Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

DATE CVE VULNERABILITY TITLE RISK
2022-04-29 CVE-2022-29904 SQL Injection vulnerability in Mediawiki
The SemanticDrilldown extension for MediaWiki through 1.37.2 (before e688bdba6434591b5dff689a45e4d53459954773) allows SQL injection with certain '-' and '_' constraints.
network
low complexity
mediawiki CWE-89
critical
 9.8
9.8
2022-04-28 CVE-2022-28060 SQL Injection vulnerability in Victor CMS Project Victor CMS 1.0
SQL Injection vulnerability in Victor CMS v1.0, via the user_name parameter to /includes/login.php.
network
low complexity
victor-cms-project CWE-89
7.5
7.5
2022-04-26 CVE-2022-28524 SQL Injection vulnerability in Ed01-Cms Project Ed01-Cms 20180505
ED01-CMS v20180505 was discovered to contain a SQL injection vulnerability via the component post.php.
network
low complexity
ed01-cms-project CWE-89
critical
 9.8
9.8
2022-04-26 CVE-2022-27299 SQL Injection vulnerability in Hospital Management System Project Hospital Management System 1.0
Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the component room.php.
network
low complexity
hospital-management-system-project CWE-89
critical
 9.8
9.8
2022-04-26 CVE-2022-27984 SQL Injection vulnerability in Cuppacms 1.0
CuppaCMS v1.0 was discovered to contain a SQL injection vulnerability via the menu_filter parameter at /administrator/templates/default/html/windows/right.php.
network
low complexity
cuppacms CWE-89
critical
 9.8
9.8
2022-04-26 CVE-2022-27985 SQL Injection vulnerability in Cuppacms 1.0
CuppaCMS v1.0 was discovered to contain a SQL injection vulnerability via /administrator/alerts/alertLightbox.php.
network
low complexity
cuppacms CWE-89
critical
 9.8
9.8
2022-04-25 CVE-2022-0693 SQL Injection vulnerability in Devbunch Master Elements
The Master Elements WordPress plugin through 8.0 does not validate and escape the meta_ids parameter of its remove_post_meta_condition AJAX action (available to both unauthenticated and authenticated users) before using it in a SQL statement, leading to an unauthenticated SQL Injection
network
low complexity
devbunch CWE-89
critical
 9.8
9.8
2022-04-25 CVE-2022-29603 SQL Injection vulnerability in Universis Universis-Api
A SQL Injection vulnerability exists in UniverSIS UniverSIS-API through 1.2.1 via the $select parameter to multiple API endpoints.
network
low complexity
universis CWE-89
8.1
8.1
2022-04-22 CVE-2022-27341 SQL Injection vulnerability in Jfinalcms Project Jfinalcms 2.0
JFinalCMS v2.0 was discovered to contain a SQL injection vulnerability via the Article Management function.
network
low complexity
jfinalcms-project CWE-89
critical
 9.8
9.8
2022-04-22 CVE-2022-27342 SQL Injection vulnerability in Link-Admin Project Link-Admin 0.0.1
Link-Admin v0.0.1 was discovered to contain a SQL injection vulnerability via DictRest.ResponseResult().
network
low complexity
link-admin-project CWE-89
critical
 9.8
9.8