Critical
CVE-2022-36242
Clinic's Patient Management System v1.0 is vulnerable to SQL Injection via /pms/update_medicine.php?id=.
Tag: SQL Injection
All CVEs associated with "SQL Injection". Page 92/175 • 20887 CVEs.
Subscribe CVEs: RSS for “SQL Injection” · RSS (High+Critical only)
About “SQL Injection”
A curated feed of “SQL Injection”-related CVEs appears below. We currently track 20887 CVEs for this tag (all time). In the last 365 days, 4048 were published. Average CVSS is 7.7 (all time; 7.3 over 365d), and 76% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'), CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'), CWE-20 - Improper Input Validation.
In our taxonomy this topic maps to a HIGH impact class. Common exploitation patterns for this weakness can lead to high. Use the filters to triage high risk first and validate exposure in your environment. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2022-08-16
Critical
CVE-2022-36599
Mingsoft MCMS 5.2.8 was discovered to contain a SQL injection vulnerability in /mdiy/model/delete URI via models Lists.
Critical
CVE-2022-36272
Mingsoft MCMS 5.2.8 was discovered to contain a SQL injection vulnerability in /mdiy/page/verify URI via fieldName parameter.
2022-08-15
High
CVE-2022-2812
A vulnerability classified as critical was found in SourceCodester Guest Management System. This vulnerability affects unknown code of the file index.php. The manipulation of the argument username/pa…
2022-08-12
Critical
CVE-2022-35942
Improper input validation on the `contains` LoopBack filter may allow for arbitrary SQL injection. When the extended filter property `contains` is permitted to be interpreted by the Postgres connecto…
Medium
CVE-2022-35956
This Rails gem adds two methods to the ActiveRecord::Base class that allow you to update many records on a single database hit, using a case sql statement for it. Before version 0.1.3 `update_by_case…
Medium
CVE-2022-2803
A vulnerability was found in SourceCodester Zoo Management System and classified as critical. This issue affects some unknown processing of the file /pages/animals.php. The manipulation of the argume…
High
CVE-2022-2802
A vulnerability has been found in SourceCodester Gas Agency Management System and classified as critical. This vulnerability affects unknown code of the file gasmark/login.php. The manipulation of th…
Medium
CVE-2022-2801
A vulnerability, which was classified as critical, was found in SourceCodester Automated Beer Parlour Billing System. This affects an unknown part of the component Login. The manipulation of the argu…
Medium
CVE-2022-2797
A vulnerability classified as critical was found in SourceCodester Student Information System. Affected by this vulnerability is an unknown functionality of the file /admin/students/view_student.php.…
2022-08-11
Medium
CVE-2022-2774
A vulnerability was found in SourceCodester Library Management System. It has been declared as critical. This vulnerability affects unknown code of the file librarian/student.php. The manipulation of…
Medium
CVE-2022-2772
A vulnerability was found in SourceCodester Apartment Visitor Management System and classified as critical. Affected by this issue is some unknown functionality of the file action-visitor.php. The ma…
Medium
CVE-2022-2771
A vulnerability has been found in SourceCodester Simple Online Book Store System and classified as critical. Affected by this vulnerability is an unknown functionality of the file /obs/bookPerPub.php…
Medium
CVE-2022-2770
A vulnerability, which was classified as critical, was found in SourceCodester Simple Online Book Store System. Affected is an unknown function of the file /obs/book.php. The manipulation of the argu…
High
CVE-2022-2766
A vulnerability was found in SourceCodester Loan Management System. It has been rated as critical. Affected by this issue is some unknown functionality of the file /index.php. The manipulation of the…
Medium
CVE-2022-2747
A vulnerability was found in SourceCodester Simple Online Book Store and classified as critical. This issue affects some unknown processing of the file book.php. The manipulation of the argument book…
Medium
CVE-2022-2745
A vulnerability, which was classified as critical, was found in SourceCodester Gym Management System. This affects an unknown part of the file /admin/add_trainers.php of the component Add New Trainer…
2022-08-10
Critical
CVE-2022-36750
Clinic's Patient Management System v1.0 is vulnerable to SQL injection via /pms/update_user.php?id=.
