A SQL injection issue in the web API in TrueConf Server 5.2.0.10225 allows remote unauthenticated attackers to execute arbitrary SQL commands, ultimately leading to remote code execution.
Max CVSS
9.8
EPSS Score
0.62%
Published
2022-12-27
Updated
2023-04-26
A SQL injection issue in a database stored function in TrueConf Server 5.2.0.10225 allows a low-privileged database user to execute arbitrary SQL commands as the database administrator, resulting in execution of arbitrary code.
Max CVSS
8.8
EPSS Score
0.21%
Published
2022-12-27
Updated
2023-04-26
mesinkasir Bangresto 1.0 is vulnberable to SQL Injection via the itemqty%5B%5D parameter.
Max CVSS
8.8
EPSS Score
5.01%
Published
2022-12-14
Updated
2023-02-13
dedecms <=V5.7.102 is vulnerable to SQL Injection. In sys_ sql_ n query.php there are no restrictions on the sql query.
Max CVSS
9.8
EPSS Score
0.16%
Published
2022-12-27
Updated
2023-01-06
Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/classes/Master.php?f=delete_product.
Max CVSS
7.2
EPSS Score
0.07%
Published
2022-12-14
Updated
2022-12-16
Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/admin/brands/manage_brand.php?id=.
Max CVSS
7.2
EPSS Score
0.07%
Published
2022-12-14
Updated
2022-12-16
Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/admin/?page=client/manage_client&id=.
Max CVSS
7.2
EPSS Score
0.07%
Published
2022-12-14
Updated
2022-12-16
Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/admin/?page=user/manage_user&id=.
Max CVSS
7.2
EPSS Score
0.07%
Published
2022-12-14
Updated
2022-12-16
Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/admin/categories/manage_category.php?id=.
Max CVSS
7.2
EPSS Score
0.07%
Published
2022-12-14
Updated
2022-12-16
Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/admin/categories/view_category.php?id=.
Max CVSS
7.2
EPSS Score
0.07%
Published
2022-12-14
Updated
2022-12-16
Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/admin/?page=products/manage_product&id=.
Max CVSS
7.2
EPSS Score
0.07%
Published
2022-12-14
Updated
2022-12-16
Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/admin/?page=products/view_product&id=.
Max CVSS
7.2
EPSS Score
0.07%
Published
2022-12-14
Updated
2022-12-16
Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/?page=categories&c=.
Max CVSS
7.2
EPSS Score
0.07%
Published
2022-12-14
Updated
2022-12-16
Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/?page=product_per_brand&bid=.
Max CVSS
7.2
EPSS Score
0.07%
Published
2022-12-14
Updated
2022-12-16
Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/?page=view_product&id=.
Max CVSS
7.2
EPSS Score
0.07%
Published
2022-12-14
Updated
2022-12-16
Helmet Store Showroom v1.0 vulnerable to unauthenticated SQL Injection.
Max CVSS
9.8
EPSS Score
0.17%
Published
2022-12-14
Updated
2023-01-30
There is SQL Injection vulnerability at Helmet Store Showroom v1.0 Login Page. This vulnerability can be exploited to bypass admin access.
Max CVSS
9.8
EPSS Score
1.30%
Published
2022-12-14
Updated
2023-01-30
The approve parameter from the AeroCMS-v0.0.1 CMS system is vulnerable to SQL injection attacks.
Max CVSS
7.2
EPSS Score
0.07%
Published
2022-12-13
Updated
2022-12-15
AeroCMS v0.0.1 is vulnerable to SQL Injection via the delete parameter.
Max CVSS
4.9
EPSS Score
0.07%
Published
2022-12-13
Updated
2022-12-15
A SQL injection issue was discovered in AAA in OpenDaylight (ODL) before 0.16.5. The aaa-idm-store-h2/src/main/java/org/opendaylight/aaa/datastore/h2/RoleStore.java deleteRole function is affected when the API interface /auth/v1/roles/ is used.
Max CVSS
7.5
EPSS Score
0.06%
Published
2022-11-27
Updated
2022-11-30
A SQL injection issue was discovered in AAA in OpenDaylight (ODL) before 0.16.5. The aaa-idm-store-h2/src/main/java/org/opendaylight/aaa/datastore/h2/UserStore.java deleteUser function is affected when the API interface /auth/v1/users/ is used.
Max CVSS
7.5
EPSS Score
0.05%
Published
2022-11-27
Updated
2022-11-30
A SQL injection issue was discovered in AAA in OpenDaylight (ODL) before 0.16.5. The aaa-idm-store-h2/src/main/java/org/opendaylight/aaa/datastore/h2/DomainStore.java deleteDomain function is affected for the /auth/v1/domains/ API interface.
Max CVSS
7.5
EPSS Score
0.06%
Published
2022-11-27
Updated
2022-11-30
Planet eStream before 6.72.10.07 allows a remote attacker (who is a publisher or admin) to obtain access to all records stored in the database, and achieve the ability to execute arbitrary SQL commands, via Search (the StatisticsResults.aspx flt parameter).
Max CVSS
7.2
EPSS Score
0.21%
Published
2022-12-25
Updated
2023-01-04
Unauth. SQL Injection (SQLi) vulnerability in Advanced Booking Calendar plugin <= 1.7.1 on WordPress.
Max CVSS
10.0
EPSS Score
0.12%
Published
2022-12-05
Updated
2022-12-06
AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the id parameter at \admin\post_comments.php. This vulnerability allows attackers to access database information.
Max CVSS
4.9
EPSS Score
0.08%
Published
2022-11-22
Updated
2022-11-23
1790 vulnerabilities found
1 2 3 4 5 6 ...... 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!