Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by CWE-89
Total 15270 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-25607 1 Foliovision 1 Fv Flowplayer Video Player 2024-11-21 6.5 MEDIUM 6.6 MEDIUM
Authenticated (author or higher user role) SQL Injection (SQLi) vulnerability discovered in FV Flowplayer Video Player WordPress plugin (versions <= 7.5.15.727).
CVE-2022-25517 1 Baomidou 1 Mybatis-plus 2024-11-21 7.5 HIGH 9.8 CRITICAL
MyBatis plus v3.4.3 was discovered to contain a SQL injection vulnerability via the Column parameter in /core/conditions/AbstractWrapper.java. NOTE: the vendor's position is that the reported execution of a SQL statement was intended behavior.
CVE-2022-25506 1 Freetakserver-ui Project 1 Freetakserver-ui 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
FreeTAKServer-UI v1.9.8 was discovered to contain a SQL injection vulnerability via the API endpoint /AuthenticateUser.
CVE-2022-25505 1 Taogogo 1 Taocms 2024-11-21 7.5 HIGH 9.8 CRITICAL
Taocms v3.0.2 was discovered to contain a SQL injection vulnerability via the id parameter in \include\Model\Category.php.
CVE-2022-25494 1 Online Banking System Project 1 Online Banking System 2024-11-21 7.5 HIGH 9.8 CRITICAL
Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via staff_login.php.
CVE-2022-25492 1 Hospital Management System Project 1 Hospital Management System 2024-11-21 7.5 HIGH 9.8 CRITICAL
HMS v1.0 was discovered to contain a SQL injection vulnerability via the medicineid parameter in ajaxmedicine.php.
CVE-2022-25491 1 Hospital Management System Project 1 Hospital Management System 2024-11-21 7.5 HIGH 7.5 HIGH
HMS v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in appointment.php.
CVE-2022-25490 1 Hospital Management System Project 1 Hospital Management System 2024-11-21 7.5 HIGH 9.8 CRITICAL
HMS v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in department.php.
CVE-2022-25488 1 Thedigitalcraft 1 Atomcms 2024-11-21 7.5 HIGH 9.8 CRITICAL
Atom CMS v2.0 was discovered to contain a SQL injection vulnerability via the id parameter in /admin/ajax/avatar.php.
CVE-2022-25406 1 Tongda2000 1 Tongda2000 2024-11-21 7.5 HIGH 9.8 CRITICAL
Tongda2000 v11.10 was discovered to contain a SQL injection vulnerability in delete_query.php via the DELETE_STR parameter.
CVE-2022-25405 1 Tongda2000 1 Tongda2000 2024-11-21 7.5 HIGH 9.8 CRITICAL
Tongda2000 v11.10 was discovered to contain a SQL injection vulnerability in change_box.php via the DELETE_STR parameter.
CVE-2022-25404 1 Tongda2000 1 Tongda2000 2024-11-21 7.5 HIGH 9.8 CRITICAL
Tongda2000 v11.10 was discovered to contain a SQL injection vulnerability in delete.php via the DELETE_STR parameter.
CVE-2022-25403 1 Hospital Management System Project 1 Hospital Management System 2024-11-21 7.5 HIGH 9.8 CRITICAL
HMS v1.0 was discovered to contain a SQL injection vulnerability via the component admin.php.
CVE-2022-25399 1 Simple Real Estate Portal System Project 1 Simple Real Estate Portal System 2024-11-21 7.5 HIGH 9.8 CRITICAL
Simple Real Estate Portal System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter.
CVE-2022-25398 1 Auto Spare Parts Management Project 1 Auto Spare Parts Management 2024-11-21 7.5 HIGH 9.8 CRITICAL
Auto Spare Parts Management v1.0 was discovered to contain a SQL injection vulnerability via the user parameter.
CVE-2022-25396 1 Cosmetics And Beauty Product Online Store Project 1 Cosmetics And Beauty Product Online Store 2024-11-21 7.5 HIGH 9.8 CRITICAL
Cosmetics and Beauty Product Online Store v1.0 was discovered to contain a SQL injection vulnerability via the search parameter.
CVE-2022-25394 1 Medical Store Management System Project 1 Medical Store Management System 2024-11-21 10.0 HIGH 9.8 CRITICAL
Medical Store Management System v1.0 was discovered to contain a SQL injection vulnerability via the cid parameter under customer-add.php.
CVE-2022-25393 1 Simple Bakery Shop Management Project 1 Simple Bakery Shop Management 2024-11-21 5.0 MEDIUM 7.5 HIGH
Simple Bakery Shop Management v1.0 was discovered to contain a SQL injection vulnerability via the username parameter.
CVE-2022-25322 1 Zerof 1 Web Server 2024-11-21 7.5 HIGH 9.8 CRITICAL
ZEROF Web Server 2.0 allows /HandleEvent SQL Injection.
CVE-2022-25228 1 Auieo 1 Candidats 2024-11-21 N/A 6.5 MEDIUM
CandidATS Version 3.0.0 Beta allows an authenticated user to inject SQL queries in '/index.php?m=settings&a=show' via the 'userID' parameter, in '/index.php?m=candidates&a=show' via the 'candidateID', in '/index.php?m=joborders&a=show' via the 'jobOrderID' and '/index.php?m=companies&a=show' via the 'companyID' parameter