Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

DATE CVE VULNERABILITY TITLE RISK
2022-08-18 CVE-2022-35598 SQL Injection vulnerability in Inventorymanagementsystem Project Inventorymanagementsystem 1.0
A SQL injection vulnerability in ConnectionFactoryDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via parameter username.
network
low complexity
inventorymanagementsystem-project CWE-89
critical
 9.8
9.8
2022-08-18 CVE-2022-35599 SQL Injection vulnerability in Inventorymanagementsystem Project Inventorymanagementsystem 1.0
A SQL injection vulnerability in Stocks.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via parameter productcode.
network
low complexity
inventorymanagementsystem-project CWE-89
critical
 9.8
9.8
2022-08-18 CVE-2022-35601 SQL Injection vulnerability in Inventorymanagementsystem Project Inventorymanagementsystem 1.0
A SQL injection vulnerability in SupplierDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via parameter searchTxt.
network
low complexity
inventorymanagementsystem-project CWE-89
critical
 9.8
9.8
2022-08-18 CVE-2022-35602 SQL Injection vulnerability in Inventorymanagementsystem Project Inventorymanagementsystem 1.0
A SQL injection vulnerability in UserDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via parameter user.
network
low complexity
inventorymanagementsystem-project CWE-89
critical
 9.8
9.8
2022-08-18 CVE-2022-35603 SQL Injection vulnerability in Inventorymanagementsystem Project Inventorymanagementsystem 1.0
A SQL injection vulnerability in CustomerDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via parameter searchTxt.
network
low complexity
inventorymanagementsystem-project CWE-89
critical
 9.8
9.8
2022-08-18 CVE-2022-35605 SQL Injection vulnerability in Inventorymanagementsystem Project Inventorymanagementsystem 1.0
A SQL injection vulnerability in UserDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as 'users', 'pass', etc.
network
low complexity
inventorymanagementsystem-project CWE-89
critical
 9.8
9.8
2022-08-18 CVE-2022-35606 SQL Injection vulnerability in Inventorymanagementsystem Project Inventorymanagementsystem 1.0
A SQL injection vulnerability in CustomerDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameter 'customerCode.'
network
low complexity
inventorymanagementsystem-project CWE-89
critical
 9.8
9.8
2022-08-17 CVE-2022-35148 SQL Injection vulnerability in Maccms 10.0
maccms10 v2021.1000.1081 to v2022.1000.3031 was discovered to contain a SQL injection vulnerability via the table parameter at database/columns.html.
network
low complexity
maccms CWE-89
6.5
6.5
2022-08-17 CVE-2022-35121 SQL Injection vulnerability in Xxyopen Novel-Plus 3.6.1
Novel-Plus v3.6.1 was discovered to contain a SQL injection vulnerability via the keyword parameter at /service/impl/BookServiceImpl.java.
network
low complexity
xxyopen CWE-89
critical
 9.8
9.8
2022-08-16 CVE-2021-39085 SQL Injection vulnerability in IBM Sterling B2B Integrator
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5, 6.1.0.0 through 6.1.0.4, and 6.1.1.0 through 6.1.1.1 is vulnerable to SQL injection.
network
low complexity
ibm CWE-89
critical
 9.8
9.8