Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2006-5738

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-06 Nov, 2006 | 18:00
Updated At-03 Apr, 2025 | 15:23
Rejected At-
Credits

Multiple SQL injection vulnerabilities in PunBB before 1.2.14 allow remote authenticated administrators to execute arbitrary SQL commands via unspecified vectors.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:06 Nov, 2006 | 18:00
Updated At:03 Apr, 2025 | 15:23
Rejected At:
▼CVE Numbering Authority (CNA)

Multiple SQL injection vulnerabilities in PunBB before 1.2.14 allow remote authenticated administrators to execute arbitrary SQL commands via unspecified vectors.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://forums.punbb.org/viewtopic.php?id=13496
x_refsource_CONFIRM
http://www.punbb.org/changelogs/1.2.13_to_1.2.14.txt
x_refsource_CONFIRM
Hyperlink: http://forums.punbb.org/viewtopic.php?id=13496
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.punbb.org/changelogs/1.2.13_to_1.2.14.txt
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://forums.punbb.org/viewtopic.php?id=13496
x_refsource_CONFIRM
x_transferred
http://www.punbb.org/changelogs/1.2.13_to_1.2.14.txt
x_refsource_CONFIRM
x_transferred
Hyperlink: http://forums.punbb.org/viewtopic.php?id=13496
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.punbb.org/changelogs/1.2.13_to_1.2.14.txt
Resource:
x_refsource_CONFIRM
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-89CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Type: CWE
CWE ID: CWE-89
Description: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Metrics
VersionBase scoreBase severityVector
3.17.2HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 7.2
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:06 Nov, 2006 | 18:07
Updated At:03 Apr, 2025 | 16:15

Multiple SQL injection vulnerabilities in PunBB before 1.2.14 allow remote authenticated administrators to execute arbitrary SQL commands via unspecified vectors.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.17.2HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Primary2.02.1LOW
AV:N/AC:H/Au:S/C:N/I:P/A:N
Type: Secondary
Version: 3.1
Base score: 7.2
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 2.1
Base severity: LOW
Vector:
AV:N/AC:H/Au:S/C:N/I:P/A:N
CPE Matches

punbb
punbb
>>punbb>>Versions up to 1.2.13(inclusive)
cpe:2.3:a:punbb:punbb:*:*:*:*:*:*:*:*
punbb
punbb
>>punbb>>1.0
cpe:2.3:a:punbb:punbb:1.0:*:*:*:*:*:*:*
punbb
punbb
>>punbb>>1.0.1
cpe:2.3:a:punbb:punbb:1.0.1:*:*:*:*:*:*:*
punbb
punbb
>>punbb>>1.0_alpha
cpe:2.3:a:punbb:punbb:1.0_alpha:*:*:*:*:*:*:*
punbb
punbb
>>punbb>>1.0_beta1
cpe:2.3:a:punbb:punbb:1.0_beta1:*:*:*:*:*:*:*
punbb
punbb
>>punbb>>1.0_beta1a
cpe:2.3:a:punbb:punbb:1.0_beta1a:*:*:*:*:*:*:*
punbb
punbb
>>punbb>>1.0_beta2
cpe:2.3:a:punbb:punbb:1.0_beta2:*:*:*:*:*:*:*
punbb
punbb
>>punbb>>1.0_beta3
cpe:2.3:a:punbb:punbb:1.0_beta3:*:*:*:*:*:*:*
punbb
punbb
>>punbb>>1.0_rc1
cpe:2.3:a:punbb:punbb:1.0_rc1:*:*:*:*:*:*:*
punbb
punbb
>>punbb>>1.0_rc2
cpe:2.3:a:punbb:punbb:1.0_rc2:*:*:*:*:*:*:*
punbb
punbb
>>punbb>>1.1
cpe:2.3:a:punbb:punbb:1.1:*:*:*:*:*:*:*
punbb
punbb
>>punbb>>1.1.1
cpe:2.3:a:punbb:punbb:1.1.1:*:*:*:*:*:*:*
punbb
punbb
>>punbb>>1.1.2
cpe:2.3:a:punbb:punbb:1.1.2:*:*:*:*:*:*:*
punbb
punbb
>>punbb>>1.1.3
cpe:2.3:a:punbb:punbb:1.1.3:*:*:*:*:*:*:*
punbb
punbb
>>punbb>>1.1.4
cpe:2.3:a:punbb:punbb:1.1.4:*:*:*:*:*:*:*
punbb
punbb
>>punbb>>1.1.5
cpe:2.3:a:punbb:punbb:1.1.5:*:*:*:*:*:*:*
punbb
punbb
>>punbb>>1.2
cpe:2.3:a:punbb:punbb:1.2:*:*:*:*:*:*:*
punbb
punbb
>>punbb>>1.2.1
cpe:2.3:a:punbb:punbb:1.2.1:*:*:*:*:*:*:*
punbb
punbb
>>punbb>>1.2.2
cpe:2.3:a:punbb:punbb:1.2.2:*:*:*:*:*:*:*
punbb
punbb
>>punbb>>1.2.3
cpe:2.3:a:punbb:punbb:1.2.3:*:*:*:*:*:*:*
punbb
punbb
>>punbb>>1.2.4
cpe:2.3:a:punbb:punbb:1.2.4:*:*:*:*:*:*:*
punbb
punbb
>>punbb>>1.2.5
cpe:2.3:a:punbb:punbb:1.2.5:*:*:*:*:*:*:*
punbb
punbb
>>punbb>>1.2.6
cpe:2.3:a:punbb:punbb:1.2.6:*:*:*:*:*:*:*
punbb
punbb
>>punbb>>1.2.7
cpe:2.3:a:punbb:punbb:1.2.7:*:*:*:*:*:*:*
punbb
punbb
>>punbb>>1.2.8
cpe:2.3:a:punbb:punbb:1.2.8:*:*:*:*:*:*:*
punbb
punbb
>>punbb>>1.2.9
cpe:2.3:a:punbb:punbb:1.2.9:*:*:*:*:*:*:*
punbb
punbb
>>punbb>>1.2.10
cpe:2.3:a:punbb:punbb:1.2.10:*:*:*:*:*:*:*
punbb
punbb
>>punbb>>1.2.11
cpe:2.3:a:punbb:punbb:1.2.11:*:*:*:*:*:*:*
punbb
punbb
>>punbb>>1.2.12
cpe:2.3:a:punbb:punbb:1.2.12:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-OtherPrimarynvd@nist.gov
CWE-89Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: NVD-CWE-Other
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-89
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description

