Security
Headlines
HeadlinesLatestCVEs

Tag

#sql

CVE-2022-30777: H-Sphere

Parallels H-Sphere 3.6.1713 allows XSS via the index_en.php from parameter.

CVE
#sql#xss#web#windows#microsoft#linux#java#php#postgres#ssl
HighCMS/HighPortal 12.x SQL Injection

HighCMS/HighPortal version 12.x appears to suffer from a remote SQL injection vulnerability.

CVE-2022-30012: GitHub - kabirkhyrul/hms at 1.0

In the POST request of the appointment.php page of HMS v.0, there are SQL injection vulnerabilities in multiple parameters, and database information can be obtained through injection.

CVE-2022-28930: SQL injection vulnerability exists in ERP-Pro system · Issue #I515R4 · Skyeye云系列/erp-pro - Gitee.com

ERP-Pro v3.7.5 was discovered to contain a SQL injection vulnerability via the component /base/SysEveMenuAuthPointMapper.xml..

CVE-2022-28930: SQL injection vulnerability exists in ERP-Pro system · Issue #I515R4 · Skyeye云系列/erp-pro - Gitee.com

ERP-Pro v3.7.5 was discovered to contain a SQL injection vulnerability via the component /base/SysEveMenuAuthPointMapper.xml..

CVE-2022-28929: vulnerabilitys/HMS at main · cyberhomeless/vulnerabilitys

Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the delid parameter at viewtreatmentrecord.php.

CVE-2022-28929: vulnerabilitys/HMS at main · cyberhomeless/vulnerabilitys

Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the delid parameter at viewtreatmentrecord.php.

CVE-2021-41965: SQL Injection Vulnerability in ChurchCRM (CVE-2021-41965)

A SQL injection vulnerability exists in ChurchCRM version 2.0.0 to 4.4.5 that allows an authenticated attacker to issue an arbitrary SQL command to the database through the unsanitized EN_tyid, theID and EID fields used when an Edit action on an existing record is being performed.