2022-08-09
Medium
CVE-2022-2728
A vulnerability was found in SourceCodester Gym Management System. It has been rated as critical. Affected by this issue is some unknown functionality of the file /mygym/admin/index.php. The manipula…
Medium
CVE-2022-2727
A vulnerability was found in SourceCodester Gym Management System. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /mygym/admin/login.php. The…
Medium
CVE-2022-2726
A vulnerability classified as critical has been found in SEMCMS. This affects an unknown part of the file Ant_Check.php. The manipulation of the argument DID leads to sql injection. It is possible to…
Medium
CVE-2022-2724
A vulnerability was found in SourceCodester Employee Management System. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /process/aprocess.php.…
Medium
CVE-2022-2723
A vulnerability was found in SourceCodester Employee Management System. It has been classified as critical. Affected is an unknown function of the file /process/eprocess.php. The manipulation of the…
Medium
CVE-2022-2722
A vulnerability was found in SourceCodester Simple Student Information System and classified as critical. This issue affects some unknown processing of the file manage_course.php. The manipulation of…
Medium
CVE-2022-2715
A vulnerability has been found in SourceCodester Employee Management System and classified as critical. This vulnerability affects unknown code of the file eloginwel.php. The manipulation of the argu…
2022-08-08
Critical
CVE-2022-2460
The WPDating WordPress plugin before 7.4.0 does not properly escape user input before concatenating it to certain SQL queries, leading to multiple SQL injection vulnerabilities exploitable by unauthe…
Critical
CVE-2022-2269
The Website File Changes Monitor WordPress plugin before 1.8.3 does not sanitise and escape user input before using it in a SQL statement via an action available to users with the manage_options capa…
Medium
CVE-2022-2708
A vulnerability, which was classified as critical, was found in SourceCodester Gym Management System. This affects an unknown part of the file login.php. The manipulation of the argument user_login w…
Medium
CVE-2022-2707
A vulnerability classified as critical was found in SourceCodester Online Class and Exam Scheduling System 1.0. Affected by this vulnerability is an unknown functionality of the file /pages/faculty_s…
Medium
CVE-2022-2706
A vulnerability classified as critical has been found in SourceCodester Online Class and Exam Scheduling System 1.0. Affected is an unknown function of the file /pages/class_sched.php. The manipulati…
Medium
CVE-2022-2705
A vulnerability was found in SourceCodester Simple Student Information System. It has been rated as critical. This issue affects some unknown processing of the file admin/departments/manage_departmen…
Medium
CVE-2022-2703
A vulnerability was found in SourceCodester Gym Management System. It has been classified as critical. This affects an unknown part of the component Exercises Module. The manipulation of the argument…
Medium
CVE-2022-2700
A vulnerability classified as critical has been found in SourceCodester Gym Management System. This affects an unknown part of the component GET Parameter Handler. The manipulation of the argument da…
Medium
CVE-2022-2699
A vulnerability was found in SourceCodester Simple E-Learning System. It has been rated as critical. Affected by this issue is some unknown functionality of the file /claire_blake. The manipulation o…
Medium
CVE-2022-2698
A vulnerability was found in SourceCodester Simple E-Learning System. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file search.php. The manipula…
Medium
CVE-2022-2697
A vulnerability was found in SourceCodester Simple E-Learning System. It has been classified as critical. Affected is an unknown function of the file comment_frame.php. The manipulation of the argume…
2022-08-06
Medium
CVE-2022-2693
A vulnerability has been found in SourceCodester Electronic Medical Records System and classified as critical. This vulnerability affects unknown code of the file register.php of the component UPDATE…
Medium
CVE-2022-2688
A vulnerability was found in SourceCodester Expense Management System. It has been rated as critical. This issue affects the function fetch_report_credit of the file report.php of the component POST…
Medium
CVE-2022-2687
A vulnerability, which was classified as critical, was found in SourceCodester Gym Management System. Affected is an unknown function. The manipulation of the argument user_pass leads to sql injectio…
2022-08-05
Medium
CVE-2022-2680
A vulnerability classified as critical has been found in SourceCodester Church Management System 1.0. Affected is an unknown function of the file /login.php. The manipulation of the argument username…
Medium
CVE-2022-2679
A vulnerability was found in SourceCodester Interview Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /viewReport.php. The manipulation of…
Medium
CVE-2022-2677
A vulnerability was found in SourceCodester Apartment Visitor Management System 1.0. It has been classified as critical. This affects an unknown part of the file index.php. The manipulation of the ar…
Medium
CVE-2022-2676
A vulnerability was found in SourceCodester Electronic Medical Records System and classified as critical. Affected by this issue is some unknown functionality of the component POST Request Handler. T…
Medium
CVE-2022-36839
SQL injection vulnerability via IAPService in Samsung Checkout prior to version 5.0.53.1 allows attackers to access IAP information.