Evaluator Impact

Evaluator Solution

Successful exploitation requires that the attacker is an authenticated Administrator.

Vendor Statements

References
HyperlinkSourceResource
http://forums.punbb.org/viewtopic.php?id=13496cve@mitre.org
Patch
http://www.punbb.org/changelogs/1.2.13_to_1.2.14.txtcve@mitre.org
N/A
http://forums.punbb.org/viewtopic.php?id=13496af854a3a-2127-422b-91ae-364da2661108
Patch
http://www.punbb.org/changelogs/1.2.13_to_1.2.14.txtaf854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://forums.punbb.org/viewtopic.php?id=13496
Source: cve@mitre.org
Resource:
Patch
Hyperlink: http://www.punbb.org/changelogs/1.2.13_to_1.2.14.txt
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://forums.punbb.org/viewtopic.php?id=13496
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: http://www.punbb.org/changelogs/1.2.13_to_1.2.14.txt
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

1022Records found

CVE-2025-3767
Matching Score-4
Assigner-bd4443e6-1eef-43f3-9886-25fc9ceeaae7
ShareView Details
Matching Score-4
Assigner-bd4443e6-1eef-43f3-9886-25fc9ceeaae7
CVSS Score-7.2||HIGH
EPSS-0.70% / 71.12%
||
7 Day CHG+0.62%
Published-22 Apr, 2025 | 15:16
Updated-23 Apr, 2025 | 14:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL Injection in Centreon BAM boolean KPI listing

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Centreon BAM (Boolean KPi Listing modules) allows SQL Injection. This page is only accessible to authenticated users with high privileges. This issue affects Centreon BAM: from 24.10 before 24.10.1, from 24.04 before 24.04.5, from 23.10 before 23.10.10, from 23.04 before 23.04.10.

Action-Not Available
Vendor-CENTREON
Product-Centreon BAM
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2021-33733
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-7.2||HIGH
EPSS-2.15% / 83.58%
||
7 Day CHG~0.00%
Published-12 Oct, 2021 | 09:49
Updated-03 Aug, 2024 | 23:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application.

Action-Not Available
Vendor-Siemens AG
Product-sinec_nmsSINEC NMS
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2021-33730
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-7.2||HIGH
EPSS-2.15% / 83.58%
||
7 Day CHG~0.00%
Published-12 Oct, 2021 | 09:49
Updated-03 Aug, 2024 | 23:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application.

