Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

DATE CVE VULNERABILITY TITLE RISK
2022-08-19 CVE-2022-36605 SQL Injection vulnerability in Yimihome Ywoa 6.1
Yimioa v6.1 was discovered to contain a SQL injection vulnerability via the orderbyGET parameter.
network
low complexity
yimihome CWE-89
critical
 9.8
9.8
2022-08-19 CVE-2022-36606 SQL Injection vulnerability in Yimihome Ywoa
Ywoa before v6.1 was discovered to contain a SQL injection vulnerability via /oa/setup/checkPool?database.
network
low complexity
yimihome CWE-89
critical
 9.8
9.8
2022-08-18 CVE-2022-25228 SQL Injection vulnerability in Auieo Candidats 3.0.0
CandidATS Version 3.0.0 Beta allows an authenticated user to inject SQL queries in '/index.php?m=settings&a=show' via the 'userID' parameter, in '/index.php?m=candidates&a=show' via the 'candidateID', in '/index.php?m=joborders&a=show' via the 'jobOrderID' and '/index.php?m=companies&a=show' via the 'companyID' parameter
network
low complexity
auieo CWE-89
6.5
6.5
2022-08-18 CVE-2022-36722 SQL Injection vulnerability in Library Management System Project Library Management System 1.0
Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the title parameter at /librarian/history.php.
network
low complexity
library-management-system-project CWE-89
critical
 9.8
9.8
2022-08-18 CVE-2022-36725 SQL Injection vulnerability in Library Management System Project Library Management System 1.0
Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the M_Id parameter at /student/dele.php.
network
low complexity
library-management-system-project CWE-89
critical
 9.8
9.8
2022-08-18 CVE-2022-36727 SQL Injection vulnerability in Library Management System Project Library Management System 1.0
Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the bookId parameter at /staff/delete.php.
network
low complexity
library-management-system-project CWE-89
critical
 9.8
9.8
2022-08-18 CVE-2022-36728 SQL Injection vulnerability in Library Management System Project Library Management System 1.0
Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the RollNo parameter at /staff/delstu.php.
network
low complexity
library-management-system-project CWE-89
critical
 9.8
9.8
2022-08-18 CVE-2022-36729 SQL Injection vulnerability in Library Management System Project Library Management System 1.0
Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the M_Id parameter at /librarian/del.php.
network
low complexity
library-management-system-project CWE-89
critical
 9.8
9.8
2022-08-18 CVE-2022-35175 SQL Injection vulnerability in Barangay Management System Project Barangay Management System 1.0
Barangay Management System v1.0 was discovered to contain a SQL injection vulnerability via the hidden_id parameter at /blotter/blotter.php.
network
low complexity
barangay-management-system-project CWE-89
critical
 9.8
9.8
2022-08-18 CVE-2022-35154 SQL Injection vulnerability in Shopro Mall System 1.3.8
Shopro Mall System v1.3.8 was discovered to contain a SQL injection vulnerability via the value parameter.
network
low complexity
shopro CWE-89
critical
 9.8
9.8