High
CVE-2022-2674
A vulnerability was found in SourceCodester Best Fee Management System. It has been rated as critical. Affected by this issue is the function login of the file admin_class.php. The manipulation of th…
Medium
CVE-2022-2673
A vulnerability was found in Rigatur Online Booking and Hotel Management System aff6409. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file login…
Medium
CVE-2022-2672
A vulnerability was found in SourceCodester Garage Management System. It has been classified as critical. Affected is an unknown function of the file createUser.php. The manipulation of the argument…
Medium
CVE-2022-2671
A vulnerability was found in SourceCodester Garage Management System and classified as critical. This issue affects some unknown processing of the file removeUser.php. The manipulation of the argumen…
Medium
CVE-2022-2667
A vulnerability was found in SourceCodester Loan Management System and classified as critical. This issue affects some unknown processing of the file delete_lplan.php. The manipulation of the argumen…
Medium
CVE-2022-2665
A vulnerability classified as critical was found in SourceCodester Simple E-Learning System. Affected by this vulnerability is an unknown functionality of the file classroom.php. The manipulation of…
2022-08-04
Medium
CVE-2022-2656
A vulnerability classified as critical has been found in SourceCodester Multi Language Hotel Management Software. Affected is an unknown function. The manipulation of the argument email leads to sql…
Medium
CVE-2022-2648
A vulnerability was found in SourceCodester Multi Language Hotel Management Software. It has been rated as critical. This issue affects some unknown processing. The manipulation of the argument room_…
Medium
CVE-2022-2644
A vulnerability was found in SourceCodester Online Admission System and classified as critical. This issue affects some unknown processing of the component GET Parameter Handler. The manipulation of…
Medium
CVE-2022-2643
A vulnerability has been found in SourceCodester Online Admission System and classified as critical. This vulnerability affects unknown code of the component POST Parameter Handler. The manipulation…
2022-08-03
High
CVE-2022-31197
PostgreSQL JDBC Driver (PgJDBC for short) allows Java programs to connect to a PostgreSQL database using standard, database independent Java code. The PGJDBC implementation of the `java.sql.ResultRow…
High
CVE-2022-34928
JFinal CMS v5.1.0 was discovered to contain a SQL injection vulnerability via /system/user.
2022-08-02
Critical
CVE-2022-29807
A SQL injection vulnerability exists within Quest KACE Systems Management Appliance (SMA) through 12.0 that can allow for remote code execution via download_agent_installer.php.
Critical
CVE-2022-35422
Web Based Quiz System v1.0 was discovered to contain a SQL injection vulnerability via the qid parameter at update.php.
High
CVE-2022-35421
Online Tours And Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the pname parameter at /admin/operations/packages.php.
Critical
CVE-2022-34956
Pligg CMS v2.0.2 was discovered to contain a time-based SQL injection vulnerability via the page_size parameter at load_data_for_groups.php.
Critical
CVE-2022-34955
Pligg CMS v2.0.2 was discovered to contain a time-based SQL injection vulnerability via the page_size parameter at load_data_for_topusers.php.
Critical
CVE-2022-34954
Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at invoiceprint.php.
Critical
CVE-2022-34953
Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the startDate parameter at getOrderReport.php.
Critical
CVE-2022-34952
Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at edituser.php.
Critical
CVE-2022-34951
Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the startDate parameter at getsalereport.php.
Critical
CVE-2022-34950
Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at editproduct.php.
Critical
CVE-2022-34949
Pharmacy Management System v1.0 was discovered to contain multiple SQL injection vulnerabilities via the email or password parameter at login.php.
Critical
CVE-2022-34948
Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at editbrand.php.