Action-Not Available
Vendor-Siemens AG
Product-sinec_nmsSINEC NMS
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-34042
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.26% / 49.05%
||
7 Day CHG~0.00%
Published-20 Jul, 2022 | 16:06
Updated-03 Aug, 2024 | 08:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Barangay Management System v1.0 was discovered to contain a SQL injection vulnerability via the hidden_id parameter at /pages/household/household.php.

Action-Not Available
Vendor-barangay_management_system_projectn/a
Product-barangay_management_systemn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-3229
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-0.05% / 13.36%
||
7 Day CHG~0.00%
Published-04 Apr, 2025 | 08:31
Updated-16 May, 2025 | 15:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHPGurukul Restaurant Table Booking System edit-subadmin.php sql injection

A vulnerability was found in PHPGurukul Restaurant Table Booking System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /edit-subadmin.php. The manipulation of the argument fullname leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.

Action-Not Available
Vendor-PHPGurukul LLP
Product-restaurant_table_booking_systemRestaurant Table Booking System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2021-32474
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.2||HIGH
EPSS-0.64% / 69.59%
||
7 Day CHG~0.00%
Published-11 Mar, 2022 | 17:54
Updated-03 Aug, 2024 | 23:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An SQL injection risk existed on sites with MNet enabled and configured, via an XML-RPC call from the connected peer host. Note that this required site administrator access or access to the keypair. Moodle 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected.

Action-Not Available
Vendor-n/aMoodle Pty Ltd
Product-moodlemoodle
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-34590
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-4.17% / 88.24%
||
7 Day CHG~0.00%
Published-20 Jul, 2022 | 20:50
Updated-03 Aug, 2024 | 09:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in /HMS/admin.php.

Action-Not Available
Vendor-hospital_management_system_projectn/a
Product-hospital_management_systemn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-31980
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-7.67% / 91.52%
||
7 Day CHG~0.00%
Published-01 Jun, 2022 | 18:11
Updated-03 Aug, 2024 | 07:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=teams/manage_team&id=.

Action-Not Available
Vendor-online_fire_reporting_system_projectn/a
Product-online_fire_reporting_systemn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-31996
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.26% / 49.18%
||
7 Day CHG~0.00%
Published-02 Jun, 2022 | 14:52
Updated-03 Aug, 2024 | 07:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Badminton Center Management System v1.0 is vulnerable to SQL Injection via bcms/admin/?page=sales/manage_sale&id=.

Action-Not Available
Vendor-badminton_center_management_system_projectn/a
Product-badminton_center_management_systemn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-33060
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.26% / 49.18%
||
7 Day CHG~0.00%
Published-29 Jun, 2022 | 17:18
Updated-03 Aug, 2024 | 08:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_schedule.

Action-Not Available
Vendor-online_railway_reservation_system_projectn/a
Product-online_railway_reservation_systemn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-33055
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.26% / 49.18%
||
7 Day CHG~0.00%
Published-21 Jun, 2022 | 13:21
Updated-03 Aug, 2024 | 08:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /orrs/admin/trains/manage_train.php.

Action-Not Available
Vendor-online_railway_reservation_system_projectn/a
Product-online_railway_reservation_systemn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-33042
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.26% / 49.18%
||
7 Day CHG~0.00%
Published-29 Jun, 2022 | 16:52
Updated-03 Aug, 2024 | 07:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/inquiries/view_details.php.

Action-Not Available
Vendor-online_railway_reservation_system_projectn/a
Product-online_railway_reservation_systemn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-33061
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.26% / 49.18%
||
7 Day CHG~0.00%
Published-29 Jun, 2022 | 17:18
Updated-03 Aug, 2024 | 08:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_service.

Action-Not Available
Vendor-online_railway_reservation_system_projectn/a
Product-online_railway_reservation_systemn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-33114
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.24% / 47.35%
||
7 Day CHG~0.00%
Published-23 Jun, 2022 | 12:45
Updated-03 Aug, 2024 | 08:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jfinal CMS v5.1.0 was discovered to contain a SQL injection vulnerability via the attrVal parameter at /jfinal_cms/system/dict/list.

Action-Not Available
Vendor-jflyfoxn/a
Product-jfinal_cmsn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-33056
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.26% / 49.18%
||
7 Day CHG~0.00%
Published-21 Jun, 2022 | 13:21
Updated-03 Aug, 2024 | 08:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /orrs/admin/schedules/manage_schedule.php.

