Vulnerabilities (CVE)

Filtered by CWE-89
Total 7495 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-29535 1 Zohocorp 1 Manageengine Opmanager 2022-05-17 7.5 HIGH 9.8 CRITICAL
Zoho ManageEngine OPManager through 125588 allows SQL Injection via a few default reports.
CVE-2022-0814 1 Ubigeo De Peru Para Woocommerce Project 1 Ubigeo De Peru Para Woocommerce 2022-05-17 7.5 HIGH 9.8 CRITICAL
The Ubigeo de Perú para Woocommerce WordPress plugin before 3.6.4 does not properly sanitise and escape some parameters before using them in SQL statements via various AJAX actions, some of which are available to unauthenticated users, leading to SQL Injections
CVE-2022-1013 1 Ays-pro 1 Personal Dictionary 2022-05-17 7.5 HIGH 9.8 CRITICAL
The Personal Dictionary WordPress plugin before 1.3.4 fails to properly sanitize user supplied POST data before it is being interpolated in an SQL statement and then executed, leading to a blind SQL injection vulnerability.
CVE-2022-0948 1 Pluginbazaar 1 Order Listener For Woocommerce 2022-05-17 7.5 HIGH 9.8 CRITICAL
The Order Listener for WooCommerce WordPress plugin before 3.2.2 does not sanitise and escape the id parameter before using it in a SQL statement via a REST route available to unauthenticated users, leading to an SQL injection
CVE-2022-24844 2 Gin-vue-admin Project, Postgresql 2 Gin-vue-admin, Postgresql 2022-05-16 6.5 MEDIUM 8.8 HIGH
Gin-vue-admin is a backstage management system based on vue and gin, which separates the front and rear of the full stack. The problem occurs in the following code in server/service/system/sys_auto_code_pgsql.go, which means that PostgreSQL must be used as the database for this vulnerability to occur. Users must: Require JWT login? and be using PostgreSQL to be affected. This issue has been resolved in version 2.5.1. There are no known workarounds.
CVE-2022-29410 1 Hermit Project 1 Hermit 2022-05-16 6.5 MEDIUM 8.8 HIGH
Authenticated SQL Injection (SQLi) vulnerability in Mufeng's Hermit ????? plugin <= 3.1.6 on WordPress allows attackers with Subscriber or higher user roles to execute SQLi attack via (&ids).
CVE-2022-29411 1 Hermit Project 1 Hermit 2022-05-16 7.5 HIGH 9.8 CRITICAL
SQL Injection (SQLi) vulnerability in Mufeng's Hermit ????? plugin <= 3.1.6 on WordPress allows attackers to execute SQLi attack via (&id).
CVE-2021-41080 1 Zohocorp 1 Manageengine Network Configuration Manager 2022-05-16 7.5 HIGH 9.8 CRITICAL
Zoho ManageEngine Network Configuration Manager before ??125465 is vulnerable to SQL Injection in a hardware details search.
CVE-2021-41081 1 Zohocorp 1 Manageengine Network Configuration Manager 2022-05-16 7.5 HIGH 9.8 CRITICAL
Zoho ManageEngine Network Configuration Manager before ??125465 is vulnerable to SQL Injection in a configuration search.
CVE-2021-24390 1 Alipay Project 1 Alipay 2022-05-16 6.5 MEDIUM 7.2 HIGH
A proid GET parameter of the WordPress支付�Alipay|财付通Tenpay|��PayPal集��件 WordPress plugin through 3.7.2 is not sanitised, properly escaped or validated before inserting to a SQL statement not delimited by quotes, leading to SQL injection.
CVE-2021-29350 1 Shipment 100-design Material Download System Project 1 Shipment 100-design Material Download System 2022-05-16 6.5 MEDIUM 7.2 HIGH
SQL injection in the getip function in conn/function.php in ??100-???????? 1.1 allows remote attackers to inject arbitrary SQL commands via the X-Forwarded-For header to admin/product_add.php.
CVE-2022-0592 1 Mapsvg 1 Mapsvg 2022-05-16 7.5 HIGH 9.8 CRITICAL
The MapSVG WordPress plugin before 6.2.20 does not validate and escape a parameter via a REST endpoint before using it in a SQL statement, leading to a SQL Injection exploitable by unauthenticated users.
CVE-2022-0783 1 Themehigh 1 Multiple Shipping Addresses For Woocommerce 2022-05-16 7.5 HIGH 9.8 CRITICAL
The Multiple Shipping Address Woocommerce WordPress plugin before 2.0 does not properly sanitise and escape numerous parameters before using them in SQL statements via some AJAX actions available to unauthenticated users, leading to unauthenticated SQL injections
CVE-2022-0867 2022-05-16 N/A N/A
The Pricing Table WordPress plugin before 3.6.1 fails to properly sanitize and escape user supplied POST data before it is being interpolated in an SQL statement and then executed via an AJAX action available to unauthenticated users
CVE-2022-1182 2022-05-16 N/A N/A
The Visual Slide Box Builder WordPress plugin through 3.2.9 does not sanitise and escape various parameters before using them in SQL statements via some of its AJAX actions available to any authenticated users (such as subscriber), leading to SQL Injections
CVE-2022-0826 1 Wp-video-gallery-free Project 1 Wp-video-gallery-free 2022-05-16 7.5 HIGH 9.8 CRITICAL
The WP Video Gallery WordPress plugin through 1.7.1 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action, leading to an SQL Injection exploitable by unauthenticated users
CVE-2022-0836 1 Semadatacoop 1 Sema Api 2022-05-16 7.5 HIGH 9.8 CRITICAL
The SEMA API WordPress plugin through 3.64 does not properly sanitise and escape some parameters before using them in SQL statements via an AJAX action, leading to SQL Injections exploitable by unauthenticated users
CVE-2022-0817 1 Badgeos 1 Badgeos 2022-05-16 7.5 HIGH 9.8 CRITICAL
The BadgeOS WordPress plugin through 3.7.0 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action, leading to an SQL Injection exploitable by unauthenticated users
CVE-2022-28163 1 Broadcom 1 Sannav 2022-05-13 7.5 HIGH 9.8 CRITICAL
In Brocade SANnav before Brocade SANnav 2.2.0, multiple endpoints associated with Zone management are susceptible to SQL injection, allowing an attacker to run arbitrary SQL commands.
CVE-2020-19217 1 Piwigo 1 Piwigo 2022-05-13 6.5 MEDIUM 8.8 HIGH
SQL Injection vulnerability in admin/batch_manager.php in piwigo v2.9.5, via the filter_category parameter to admin.php?page=batch_manager.