CWE-89 CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (18079 CVEs found)

Export CSV

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2022-24226	1 Phpgurukul	1 Hospital Management System	2024-11-21	7.5 High
Hospital Management System v4.0 was discovered to contain a blind SQL injection vulnerability via the register function in func2.php.
CVE-2022-24223	1 Thedigitalcraft	1 Atomcms	2024-11-21	9.8 Critical
AtomCMS v2.0 was discovered to contain a SQL injection vulnerability via /admin/login.php.
CVE-2022-24222	1 Elitecms	1 Elite Cms	2024-11-21	9.8 Critical
eliteCMS v1.0 was discovered to contain a SQL injection vulnerability via /admin/edit_user.php.
CVE-2022-24221	1 Elitecms	1 Elite Cms	2024-11-21	9.8 Critical
eliteCMS v1.0 was discovered to contain a SQL injection vulnerability via /admin/functions/functions.php.
CVE-2022-24220	1 Elitecms	1 Elite Cms	2024-11-21	9.8 Critical
eliteCMS v1.0 was discovered to contain a SQL injection vulnerability via /admin/edit_post.php.
CVE-2022-24219	1 Elitecms	1 Elite Cms	2024-11-21	9.8 Critical
eliteCMS v1.0 was discovered to contain a SQL injection vulnerability via /admin/edit_page.php.
CVE-2022-24206	1 Tongda2000	1 Tongda Office Anywhere	2024-11-21	9.8 Critical
Tongda2000 v11.10 was discovered to contain a SQL injection vulnerability in /mobile_seal/get_seal.php via the DEVICE_LIST parameter.
CVE-2022-24124	1 Casbin	1 Casdoor	2024-11-21	7.5 High
The query API in Casdoor before 1.13.1 has a SQL injection vulnerability related to the field and value parameters, as demonstrated by api/get-organizations.
CVE-2022-24121	2 Centos, Unifiedoffice	2 Centos, Total Connect Now	2024-11-21	7.5 High
SQL Injection vulnerability discovered in Unified Office Total Connect Now that would allow an attacker to extract sensitive information through a cookie parameter.
CVE-2022-23986	1 Phpuploader Project	1 Phpuploader	2024-11-21	7.5 High
SQL injection vulnerability in the phpUploader v1.2 and earlier allows a remote unauthenticated attacker to obtain the information in the database via unspecified vectors.
CVE-2022-23972	1 Asus	2 Rt-ax56u, Rt-ax56u Firmware	2024-11-21	8.8 High
ASUS RT-AX56U’s SQL handling function has an SQL injection vulnerability due to insufficient user input validation. An unauthenticated LAN attacker to inject arbitrary SQL code to read, modify and delete database.
CVE-2022-23911	1 Accesspressthemes	1 Ap Custom Testimonial	2024-11-21	7.2 High
The Testimonial WordPress Plugin WordPress plugin before 1.4.7 does not validate and escape the id parameter before using it in a SQL statement when retrieving a testimonial to edit, leading to a SQL Injection
CVE-2022-23902	1 Tongda2000	1 Tongda Office Anywhere	2024-11-21	9.8 Critical
Tongda2000 v11.10 was discovered to contain a SQL injection vulnerability in export_data.php via the d_name parameter.
CVE-2022-23899	1 Mingsoft	1 Mcms	2024-11-21	9.8 Critical
MCMS v5.2.5 was discovered to contain a SQL injection vulnerability via search.do in the file /web/MCmsAction.java.
CVE-2022-23898	1 Mingsoft	1 Mcms	2024-11-21	9.8 Critical
MCMS v5.2.5 was discovered to contain a SQL injection vulnerability via the categoryId parameter in the file IContentDao.xml.
CVE-2022-23882	1 Tuzicms	1 Tuzicms	2024-11-21	9.8 Critical
TuziCMS 2.0.6 is affected by SQL injection in \App\Manage\Controller\BannerController.class.php.
CVE-2022-23873	1 Victor Cms Project	1 Victor Cms	2024-11-21	8.8 High
Victor CMS v1.0 was discovered to contain a SQL injection vulnerability that allows attackers to inject arbitrary commands via 'user_firstname' parameter.
CVE-2022-23865	1 Wecul	1 Nyron	2024-11-21	9.8 Critical
Nyron 1.0 is affected by a SQL injection vulnerability through Nyron/Library/Catalog/winlibsrch.aspx. To exploit this vulnerability, an attacker must inject '"> on the thes1 parameter.
CVE-2022-23857	1 Navidrome	1 Navidrome	2024-11-21	6.5 Medium
model/criteria/criteria.go in Navidrome before 0.47.5 is vulnerable to SQL injection attacks when processing crafted Smart Playlists. An authenticated user could abuse this to extract arbitrary data from the database, including the user table (which contains sensitive information such as the users' encrypted passwords).
CVE-2022-23387	1 Taocms	1 Taocms	2024-11-21	7.5 High
An issue was discovered in taocms 3.0.2. This is a SQL blind injection that can obtain database data through the Comment Update field.

« first previous Page 741 of 904. next last »