Action-Not Available
Vendor-online_railway_reservation_system_projectn/a
Product-online_railway_reservation_systemn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-33049
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.26% / 49.18%
||
7 Day CHG~0.00%
Published-21 Jun, 2022 | 13:15
Updated-03 Aug, 2024 | 08:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /orrs/admin/?page=user/manage_user.

Action-Not Available
Vendor-online_railway_reservation_system_projectn/a
Product-online_railway_reservation_systemn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-33057
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.26% / 49.18%
||
7 Day CHG~0.00%
Published-29 Jun, 2022 | 17:05
Updated-03 Aug, 2024 | 08:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_reservation.

Action-Not Available
Vendor-online_railway_reservation_system_projectn/a
Product-online_railway_reservation_systemn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-33059
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.26% / 49.18%
||
7 Day CHG~0.00%
Published-29 Jun, 2022 | 17:05
Updated-03 Aug, 2024 | 08:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_train.

Action-Not Available
Vendor-online_railway_reservation_system_projectn/a
Product-online_railway_reservation_systemn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-33048
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.26% / 49.18%
||
7 Day CHG~0.00%
Published-21 Jun, 2022 | 13:15
Updated-03 Aug, 2024 | 08:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /orrs/admin/reservations/view_details.php.

Action-Not Available
Vendor-online_railway_reservation_system_projectn/a
Product-online_railway_reservation_systemn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-3302
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-7.2||HIGH
EPSS-0.24% / 47.23%
||
7 Day CHG~0.00%
Published-25 Oct, 2022 | 00:00
Updated-09 May, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Anti-Spam by CleanTalk < 5.185.1 - Admin+ SQLi

The Spam protection, AntiSpam, FireWall by CleanTalk WordPress plugin before 5.185.1 does not validate ids before using them in a SQL statement, which could lead to SQL injection exploitable by high privilege users such as admin

Action-Not Available
Vendor-cleantalkUnknown
Product-spam_protection\,_antispam\,_firewallSpam protection, AntiSpam, FireWall by CleanTalk
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-32992
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.26% / 49.18%
||
7 Day CHG~0.00%
Published-15 Jun, 2022 | 16:22
Updated-03 Aug, 2024 | 07:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Online Tours And Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the tname parameter at /admin/operations/tax.php.

Action-Not Available
Vendor-online_tours_and_travels_management_system_projectn/a
Product-online_tours_and_travels_management_systemn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-32007
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-12.51% / 93.67%
||
7 Day CHG~0.00%
Published-02 Jun, 2022 | 15:36
Updated-03 Aug, 2024 | 07:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/admin/company/index.php?view=edit&id=.

Action-Not Available
Vendor-complete_online_job_search_system_projectn/a
Product-complete_online_job_search_systemn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-32349
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.26% / 49.18%
||
7 Day CHG~0.00%
Published-14 Jun, 2022 | 15:37
Updated-03 Aug, 2024 | 07:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/classes/Master.php?f=delete_patient_history.

Action-Not Available
Vendor-hospital\'s_patient_records_management_system_projectn/a
Product-hospital\'s_patient_records_management_systemn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-32377
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.26% / 49.18%
||
7 Day CHG~0.00%
Published-15 Jun, 2022 | 18:42
Updated-03 Aug, 2024 | 07:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_exam_timetable.php?id=.

Action-Not Available
Vendor-advanced_school_management_system_projectn/a
Product-advanced_school_management_systemn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-32028
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-8.72% / 92.12%
||
7 Day CHG~0.00%
Published-02 Jun, 2022 | 15:41
Updated-03 Aug, 2024 | 07:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Car Rental Management System v1.0 is vulnerable to SQL Injection via /car-rental-management-system/admin/manage_user.php?id=.

Action-Not Available
Vendor-car_rental_management_system_projectn/a
Product-car_rental_management_systemn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-32365
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.26% / 49.18%
||
7 Day CHG~0.00%
Published-14 Jun, 2022 | 17:22
Updated-03 Aug, 2024 | 07:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/fields/manage_field.php?id=.

Action-Not Available
Vendor-product_show_room_site_projectn/a
Product-product_show_room_siten/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-32351
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.26% / 49.18%
||
7 Day CHG~0.00%
Published-14 Jun, 2022 | 15:31
Updated-03 Aug, 2024 | 07:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/classes/Master.php?f=delete_message.

