Vulnerabilities (CVE)

Filtered by CWE-89
Total 14524 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-34114 1 Dataease Project 1 Dataease 2024-11-21 N/A 8.8 HIGH
Dataease v1.11.1 was discovered to contain a SQL injection vulnerability via the parameter dataSourceId.
CVE-2022-34042 1 Barangay Management System Project 1 Barangay Management System 2024-11-21 N/A 7.2 HIGH
Barangay Management System v1.0 was discovered to contain a SQL injection vulnerability via the hidden_id parameter at /pages/household/household.php.
CVE-2022-34023 1 Barangay Management System Project 1 Barangay Management System 2024-11-21 N/A 9.8 CRITICAL
Barangay Management System v1.0 was discovered to contain a SQL injection vulnerability via the hidden_id parameter at /officials/officials.php.
CVE-2022-34022 1 Resiot 1 Iot Platform And Lorawan Network Server 2024-11-21 N/A 7.2 HIGH
SQL injection vulnerability in ResIOT IOT Platform + LoRaWAN Network Server through 4.1.1000114 via a crafted POST request to /ResiotQueryDBActive.
CVE-2022-33965 1 Plugins-market 1 Wp Visitor Statistics 2024-11-21 N/A 9.3 CRITICAL
Multiple Unauthenticated SQL Injection (SQLi) vulnerabilities in Osamaesh WP Visitor Statistics plugin <= 5.7 at WordPress.
CVE-2022-33960 1 Supsystic 1 Social Share Buttons 2024-11-21 N/A 8.5 HIGH
Multiple Authenticated (subscriber or higher user role) SQL Injection (SQLi) vulnerabilities in Social Share Buttons by Supsystic plugin <= 2.2.3 at WordPress.
CVE-2022-33880 1 Hospital Management System Mini-project Project 1 Hospital Management System Mini-project 2024-11-21 N/A 9.8 CRITICAL
hms-staff.php in Projectworlds Hospital Management System Mini-Project through 2018-06-17 allows SQL injection via the type parameter.
CVE-2022-33875 1 Fortinet 1 Fortiadc 2024-11-21 N/A 5.4 MEDIUM
An improper neutralization of special elements used in an SQL Command ('SQL Injection') vulnerability in Fortinet FortiADC version 7.1.0, version 7.0.0 through 7.0.2 and version 6.2.4 and below allows an authenticatedĀ attacker to execute unauthorized code or commands via specifically crafted HTTP requests.
CVE-2022-33171 1 Typeorm 1 Typeorm 2024-11-21 7.5 HIGH 9.8 CRITICAL
The findOne function in TypeORM before 0.3.0 can either be supplied with a string or a FindOneOptions object. When input to the function is a user-controlled parsed JSON object, supplying a crafted FindOneOptions instead of an id string leads to SQL injection. NOTE: the vendor's position is that the user's application is responsible for input validation
CVE-2022-33149 1 Wwbn 1 Avideo 2024-11-21 N/A 8.8 HIGH
A sql injection vulnerability exists in the ObjectYPT functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability.This vulnerability exists in the CloneSite plugin, allowing an attacker to inject SQL by manipulating the url parameter.
CVE-2022-33148 1 Wwbn 1 Avideo 2024-11-21 N/A 8.8 HIGH
A sql injection vulnerability exists in the ObjectYPT functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability.This vulnerability exists in the Live Schedules plugin, allowing an attacker to inject SQL by manipulating the title parameter.
CVE-2022-33147 1 Wwbn 1 Avideo 2024-11-21 N/A 8.8 HIGH
A sql injection vulnerability exists in the ObjectYPT functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability.This vulnerability exists in the aVideoEncoder functionality which can be used to add new videos, allowing an attacker to inject SQL by manipulating the videoDownloadedLink or duration parameter.
CVE-2022-33128 1 Ruijienetworks 2 Rg-eg350, Rg-eg350 Firmware 2024-11-21 6.4 MEDIUM 9.1 CRITICAL
RG-EG series gateway EG350 EG_RGOS 11.1(6) was discovered to contain a SQL injection vulnerability via the function get_alarmAction at /alarm_pi/alarmService.php.
CVE-2022-33114 1 Jflyfox 1 Jfinal Cms 2024-11-21 6.5 MEDIUM 7.2 HIGH
Jfinal CMS v5.1.0 was discovered to contain a SQL injection vulnerability via the attrVal parameter at /jfinal_cms/system/dict/list.
CVE-2022-33097 1 74cms 1 74cmsse 2024-11-21 5.0 MEDIUM 7.5 HIGH
74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability via the keyword parameter at /home/campus/campus_job.
CVE-2022-33096 1 74cms 1 74cmsse 2024-11-21 5.0 MEDIUM 7.5 HIGH
74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability via the keyword parameter at /home/resume/index.
CVE-2022-33095 1 74cms 1 74cmsse 2024-11-21 5.0 MEDIUM 7.5 HIGH
74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability via the keyword parameter at /home/jobfairol/resumelist.
CVE-2022-33094 1 74cms 1 74cmsse 2024-11-21 5.0 MEDIUM 7.5 HIGH
74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability via the keyword parameter at /home/job/map.
CVE-2022-33093 1 74cms 1 74cmsse 2024-11-21 5.0 MEDIUM 7.5 HIGH
74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability via the key parameter at /freelance/resume_list.
CVE-2022-33092 1 74cms 1 74cmsse 2024-11-21 5.0 MEDIUM 7.5 HIGH
74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability via the keyword parameter at /home/job/index.