Improper neutralization of special elements used in an SQL command (‘SQL Injection’) vulnerability in webapi component in Synology CardDAV Server before 6.0.10-0153 allows remote authenticated users to inject SQL commands via unspecified vectors.
CWE-89
CVE-2022-27434
UNIT4 TETA Mobile Edition (ME) before 29.5.HF17 was discovered to contain a SQL injection vulnerability via the ProfileName parameter in the errorReporting page.
CVE-2022-2745
A vulnerability, which was classified as critical, was found in SourceCodester Gym Management System. This affects an unknown part of the file /admin/add_trainers.php of the component Add New Trainer. The manipulation of the argument trainer_name leads to sql injection. It is possible to initiate the attack remotely. The identifier VDB-206013 was assigned to this vulnerability.
CVE-2022-27466
MCMS v5.2.27 was discovered to contain a SQL injection vulnerability in the orderBy parameter at /dict/list.do.
CVE-2022-2747
A vulnerability was found in SourceCodester Simple Online Book Store and classified as critical. This issue affects some unknown processing of the file book.php. The manipulation of the argument book_isbn leads to sql injection. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-206015.
CVE-2022-27472
SQL injection vulnerability in Topics Counting feature of Roothub 2.6.0 allows unauthorized attackers to execute arbitrary SQL commands via the “s” parameter remotely.