Action-Not Available
Vendor-hospital\'s_patient_records_management_system_projectn/a
Product-hospital\'s_patient_records_management_systemn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-32017
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.26% / 49.18%
||
7 Day CHG~0.00%
Published-02 Jun, 2022 | 15:23
Updated-03 Aug, 2024 | 07:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/index.php?q=result&searchfor=bytitle.

Action-Not Available
Vendor-complete_online_job_search_system_projectn/a
Product-complete_online_job_search_systemn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-3249
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-7.2||HIGH
EPSS-1.62% / 81.06%
||
7 Day CHG~0.00%
Published-05 Dec, 2022 | 16:50
Updated-23 Apr, 2025 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WP CSV Exporter < 1.3.7 - Admin+ SQLi

The WP CSV Exporter WordPress plugin before 1.3.7 does not properly sanitise and escape some parameters before using them in a SQL statement, allowing high privilege users such as admin to perform SQL injection attacks

Action-Not Available
Vendor-wp_csv_exporter_projectUnknown
Product-wp_csv_exporterWP CSV Exporter
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-31975
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-13.34% / 93.91%
||
7 Day CHG~0.00%
Published-01 Jun, 2022 | 18:19
Updated-03 Aug, 2024 | 07:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=user/manage_user&id=.

Action-Not Available
Vendor-online_fire_reporting_system_projectn/a
Product-online_fire_reporting_systemn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-32015
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-12.51% / 93.67%
||
7 Day CHG~0.00%
Published-02 Jun, 2022 | 15:26
Updated-03 Aug, 2024 | 07:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/index.php?q=category&search=.

Action-Not Available
Vendor-complete_online_job_search_system_projectn/a
Product-complete_online_job_search_systemn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-29391
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.05% / 16.86%
||
7 Day CHG~0.00%
Published-09 Apr, 2025 | 00:00
Updated-22 Apr, 2025 | 17:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

horvey Library-Manager v1.0 is vulnerable to SQL Injection in Admin/Controller/BookController.class.php.

Action-Not Available
Vendor-horveyn/a
Product-library-managern/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2019-4147
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-4.7||MEDIUM
EPSS-0.41% / 60.70%
||
7 Day CHG~0.00%
Published-16 Sep, 2019 | 18:55
Updated-16 Sep, 2024 | 20:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Sterling File Gateway 2.2.0.0 through 6.0.1.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 158413.

Action-Not Available
Vendor-IBM Corporation
Product-sterling_file_gatewaySterling File Gateway
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-32330
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.26% / 49.18%
||
7 Day CHG~0.00%
Published-14 Jun, 2022 | 15:14
Updated-03 Aug, 2024 | 07:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Fast Food Ordering System v1.0 is vulnerable to SQL Injection via /ffos/classes/Master.php?f=delete_menu.

Action-Not Available
Vendor-fast_food_ordering_system_projectn/a
Product-fast_food_ordering_systemn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-32332
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.26% / 49.18%
||
7 Day CHG~0.00%
Published-14 Jun, 2022 | 15:17
Updated-03 Aug, 2024 | 07:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Fast Food Ordering System v1.0 is vulnerable to SQL Injection via /ffos/classes/Master.php?f=delete_category.

Action-Not Available
Vendor-fast_food_ordering_system_projectn/a
Product-fast_food_ordering_systemn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-32380
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.26% / 49.18%
||
7 Day CHG~0.00%
Published-15 Jun, 2022 | 18:38
Updated-03 Aug, 2024 | 07:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_student_subject.php?index=.

Action-Not Available
Vendor-advanced_school_management_system_projectn/a
Product-advanced_school_management_systemn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-32375
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.26% / 49.18%
||
7 Day CHG~0.00%
Published-15 Jun, 2022 | 18:44
Updated-03 Aug, 2024 | 07:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_timetable.php?id=.

Action-Not Available
Vendor-advanced_school_management_system_projectn/a
Product-advanced_school_management_systemn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-29180
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.05% / 16.81%
||
7 Day CHG~0.00%
Published-17 Apr, 2025 | 00:00
Updated-17 Apr, 2025 | 20:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In FOXCMS <=1.25, the installdb.php file has a time - based blind SQL injection vulnerability. The url_prefix, domain, and my_website POST parameters are directly concatenated into SQL statements without filtering.