Critical
CVE-2022-34947
Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at editcategory.php.
Critical
CVE-2022-34946
Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the startDate parameter at getexpproduct.php.
Critical
CVE-2022-34945
Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the startDate parameter at getproductreport.php.
2022-08-01
Critical
CVE-2022-31181
PrestaShop is an Open Source e-commerce platform. In versions from 1.6.0.10 and before 1.7.8.7 PrestaShop is subject to an SQL injection vulnerability which can be chained to call PHP's Eval function…
Critical
CVE-2022-1950
The Youzify WordPress plugin before 1.2.0 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to an unauthentica…
2022-07-29
Critical
CVE-2022-22280
Improper Neutralization of Special Elements used in an SQL Command leading to Unauthenticated SQL Injection vulnerability, impacting SonicWall GMS 9.3.1-SP2-Hotfix1, Analytics On-Prem 2.5.0.3-2520 an…
Medium
CVE-2022-2577
A vulnerability classified as critical was found in SourceCodester Garage Management System 1.0. This vulnerability affects unknown code of the file /edituser.php. The manipulation of the argument id…
Critical
CVE-2022-1277
Inavitas Solar Log product has an unauthenticated SQL Injection vulnerability.
2022-07-28
High
CVE-2022-34557
Barangay Management System v1.0 was discovered to contain a SQL injection vulnerability via the hidden_id parameter at /pages/permit/permit.php.
High
CVE-2022-27613
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in webapi component in Synology CardDAV Server before 6.0.10-0153 allows remote authenticated users…
2022-07-26
Critical
CVE-2022-36161
Orange Station 1.0 was discovered to contain a SQL injection vulnerability via the username parameter.
Critical
CVE-2022-34989
Fruits Bazar v1.0 was discovered to contain a SQL injection vulnerability via the recover_email parameter at user_password_recover.php.
High
CVE-2022-34067
Warehouse Management System v1.0 was discovered to contain a SQL injection vulnerability via the cari parameter.
High
CVE-2022-31879
Online Fire Reporting System 1.0 is vulnerable to SQL Injection via the date parameter.
2022-07-25
Critical
CVE-2022-33965
Multiple Unauthenticated SQL Injection (SQLi) vulnerabilities in Osamaesh WP Visitor Statistics plugin <= 5.7 at WordPress.
High
CVE-2022-29709
CommuniLink Internet Limited CLink Office v2.0 was discovered to contain multiple SQL injection vulnerabilities via the username and password parameters.
2022-07-22
High
CVE-2022-34114
Dataease v1.11.1 was discovered to contain a SQL injection vulnerability via the parameter dataSourceId.
High
CVE-2022-33960
Multiple Authenticated (subscriber or higher user role) SQL Injection (SQLi) vulnerabilities in Social Share Buttons by Supsystic plugin <= 2.2.3 at WordPress.
Critical
CVE-2022-30998
Multiple Authenticated (subscriber or higher user role) SQL Injection (SQLi) vulnerabilities in WooPlugins.co's Homepage Product Organizer for WooCommerce plugin <= 1.1 at WordPress.
Medium
CVE-2017-20143
A vulnerability, which was classified as critical, has been found in Itech Movie Portal Script 7.36. This issue affects some unknown processing of the file /film-rating.php. The manipulation of the a…
Medium
CVE-2017-20142
A vulnerability classified as critical was found in Itech Movie Portal Script 7.36. This vulnerability affects unknown code of the file /artist-display.php. The manipulation of the argument act leads…
Medium
CVE-2017-20141
A vulnerability classified as critical has been found in Itech Movie Portal Script 7.36. This affects an unknown part of the file /movie.php. The manipulation of the argument f leads to sql injection…
Medium
CVE-2017-20139
A vulnerability was found in Itech Movie Portal Script 7.36. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /show_news.php. The manipulation…
High
CVE-2022-2142
The affected product is vulnerable to a SQL injection with high attack complexity, which may allow an unauthorized attacker to disclose information.
2022-07-20
High
CVE-2022-34590
Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in /HMS/admin.php.
High
CVE-2022-34588
itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via the grade parameter at /school/view/timetable_insert_form.php.
High
CVE-2022-34586
itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via the grade parameter at /school/view/student_grade_wise.php.
