Total
18012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-48588 | 1 Sciencelogic | 1 Sl1 | 2024-11-21 | N/A | 8.8 HIGH |
|
A SQL injection vulnerability exists in the “schedule editor decoupled” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
|
|||||
| CVE-2022-48587 | 1 Sciencelogic | 1 Sl1 | 2024-11-21 | N/A | 8.8 HIGH |
|
A SQL injection vulnerability exists in the “schedule editor” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
|
|||||
| CVE-2022-48586 | 1 Sciencelogic | 1 Sl1 | 2024-11-21 | N/A | 8.8 HIGH |
|
A SQL injection vulnerability exists in the “json walker” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
|
|||||
| CVE-2022-48585 | 1 Sciencelogic | 1 Sl1 | 2024-11-21 | N/A | 8.8 HIGH |
|
A SQL injection vulnerability exists in the “admin brand portal” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
|
|||||
| CVE-2022-48149 | 1 Online Student Admission System Project | 1 Online Student Admission System | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Online Student Admission System in PHP Free Source Code 1.0 was discovered to contain a SQL injection vulnerability via the username parameter.
|
|||||
| CVE-2022-47984 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2024-11-21 | N/A | 6.3 MEDIUM |
|
IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 243163.
|
|||||
| CVE-2022-47614 | 1 Inspireui | 1 Mstore Api | 2024-11-21 | N/A | 7.5 HIGH |
|
Unauth. SQL Injection (SQLi) vulnerability in InspireUI MStore API plugin <= 3.9.7 versions.
|
|||||
| CVE-2022-47605 | 1 Kunalnagar | 1 Custom 404 Pro | 2024-11-21 | N/A | 8.3 HIGH |
|
Auth. SQL Injection') vulnerability in Kunal Nagar Custom 404 Pro plugin <= 3.7.0 versions.
|
|||||
| CVE-2022-47593 | 1 Rapidload | 1 Rapidload Power-up For Autoptimize | 2024-11-21 | N/A | 8.5 HIGH |
|
Auth. (subscriber+) SQL Injection (SQLi) vulnerability in RapidLoad RapidLoad Power-Up for Autoptimize plugin <= 1.6.35 versions.
|
|||||
| CVE-2022-47588 | 1 Tipsandtricks-hq | 1 Simple Photo Gallery | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tips and Tricks HQ, Peter Petreski Simple Photo Gallery simple-photo-gallery allows SQL Injection.This issue affects Simple Photo Gallery: from n/a through v1.8.1.
|
|||||
| CVE-2022-47586 | 1 Themefic | 1 Ultimate Addons For Contact Form 7 | 2024-11-21 | N/A | 8.2 HIGH |
|
Unauth. SQL Injection (SQLi) vulnerability in Themefic Ultimate Addons for Contact Form 7 plugin <= 3.1.23 versions.
|
|||||
| CVE-2022-47532 | 1 Filerun | 1 Filerun | 2024-11-21 | N/A | 9.8 CRITICAL |
|
FileRun 20220519 allows SQL Injection via the "dir" parameter in a /?module=users§ion=cpanel&page=list request.
|
|||||
| CVE-2022-47445 | 1 Web-x | 1 Be-popia-compliant | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Web-X Be POPIA Compliant be-popia-compliant allows SQL Injection.This issue affects Be POPIA Compliant: from n/a through 1.2.0.
|
|||||
| CVE-2022-47432 | 1 Kemalyazici | 1 Shortcode Imdb | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Kemal YAZICI - PluginPress Shortcode IMDB allows SQL Injection.This issue affects Shortcode IMDB: from n/a through 6.0.8.
|
|||||
| CVE-2022-47430 | 1 Weblizar | 1 School Management - Education \& Learning Management | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Weblizar The School Management – Education & Learning Management allows SQL Injection.This issue affects The School Management – Education & Learning Management: from n/a through 4.1.
|
|||||
| CVE-2022-47428 | 1 Wpdevart | 1 Booking Calendar | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WpDevArt Booking calendar, Appointment Booking System allows SQL Injection.This issue affects Booking calendar, Appointment Booking System: from n/a through 3.2.7.
|
|||||
| CVE-2022-47426 | 1 Neshan | 1 Neshan Maps | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Neshan Maps Platform Neshan Maps neshan-maps allows SQL Injection.This issue affects Neshan Maps: from n/a through 1.1.4.
|
|||||
| CVE-2022-47420 | 1 Adaplugin | 1 Accessibility Suite By Online Ada | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Online ADA Accessibility Suite by Online ADA allows SQL Injection.This issue affects Accessibility Suite by Online ADA: from n/a through 4.12.
|
|||||
| CVE-2022-46966 | 1 Revenue Collection System Project | 1 Revenue Collection System | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Revenue Collection System v1.0 was discovered to contain a SQL injection vulnerability at step1.php.
|
|||||
| CVE-2022-46860 | 1 Kaizencoders | 1 Short Url | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in KaizenCoders Short URL allows SQL Injection.This issue affects Short URL: from n/a through 1.6.4.
|
|||||
| CVE-2022-46859 | 1 Spiffyplugins | 1 Spiffy Calendar | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Spiffy Plugins Spiffy Calendar spiffy-calendar allows SQL Injection.This issue affects Spiffy Calendar: from n/a through 4.9.1.
|
|||||
| CVE-2022-46849 | 1 Weblizar | 1 Responsive Coming Soon \& Maintenance Mode | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Weblizar Coming Soon Page – Responsive Coming Soon & Maintenance Mode allows SQL Injection.This issue affects Coming Soon Page – Responsive Coming Soon & Maintenance Mode: from n/a through 1.5.9.