Action-Not Available
Vendor-n/a
Product-n/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-32018
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-12.51% / 93.67%
||
7 Day CHG~0.00%
Published-02 Jun, 2022 | 15:22
Updated-03 Aug, 2024 | 07:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/index.php?q=hiring&search=.

Action-Not Available
Vendor-complete_online_job_search_system_projectn/a
Product-complete_online_job_search_systemn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-32374
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.26% / 49.18%
||
7 Day CHG~0.00%
Published-15 Jun, 2022 | 19:45
Updated-03 Aug, 2024 | 07:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_subject_routing.php?id=.

Action-Not Available
Vendor-advanced_school_management_system_projectn/a
Product-advanced_school_management_systemn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-32347
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.26% / 49.18%
||
7 Day CHG~0.00%
Published-14 Jun, 2022 | 15:44
Updated-03 Aug, 2024 | 07:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/classes/Master.php?f=delete_room.

Action-Not Available
Vendor-hospital\'s_patient_records_management_system_projectn/a
Product-hospital\'s_patient_records_management_systemn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-32021
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.26% / 49.18%
||
7 Day CHG~0.00%
Published-02 Jun, 2022 | 15:59
Updated-03 Aug, 2024 | 07:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Car Rental Management System v1.0 is vulnerable to SQL Injection via /car-rental-management-system/admin/manage_movement.php?id=.

Action-Not Available
Vendor-car_rental_management_system_projectn/a
Product-car_rental_management_systemn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-32367
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.26% / 49.18%
||
7 Day CHG~0.00%
Published-14 Jun, 2022 | 17:20
Updated-03 Aug, 2024 | 07:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/?page=inquiries/view_inquiry&id=.

Action-Not Available
Vendor-product_show_room_site_projectn/a
Product-product_show_room_siten/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-24140
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-2.82% / 85.61%
||
7 Day CHG~0.00%
Published-29 Jan, 2024 | 00:00
Updated-29 May, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sourcecodester Daily Habit Tracker App 1.0 allows SQL Injection via the parameter 'tracker.'

Action-Not Available
Vendor-n/aremyandrade
Product-daily_habit_trackern/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-31970
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.26% / 49.18%
||
7 Day CHG~0.00%
Published-01 Jun, 2022 | 17:59
Updated-03 Aug, 2024 | 07:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ChatBot App with Suggestion v1.0 is vulnerable to SQL Injection via /simple_chat_bot/admin/?page=responses/manage_response&id=.

Action-Not Available
Vendor-chatbot_app_with_suggestion_projectn/a
Product-chatbot_app_with_suggestionn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-32331
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.26% / 49.18%
||
7 Day CHG~0.00%
Published-14 Jun, 2022 | 15:15
Updated-03 Aug, 2024 | 07:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Fast Food Ordering System v1.0 is vulnerable to SQL Injection via /ffos/admin/categories/view_category.php?id=.

Action-Not Available
Vendor-fast_food_ordering_system_projectn/a
Product-fast_food_ordering_systemn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-32368
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.26% / 49.18%
||
7 Day CHG~0.00%
Published-15 Jun, 2022 | 19:47
Updated-03 Aug, 2024 | 07:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_grade.php?id=.

Action-Not Available
Vendor-advanced_school_management_system_projectn/a
Product-advanced_school_management_systemn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-32359
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.26% / 49.18%
||
7 Day CHG~0.00%
Published-14 Jun, 2022 | 20:18
Updated-03 Aug, 2024 | 07:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/classes/Master.php?f=delete_category.

Action-Not Available
Vendor-product_show_room_site_projectn/a
Product-product_show_room_siten/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2021-29350
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.52% / 65.83%
||
7 Day CHG~0.00%
Published-29 Apr, 2021 | 15:12
Updated-03 Aug, 2024 | 22:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection in the getip function in conn/function.php in 发货100-设计素材下载系统 1.1 allows remote attackers to inject arbitrary SQL commands via the X-Forwarded-For header to admin/product_add.php.

Action-Not Available
Vendor-shipment_100-design_material_download_system_projectn/a
Product-shipment_100-design_material_download_systemn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-32003
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.26% / 49.18%
||
7 Day CHG~0.00%
Published-02 Jun, 2022 | 14:41
Updated-03 Aug, 2024 | 07:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/courts/view_court.php?id=.

Action-Not Available
Vendor-badminton_center_management_system_projectn/a
Product-badminton_center_management_systemn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 20
  • 21
  • Next
Details not found