21 7.8 HIGH 7.5 HIGH
Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability in /administrator/components/menu/ via the path=component/menu/&menu_filter=3 parameter.
CVE-2022-24264 1 Cuppacms 1 Cuppacms 2024-11-21 7.8 HIGH 7.5 HIGH
Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability in /administrator/components/table_manager/ via the search_word parameter.
CVE-2022-24263 1 Phpgurukul 1 Hospital Management System 2024-11-21 7.5 HIGH 9.8 CRITICAL
Hospital Management System v4.0 was discovered to contain a SQL injection vulnerability in /Hospital-Management-System-master/func.php via the email parameter.
CVE-2022-24260 1 Voipmonitor 1 Voipmonitor 2024-11-21 10.0 HIGH 9.8 CRITICAL
A SQL injection vulnerability in Voipmonitor GUI before v24.96 allows attackers to escalate privileges to the Administrator level.
CVE-2022-24240 1 Aceware 1 Aceweb Online Portal 2024-11-21 7.5 HIGH 9.8 CRITICAL
ACEweb Online Portal 3.5.065 was discovered to contain a SQL injection vulnerability via the criteria parameter in showschedule.awp.
CVE-2022-24231 1 Simple Student Information System Project 1 Simple Student Information System 2024-11-21 10.0 HIGH 9.8 CRITICAL
Simple Student Information System v1.0 was discovered to contain a SQL injection vulnerability via add/Student.
CVE-2022-24226 1 Phpgurukul 1 Hospital Management System 2024-11-21 5.0 MEDIUM 7.5 HIGH
Hospital Management System v4.0 was discovered to contain a blind SQL injection vulnerability via the register function in func2.php.
CVE-2022-24223 1 Thedigitalcraft 1 Atomcms 2024-11-21 7.5 HIGH 9.8 CRITICAL
AtomCMS v2.0 was discovered to contain a SQL injection vulnerability via /admin/login.php.
CVE-2022-24222 1 Elitecms 1 Elite Cms 2024-11-21 7.5 HIGH 9.8 CRITICAL
eliteCMS v1.0 was discovered to contain a SQL injection vulnerability via /admin/edit_user.php.
CVE-2022-24221 1 Elitecms 1 Elite Cms 2024-11-21 7.5 HIGH 9.8 CRITICAL
eliteCMS v1.0 was discovered to contain a SQL injection vulnerability via /admin/functions/functions.php.
CVE-2022-24220 1 Elitecms 1 Elite Cms 2024-11-21 7.5 HIGH 9.8 CRITICAL
eliteCMS v1.0 was discovered to contain a SQL injection vulnerability via /admin/edit_post.php.
CVE-2022-24219 1 Elitecms 1 Elite Cms 2024-11-21 7.5 HIGH 9.8 CRITICAL
eliteCMS v1.0 was discovered to contain a SQL injection vulnerability via /admin/edit_page.php.
CVE-2022-24206 1 Tongda2000 1 Tongda Office Anywhere 2024-11-21 7.5 HIGH 9.8 CRITICAL
Tongda2000 v11.10 was discovered to contain a SQL injection vulnerability in /mobile_seal/get_seal.php via the DEVICE_LIST parameter.
CVE-2022-24124 1 Casbin 1 Casdoor 2024-11-21 5.0 MEDIUM 7.5 HIGH
The query API in Casdoor before 1.13.1 has a SQL injection vulnerability related to the field and value parameters, as demonstrated by api/get-organizations.
CVE-2022-24121 2 Centos, Unifiedoffice 2 Centos, Total Connect Now 2024-11-21 5.0 MEDIUM 7.5 HIGH
SQL Injection vulnerability discovered in Unified Office Total Connect Now that would allow an attacker to extract sensitive information through a cookie parameter.
CVE-2022-23986 1 Phpuploader Project 1 Phpuploader 2024-11-21 5.0 MEDIUM 7.5 HIGH
SQL injection vulnerability in the phpUploader v1.2 and earlier allows a remote unauthenticated attacker to obtain the information in the database via unspecified vectors.
CVE-2022-23972 1 Asus 2 Rt-ax56u, Rt-ax56u Firmware 2024-11-21 5.8 MEDIUM 8.8 HIGH
ASUS RT-AX56U’s SQL handling function has an SQL injection vulnerability due to insufficient user input validation. An unauthenticated LAN attacker to inject arbitrary SQL code to read, modify and delete database.
CVE-2022-23911 1 Accesspressthemes 1 Ap Custom Testimonial 2024-11-21 6.5 MEDIUM 7.2 HIGH
The Testimonial WordPress Plugin WordPress plugin before 1.4.7 does not validate and escape the id parameter before using it in a SQL statement when retrieving a testimonial to edit, leading to a SQL Injection
CVE-2022-23902 1 Tongda2000 1 Tongda Office Anywhere 2024-11-21 7.5 HIGH 9.8 CRITICAL
Tongda2000 v11.10 was discovered to contain a SQL injection vulnerability in export_data.php via the d_name parameter.
CVE-2022-23899 1 Mingsoft 1 Mcms 2024-11-21 7.5 HIGH 9.8 CRITICAL
MCMS v5.2.5 was discovered to contain a SQL injection vulnerability via search.do in the file /web/MCmsAction.java.