CVE-2022-0836

CVE-2022-0836: SEMA API < 4.02 - Unauthenticated SQLi

Vendor Unknown

Product SEMA API

Weakness CWE-89 · SQLi

Published May 9, 2022

Last update August 2, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The SEMA API WordPress plugin before 4.02 does not properly sanitise and escape some parameters before using them in SQL statements via an AJAX action, leading to SQL Injections exploitable by unauthenticated users

Key dates

02Disclosure timeline

May 9, 2022 CVE published

August 2, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-0836

Related vulnerabilities

04Related CVE

CVE-2025-9502 Campcodes Online Loan Management System ajax.php sql injection CVE-2024-7190 itsourcecode Society Management System get_price.php sql injection CVE-2026-33917 OpenEMR has SQL Injection in CAMOS Form CVE-2024-11244 code-projects Farmacia editar-cliente.php sql injection CVE-2021-37197