Vulnerabilities (CVE)

Filtered by CWE-89
Total 14524 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-42074 1 Online Diagnostic Lab Management System Project 1 Online Diagnostic Lab Management System 2024-11-21 N/A 7.2 HIGH
Online Diagnostic Lab Management System v1.0 is vulnerable to SQL Injection via /diagnostic/editcategory.php?id=.
CVE-2022-42073 1 Online Diagnostic Lab Management System Project 1 Online Diagnostic Lab Management System 2024-11-21 N/A 7.2 HIGH
Online Diagnostic Lab Management System v1.0 is vulnerable to SQL Injection via /diagnostic/editclient.php?id=.
CVE-2022-42064 1 Online Diagnostic Lab Management System Project 1 Online Diagnostic Lab Management System 2024-11-21 N/A 9.8 CRITICAL
Online Diagnostic Lab Management System version 1.0 remote exploit that bypasses login with SQL injection and then uploads a shell.
CVE-2022-42021 1 Best Student Result Management System Project 1 Best Student Result Management System 2024-11-21 N/A 9.8 CRITICAL
Best Student Result Management System v1.0 is vulnerable to SQL Injection via /upresult/upresult/notice-details.php?nid=.
CVE-2022-41892 1 Archesproject 1 Arches 2024-11-21 N/A 8.6 HIGH
Arches is a web platform for creating, managing, & visualizing geospatial data. Versions prior to 6.1.2, 6.2.1, and 7.1.2 are vulnerable to SQL Injection. With a carefully crafted web request, it's possible to execute certain unwanted sql statements against the database. This issue is fixed in version 7.12, 6.2.1, and 6.1.2. Users are recommended to upgrade as soon as possible. There are no workarounds.
CVE-2022-41775 1 Deltaww 1 Diaenergie 2024-11-21 N/A 8.8 HIGH
SQL Injection in Handler_CFG.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network
CVE-2022-41773 1 Deltaww 1 Diaenergie 2024-11-21 N/A 8.8 HIGH
The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in CheckDIACloud. A low-privileged authenticated attacker could exploit this issue to inject arbitrary SQL queries.
CVE-2022-41731 2 Ibm, Redhat 2 Watson Knowledge Catalog On Cloud Pak For Data, Openshift 2024-11-21 N/A 8.6 HIGH
IBM Watson Knowledge Catalog on Cloud Pak for Data 4.5.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 237402.
CVE-2022-41680 1 Formalms 1 Formalms 2024-11-21 N/A 7.6 HIGH
Forma LMS on its 3.1.0 version and earlier is vulnerable to a SQL injection vulnerability. The exploitation of this vulnerability could allow an authenticated attacker (with the role of student) to perform a SQL injection on the 'search[value] parameter in the appLms/ajax.server.php?r=mycertificate/getMyCertificates' function in order to dump the entire database.
CVE-2022-41671 1 Schneider-electric 2 Ecostruxure Operator Terminal Expert, Pro-face Blue 2024-11-21 N/A 7.0 HIGH
A CWE-89: Improper Neutralization of Special Elements used in SQL Command (‘SQL Injection’) vulnerability exists that allows adversaries with local user privileges to craft a malicious SQL query and execute as part of project migration which could result in execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1 or prior), Pro-face BLUE(V3.3 Hotfix1 or prior).
CVE-2022-41570 1 Eyesofnetwork 1 Eyesofnetwork 2024-11-21 N/A 9.8 CRITICAL
An issue was discovered in EyesOfNetwork (EON) through 5.3.11. Unauthenticated SQL injection can occur.
CVE-2022-41551 1 Garage Management System Project 1 Garage Management System 2024-11-21 N/A 7.2 HIGH
Garage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /garage/editorder.php.
CVE-2022-41536 1 Open Source Sacco Management System Project 1 Open Source Sacco Management System 2024-11-21 N/A 7.2 HIGH
Open Source SACCO Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /sacco_shield/manage_user.php.
CVE-2022-41535 1 Open Source Sacco Management System Project 1 Open Source Sacco Management System 2024-11-21 N/A 7.2 HIGH
Open Source SACCO Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /sacco_shield/manage_borrower.php.
CVE-2022-41532 1 Open Source Sacco Management System Project 1 Open Source Sacco Management System 2024-11-21 N/A 7.2 HIGH
Open Source SACCO Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /sacco_shield/ajax.php?action=delete_plan.
CVE-2022-41530 1 Open Source Sacco Management System Project 1 Open Source Sacco Management System 2024-11-21 N/A 7.2 HIGH
Open Source SACCO Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /sacco_shield/ajax.php?action=delete_borrower.
CVE-2022-41515 1 Open Source Sacco Management System Project 1 Open Source Sacco Management System 2024-11-21 N/A 7.2 HIGH
Open Source SACCO Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /sacco_shield/ajax.php?action=delete_payment.
CVE-2022-41514 1 Open Source Sacco Management System Project 1 Open Source Sacco Management System 2024-11-21 N/A 7.2 HIGH
Open Source SACCO Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /sacco_shield/ajax.php?action=delete_loan.
CVE-2022-41513 1 Online Diagnostic Lab Management System Project 1 Online Diagnostic Lab Management System 2024-11-21 N/A 7.2 HIGH
Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /diagnostic/edittest.php.
CVE-2022-41498 1 Billing System Project 1 Billing System 2024-11-21 N/A 7.2 HIGH
Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /phpinventory/editbrand.php.