Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

DATE CVE VULNERABILITY TITLE RISK
2022-05-15 CVE-2022-28929 SQL Injection vulnerability in Hospital Management System Project Hospital Management System 1.0
Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the delid parameter at viewtreatmentrecord.php.
network
low complexity
hospital-management-system-project CWE-89
critical
 9.8
9.8
2022-05-15 CVE-2021-41965 SQL Injection vulnerability in Churchcrm
A SQL injection vulnerability exists in ChurchCRM version 2.0.0 to 4.4.5 that allows an authenticated attacker to issue an arbitrary SQL command to the database through the unsanitized EN_tyid, theID and EID fields used when an Edit action on an existing record is being performed.
network
low complexity
churchcrm CWE-89
8.8
8.8
2022-05-14 CVE-2022-24831 SQL Injection vulnerability in Openclinica 3.14
OpenClinica is an open source software for Electronic Data Capture (EDC) and Clinical Data Management (CDM).
network
low complexity
openclinica CWE-89
critical
 9.8
9.8
2022-05-13 CVE-2022-30384 SQL Injection vulnerability in Merchandise Online Store Project Merchandise Online Store 1.0
Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_inventory.
network
low complexity
merchandise-online-store-project CWE-89
critical
 9.8
9.8
2022-05-13 CVE-2022-30385 SQL Injection vulnerability in Merchandise Online Store Project Merchandise Online Store 1.0
Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_order.
network
low complexity
merchandise-online-store-project CWE-89
critical
 9.8
9.8
2022-05-13 CVE-2022-30386 SQL Injection vulnerability in Merchandise Online Store Project Merchandise Online Store 1.0
Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_featured.
network
low complexity
merchandise-online-store-project CWE-89
critical
 9.8
9.8
2022-05-13 CVE-2022-30387 SQL Injection vulnerability in Merchandise Online Store Project Merchandise Online Store 1.0
Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=pay_order.
network
low complexity
merchandise-online-store-project CWE-89
critical
 9.8
9.8
2022-05-13 CVE-2022-30391 SQL Injection vulnerability in Merchandise Online Store Project Merchandise Online Store 1.0
Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_category.
network
low complexity
merchandise-online-store-project CWE-89
critical
 9.8
9.8
2022-05-13 CVE-2022-30392 SQL Injection vulnerability in Merchandise Online Store Project Merchandise Online Store 1.0
Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_sub_category.
network
low complexity
merchandise-online-store-project CWE-89
critical
 9.8
9.8
2022-05-13 CVE-2022-30393 SQL Injection vulnerability in Merchandise Online Store Project Merchandise Online Store 1.0
Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/admin/?page=product/manage_product&id=.
network
low complexity
merchandise-online-store-project CWE-89
7.2
7.2