Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by CWE-89
Total 15274 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-29665 1 Chshcms 1 Cscms Music Portal System 2024-11-21 6.5 MEDIUM 7.2 HIGH
CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/news/admin/topic/save.
CVE-2022-29664 1 Chshcms 1 Cscms Music Portal System 2024-11-21 6.5 MEDIUM 8.8 HIGH
CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/type/pl_save.
CVE-2022-29663 1 Chshcms 1 Cscms Music Portal System 2024-11-21 6.5 MEDIUM 7.2 HIGH
CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/type/hy.
CVE-2022-29662 1 Chshcms 1 Cscms Music Portal System 2024-11-21 6.5 MEDIUM 7.2 HIGH
CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/news/admin/news/save.
CVE-2022-29661 1 Chshcms 1 Cscms Music Portal System 2024-11-21 6.5 MEDIUM 7.2 HIGH
CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/pic/admin/type/save.
CVE-2022-29660 1 Chshcms 1 Cscms Music Portal System 2024-11-21 7.5 HIGH 9.8 CRITICAL
CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/pic/del.
CVE-2022-29659 1 Responsive Online Blog Project 1 Responsive Online Blog 2024-11-21 7.5 HIGH 9.8 CRITICAL
Responsive Online Blog v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at single.php.
CVE-2022-29656 1 Wedding Management System Project 1 Wedding Management System 2024-11-21 7.5 HIGH 9.8 CRITICAL
Wedding Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /Wedding-Management/package_detail.php.
CVE-2022-29652 1 Online Sports Complex Booking System Project 1 Online Sports Complex Booking System 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/classes/Users.php?f=save_client.
CVE-2022-29650 1 Online Food Ordering System Project 1 Online Food Ordering System 2024-11-21 7.5 HIGH 9.8 CRITICAL
Online Food Ordering System v1.0 was discovered to contain a SQL injection vulnerability via the Search parameter at /online-food-order/food-search.php.
CVE-2022-29603 1 Universis 1 Universis-api 2024-11-21 5.5 MEDIUM 8.1 HIGH
A SQL Injection vulnerability exists in UniverSIS UniverSIS-API through 1.2.1 via the $select parameter to multiple API endpoints. A remote authenticated attacker could send crafted SQL statements to a vulnerable endpoint (such as /api/students/me/messages/) to, for example, retrieve personal information or change grades.
CVE-2022-29601 1 Oliverklee 1 Seminars 2024-11-21 7.5 HIGH 9.8 CRITICAL
The seminars (aka Seminar Manager) extension through 4.1.3 for TYPO3 allows SQL Injection.
CVE-2022-29600 1 Oliverklee 1 Oelib 2024-11-21 7.5 HIGH 9.8 CRITICAL
The oelib (aka One is Enough Library) extension through 4.1.5 for TYPO3 allows SQL Injection.
CVE-2022-29535 1 Zohocorp 1 Manageengine Opmanager 2024-11-21 7.5 HIGH 9.8 CRITICAL
Zoho ManageEngine OPManager through 125588 allows SQL Injection via a few default reports.
CVE-2022-29498 1 Blazer Project 1 Blazer 2024-11-21 4.3 MEDIUM 7.5 HIGH
Blazer before 2.6.0 allows SQL Injection. In certain circumstances, an attacker could get a user to run a query they would not have normally run.
CVE-2022-29419 1 3xsocializer Project 1 3xsocializer 2024-11-21 6.5 MEDIUM 6.0 MEDIUM
SQL Injection (SQLi) vulnerability in Don Crowther's 3xSocializer plugin <= 0.98.22 at WordPress possible for users with a low role like a subscriber or higher.
CVE-2022-29411 1 Hermit Project 1 Hermit 2024-11-21 7.5 HIGH 8.3 HIGH
SQL Injection (SQLi) vulnerability in Mufeng's Hermit ????? plugin <= 3.1.6 on WordPress allows attackers to execute SQLi attack via (&id).
CVE-2022-29410 1 Hermit Project 1 Hermit 2024-11-21 6.5 MEDIUM 7.4 HIGH
Authenticated SQL Injection (SQLi) vulnerability in Mufeng's Hermit ????? plugin <= 3.1.6 on WordPress allows attackers with Subscriber or higher user roles to execute SQLi attack via (&ids).
CVE-2022-29383 1 Netgear 2 Ssl312, Ssl312 Firmware 2024-11-21 7.5 HIGH 9.8 CRITICAL
NETGEAR ProSafe SSL VPN firmware FVS336Gv2 and FVS336Gv3 was discovered to contain a SQL injection vulnerability via USERDBDomains.Domainname at cgi-bin/platform.cgi.
CVE-2022-29317 1 Simple Bus Ticket Booking System Project 1 Simple Bus Ticket Booking System 2024-11-21 7.5 HIGH 9.8 CRITICAL
Simple Bus Ticket Booking System v1.0 was discovered to contain multiple SQL injection vulnerbilities via the username and password parameters at /assets/partials/_handleLogin.php.