High
CVE-2022-34042
Barangay Management System v1.0 was discovered to contain a SQL injection vulnerability via the hidden_id parameter at /pages/household/household.php.
Medium
CVE-2022-2492
A vulnerability was found in SourceCodester Library Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /index.php. The manipulation of the argume…
Medium
CVE-2022-2491
A vulnerability has been found in SourceCodester Library Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file lab.php. The manipulation of the argumen…
Medium
CVE-2022-2490
A vulnerability classified as critical has been found in SourceCodester Simple E-Learning System 1.0. Affected is an unknown function of the file search.php. The manipulation of the argument classCod…
Medium
CVE-2022-2489
A vulnerability was found in SourceCodester Simple E-Learning System 1.0. It has been rated as critical. This issue affects some unknown processing of the file classRoom.php. The manipulation of the…
2022-07-19
Critical
CVE-2022-34023
Barangay Management System v1.0 was discovered to contain a SQL injection vulnerability via the hidden_id parameter at /officials/officials.php.
Medium
CVE-2022-2468
A vulnerability was found in SourceCodester Garage Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /editbrand.php. The manipulation of the arg…
High
CVE-2022-2467
A vulnerability has been found in SourceCodester Garage Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /login.php. The manipulation of the argum…
2022-07-18
Medium
CVE-2022-26120
Multiple improper neutralization of special elements used in an SQL Command ('SQL Injection') vulnerabilities [CWE-89] in FortiADC management interface 7.0.0 through 7.0.1, 5.0.0 through 6.2.2 may al…
High
CVE-2022-24691
An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. A SQL Injection vulnerability allows authenticated users to taint database data and extract sensitive information via crafted HTTP req…
High
CVE-2022-24690
An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. A PresAbs.php SQL Injection vulnerability allows unauthenticated users to taint database data and extract sensitive information via cr…
High
CVE-2022-24688
An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. The Touch settings allow unrestricted file upload (and consequently Remote Code Execution) via PDF upload with PHP content and a .php…
Critical
CVE-2022-27434
UNIT4 TETA Mobile Edition (ME) before 29.5.HF17 was discovered to contain a SQL injection vulnerability via the ProfileName parameter in the errorReporting page.
2022-07-16
Medium
CVE-2017-20138
A vulnerability was found in Itech Auction Script 6.49. It has been classified as critical. This affects an unknown part of the file /mcategory.php. The manipulation of the argument mcid with the inp…
Medium
CVE-2017-20137
A vulnerability was found in Itech B2B Script 4.28. It has been rated as critical. This issue affects some unknown processing of the file /catcompany.php. The manipulation of the argument token with…
Medium
CVE-2017-20136
A vulnerability classified as critical has been found in Itech Classifieds Script 7.27. Affected is an unknown function of the file /subpage.php. The manipulation of the argument scat with the input…
Medium
CVE-2017-20135
A vulnerability classified as critical was found in Itech Dating Script 3.26. Affected by this vulnerability is an unknown functionality of the file /see_more_details.php. The manipulation of the arg…
Medium
CVE-2017-20134
A vulnerability, which was classified as critical, has been found in Itech Freelancer Script 5.13. Affected by this issue is some unknown functionality of the file /category.php. The manipulation of…
Medium
CVE-2017-20132
A vulnerability was found in Itech Multi Vendor Script 6.49 and classified as critical. This issue affects some unknown processing of the file /multi-vendor-shopping-script/product-list.php. The mani…
Medium
CVE-2017-20131
A vulnerability was found in Itech News Portal 6.28. It has been classified as critical. Affected is an unknown function of the file /news-portal-script/information.php. The manipulation of the argum…
Medium
CVE-2017-20130
A vulnerability was found in Itech Real Estate Script 3.12. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /real-estate-script/search_propert…
2022-07-14
High
CVE-2022-32416
Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/classes/Master.php?f=delete_product.
High
CVE-2022-32415
Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/?p=products/view_product&id=.
High
CVE-2022-32297
Piwigo v12.2.0 was discovered to contain SQL injection vulnerability via the Search function.
Critical
CVE-2022-30113
Electronic mall system 1.0_build20200203 is affected vulnerable to SQL Injection.