Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

DATE CVE VULNERABILITY TITLE RISK
2022-09-15 CVE-2022-38594 SQL Injection vulnerability in Church Management System Project Church Management System 1.0
Church Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/edit_visitor.php.
network
low complexity
church-management-system-project CWE-89
7.2
7.2
2022-09-15 CVE-2022-38595 SQL Injection vulnerability in Church Management System Project Church Management System 1.0
Church Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/edit_user.php.
network
low complexity
church-management-system-project CWE-89
7.2
7.2
2022-09-14 CVE-2022-35946 SQL Injection vulnerability in Glpi-Project Glpi
GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing.
network
low complexity
glpi-project CWE-89
6.5
6.5
2022-09-14 CVE-2022-36669 SQL Injection vulnerability in Hospital Information System Project Hospital Information System 1.0
Hospital Information System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
network
low complexity
hospital-information-system-project CWE-89
critical
 9.8
9.8
2022-09-14 CVE-2022-37138 SQL Injection vulnerability in Razormist Loan Management System 1.0
Loan Management System 1.0 is vulnerable to SQL Injection at the login page, which allows unauthorized users to login as Administrator after injecting username form.
network
low complexity
razormist CWE-89
critical
 9.8
9.8
2022-09-13 CVE-2022-38771 SQL Injection vulnerability in Transtek Mojodat Fixed Asset Management 2.4.6
The mobile application in Transtek Mojodat FAM (Fixed Asset Management) 2.4.6 allows remote attackers to send SCRIPT tags as injected input to the API request.
network
low complexity
transtek CWE-89
critical
 9.8
9.8
2022-09-13 CVE-2022-38637 SQL Injection vulnerability in Hospital Management System Project Hospital Management System 1.0
Hospital Management System v1.0 was discovered to contain multiple SQL injection vulnerabilities via the Username and Password parameters on the Login page.
network
low complexity
hospital-management-system-project CWE-89
critical
 9.8
9.8
2022-09-13 CVE-2022-39817 SQL Injection vulnerability in Nokia 1350 Optical Management System 14.2
In NOKIA 1350 OMS R14.2, multiple SQL Injection vulnerabilities occurs.
network
low complexity
nokia CWE-89
8.8
8.8
2022-09-13 CVE-2022-38537 SQL Injection vulnerability in Archerydms Archery
Archery v1.4.5 to v1.8.5 was discovered to contain multiple SQL injection vulnerabilities via the start_file, end_file, start_time, and stop_time parameters in the binlog2sql interface.
network
low complexity
archerydms CWE-89
critical
 9.8
9.8
2022-09-13 CVE-2022-38538 SQL Injection vulnerability in Archerydms Archery
Archery v1.7.0 to v1.8.5 was discovered to contain a SQL injection vulnerability via the checksum parameter in the report module.
network
low complexity
archerydms CWE-89
critical
 9.8
9.8