Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

DATE CVE VULNERABILITY TITLE RISK
2022-09-12 CVE-2022-38610 SQL Injection vulnerability in Garage Management System Project Garage Management System 1.0
Garage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /garage/editclient.php.
network
low complexity
garage-management-system-project CWE-89
7.2
7.2
2022-09-12 CVE-2022-36255 SQL Injection vulnerability in Inventorymanagementsystem Project Inventorymanagementsystem 1.0
A SQL injection vulnerability in SupplierDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as "searchTxt".
network
low complexity
inventorymanagementsystem-project CWE-89
7.5
7.5
2022-09-12 CVE-2022-36256 SQL Injection vulnerability in Inventorymanagementsystem Project Inventorymanagementsystem 1.0
A SQL injection vulnerability in Stocks.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as "productcode".
network
low complexity
inventorymanagementsystem-project CWE-89
7.5
7.5
2022-09-12 CVE-2022-36257 SQL Injection vulnerability in Inventorymanagementsystem Project Inventorymanagementsystem 1.0
A SQL injection vulnerability in UserDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as "users", "pass", etc.
network
low complexity
inventorymanagementsystem-project CWE-89
7.5
7.5
2022-09-12 CVE-2022-36258 SQL Injection vulnerability in Inventorymanagementsystem Project Inventorymanagementsystem 1.0
A SQL injection vulnerability in CustomerDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as "searchTxt".
network
low complexity
inventorymanagementsystem-project CWE-89
7.5
7.5
2022-09-12 CVE-2022-36259 SQL Injection vulnerability in Inventorymanagementsystem Project Inventorymanagementsystem 1.0
A SQL injection vulnerability in ConnectionFactory.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as "username", "password", etc.
network
low complexity
inventorymanagementsystem-project CWE-89
7.5
7.5
2022-09-12 CVE-2022-37794 SQL Injection vulnerability in Library Management System Project Library Management System 1.0
In Library Management System 1.0 the /card/in-card.php file id_no parameters are vulnerable to SQL injection.
network
low complexity
library-management-system-project CWE-89
critical
 9.8
9.8
2022-09-09 CVE-2021-44835 SQL Injection vulnerability in Aivhub Active Intelligence Visualization 5.0
An issue was discovered in Active Intelligent Visualization 5.
network
low complexity
aivhub CWE-89
critical
 9.8
9.8
2022-09-09 CVE-2022-38615 SQL Injection vulnerability in Bpcbt Smartvista Front-End 2.2.22
SmartVista SVFE2 v2.2.22 was discovered to contain multiple SQL injection vulnerabilities via the UserForm:j_id88, UserForm:j_id90, and UserForm:j_id92 parameters at /SVFE2/pages/feegroups/service_group.jsf.
network
low complexity
bpcbt CWE-89
8.8
8.8
2022-09-09 CVE-2022-38272 SQL Injection vulnerability in Jflyfox Jfinal CMS 5.1.0
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/article/list.
network
low complexity
jflyfox CWE-89
7.2
7.2