Vulnerabilities (CVE)

Filtered by CWE-89
Total 14524 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-26171 1 Bank Management System Project 1 Bank Management System 2024-11-21 7.5 HIGH 9.8 CRITICAL
Bank Management System v1.o was discovered to contain a SQL injection vulnerability via the email parameter.
CVE-2022-26170 1 Simple Mobile Comparison Website Project 1 Simple Mobile Comparison Website 2024-11-21 7.5 HIGH 9.8 CRITICAL
Simple Mobile Comparison Website v1.0 was discovered to contain a SQL injection vulnerability via the search parameter.
CVE-2022-26169 1 Air Cargo Management System Project 1 Air Cargo Management System 2024-11-21 7.5 HIGH 9.8 CRITICAL
Air Cargo Management System v1.0 was discovered to contain a SQL injection vulnerability via the ref_code parameter.
CVE-2022-26120 1 Fortinet 1 Fortiadc 2024-11-21 N/A 5.4 MEDIUM
Multiple improper neutralization of special elements used in an SQL Command ('SQL Injection') vulnerabilities [CWE-89] in FortiADC management interface 7.0.0 through 7.0.1, 5.0.0 through 6.2.2 may allow an authenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests.
CVE-2022-26116 1 Fortinet 1 Fortinac 2024-11-21 6.5 MEDIUM 7.2 HIGH
Multiple improper neutralization of special elements used in SQL commands ('SQL Injection') vulnerability [CWE-89] in FortiNAC version 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below, 8.7.6 and below, 8.8.11 and below, 9.1.5 and below, 9.2.2 and below may allow an authenticated attacker to execute unauthorized code or commands via specifically crafted strings parameters.
CVE-2022-26069 1 Deltaww 1 Diaenergie 2024-11-21 10.0 HIGH 9.8 CRITICAL
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in HandlerPage_KID.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
CVE-2022-26065 1 Deltaww 1 Diaenergie 2024-11-21 10.0 HIGH 9.8 CRITICAL
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in GetLatestDemandNode. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
CVE-2022-26059 1 Deltaww 1 Diaenergie 2024-11-21 10.0 HIGH 9.8 CRITICAL
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in GetQueryData. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
CVE-2022-26013 1 Deltaww 1 Diaenergie 2024-11-21 10.0 HIGH 9.8 CRITICAL
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in DIAE_dmdsetHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
CVE-2022-25980 1 Deltaww 1 Diaenergie 2024-11-21 10.0 HIGH 9.8 CRITICAL
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in HandlerCommon.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
CVE-2022-25880 1 Deltaww 1 Diaenergie 2024-11-21 10.0 HIGH 9.8 CRITICAL
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in HandlerTag_KID.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
CVE-2022-25811 1 Transposh 1 Transposh Wordpress Translation 2024-11-21 N/A 7.2 HIGH
The Transposh WordPress Translation WordPress plugin through 1.0.8 does not sanitise and escape the order and orderby parameters before using them in a SQL statement, leading to a SQL injection
CVE-2022-25607 1 Foliovision 1 Fv Flowplayer Video Player 2024-11-21 6.5 MEDIUM 6.6 MEDIUM
Authenticated (author or higher user role) SQL Injection (SQLi) vulnerability discovered in FV Flowplayer Video Player WordPress plugin (versions <= 7.5.15.727).
CVE-2022-25517 1 Baomidou 1 Mybatis-plus 2024-11-21 7.5 HIGH 9.8 CRITICAL
MyBatis plus v3.4.3 was discovered to contain a SQL injection vulnerability via the Column parameter in /core/conditions/AbstractWrapper.java. NOTE: the vendor's position is that the reported execution of a SQL statement was intended behavior.
CVE-2022-25506 1 Freetakserver-ui Project 1 Freetakserver-ui 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
FreeTAKServer-UI v1.9.8 was discovered to contain a SQL injection vulnerability via the API endpoint /AuthenticateUser.
CVE-2022-25505 1 Taogogo 1 Taocms 2024-11-21 7.5 HIGH 9.8 CRITICAL
Taocms v3.0.2 was discovered to contain a SQL injection vulnerability via the id parameter in \include\Model\Category.php.
CVE-2022-25494 1 Online Banking System Project 1 Online Banking System 2024-11-21 7.5 HIGH 9.8 CRITICAL
Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via staff_login.php.
CVE-2022-25492 1 Hospital Management System Project 1 Hospital Management System 2024-11-21 7.5 HIGH 9.8 CRITICAL
HMS v1.0 was discovered to contain a SQL injection vulnerability via the medicineid parameter in ajaxmedicine.php.
CVE-2022-25491 1 Hospital Management System Project 1 Hospital Management System 2024-11-21 7.5 HIGH 7.5 HIGH
HMS v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in appointment.php.
CVE-2022-25490 1 Hospital Management System Project 1 Hospital Management System 2024-11-21 7.5 HIGH 9.8 CRITICAL
HMS v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in department.php.