|
|||||
| CVE-2022-46818 | 1 Gopiplus | 1 Email Posts To Subscribers | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Gopi Ramasamy Email posts to subscribers allows SQL Injection.This issue affects Email posts to subscribers: from n/a through 6.2.
|
|||||
| CVE-2022-46808 | 1 Reputeinfosystems | 1 Armember | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Repute Infosystems ARMember armember-membership allows SQL Injection.This issue affects ARMember: from n/a through 3.4.11.
|
|||||
| CVE-2022-46501 | 1 Accruent | 1 Maintenance Connection | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Accruent LLC Maintenance Connection 2021 (all) & 2022.2 was discovered to contain a SQL injection vulnerability via the E-Mail to Work Order function.
|
|||||
| CVE-2022-46163 | 1 Opensuse | 1 Travel Support Program | 2024-11-21 | N/A | 7.5 HIGH |
|
Travel support program is a rails app to support the travel support program of openSUSE (TSP). Sensitive user data (bank account details, password Hash) can be extracted via Ransack query injection. Every deployment of travel-support-program below the patched version is affected. The travel-support-program uses the Ransack library to implement search functionality. In its default configuration, Ransack will allow for query conditions based on properties of associated database objects [1]. The `* ...
Show More |
|||||
| CVE-2022-45822 | 1 Elbtide | 1 Advanced Booking Calendar | 2024-11-21 | N/A | 10.0 CRITICAL |
|
Unauth. SQL Injection (SQLi) vulnerability in Advanced Booking Calendar plugin <= 1.7.1 on WordPress.
|
|||||
| CVE-2022-45820 | 1 Thimpress | 1 Learnpress | 2024-11-21 | N/A | 9.1 CRITICAL |
|
SQL Injection (SQLi) vulnerability in LearnPress – WordPress LMS Plugin <= 4.1.7.3.2 versions.
|
|||||
| CVE-2022-45808 | 1 Thimpress | 1 Learnpress | 2024-11-21 | N/A | 9.9 CRITICAL |
|
SQL Injection vulnerability in LearnPress – WordPress LMS Plugin <= 4.1.7.3.2 versions.
|
|||||
| CVE-2022-45805 | 1 Paytm | 1 Payment Gateway | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Paytm Paytm Payment Gateway paytm-payments allows SQL Injection.This issue affects Paytm Payment Gateway: from n/a through 2.7.3.
|
|||||
| CVE-2022-45373 | 1 Wp-slimstat | 1 Slimstat Analytics | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Jason Crouse, VeronaLabs Slimstat Analytics allows SQL Injection.This issue affects Slimstat Analytics: from n/a through 5.0.4.
|
|||||
| CVE-2022-45355 | 1 Thimpress | 1 Wp Pipes | 2024-11-21 | N/A | 8.2 HIGH |
|
Auth. (admin+) SQL Injection (SQLi) vulnerability in ThimPress WP Pipes plugin <= 1.33 versions.
|
|||||
| CVE-2022-45090 | 1 Gruparge | 1 Smartpower Web | 2024-11-21 | N/A | 8.8 HIGH |
|
Improper Input Validation vulnerability in Group Arge Energy and Control Systems Smartpower Web allows SQL Injection.This issue affects Smartpower Web: before 23.01.01.
|
|||||
| CVE-2022-45089 | 1 Gruparge | 1 Smartpower Web | 2024-11-21 | N/A | 8.8 HIGH |
|
Improper Input Validation vulnerability in Group Arge Energy and Control Systems Smartpower Web allows SQL Injection.This issue affects Smartpower Web: before 23.01.01.
|
|||||
| CVE-2022-44588 | 1 Blocksera | 1 Cryptocurrency Widgets Pack | 2024-11-21 | N/A | 9.9 CRITICAL |
|
Unauth. SQL Injection vulnerability in Cryptocurrency Widgets Pack Plugin <=1.8.1 on WordPress.
|
|||||
| CVE-2022-44580 | 1 Richplugins | 1 Plugin For Google Reviews | 2024-11-21 | N/A | 9.1 CRITICAL |
|
SQL Injection (SQLi) vulnerability in RichPlugins Plugin for Google Reviews plugin <= 2.2.3 versions.
|
|||||
| CVE-2022-44117 | 1 Boa | 1 Boa | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Boa 0.94.14rc21 is vulnerable to SQL Injection via username. NOTE: the is disputed by multiple third parties because Boa does not ship with any support for SQL.
|
|||||
| CVE-2022-43860 | 1 Ibm | 1 I | 2024-11-21 | N/A | 4.3 MEDIUM |
|
IBM Navigator for i 7.3, 7.4, and 7.5 could allow an authenticated user to obtain sensitive information they are authorized to but not while using this interface. By performing an SQL injection an attacker could see user profile attributes through this interface. IBM X-Force ID: 239305.
|
|||||
| CVE-2022-43859 | 1 Ibm | 1 I | 2024-11-21 | N/A | 6.3 MEDIUM |
|
IBM Navigator for i 7.3, 7.4, and 7.5 could allow an authenticated user to obtain sensitive information for an object they are authorized to but not while using this interface. By performing a UNION based SQL injection an attacker could see file permissions through this interface. IBM X-Force ID: 239304.
|
|||||
| CVE-2022-43506 | 1 Deltaww | 1 Diaenergie | 2024-11-21 | N/A | 8.8 HIGH |
|
SQL Injection in
HandlerTag_KID.ashx
in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network
|
|||||