Total
18012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-3470 | 1 Oretnom23 | 1 Human Resource Management System | 2024-11-21 | N/A | 6.3 MEDIUM |
|
A vulnerability was found in SourceCodester Human Resource Management System. It has been classified as critical. Affected is an unknown function of the file getstatecity.php. The manipulation of the argument sc leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-210714 is the identifier assigned to this vulnerability.
|
|||||
| CVE-2022-3142 | 1 Basixonline | 1 Nex-forms | 2024-11-21 | N/A | 8.8 HIGH |
|
The NEX-Forms WordPress plugin before 7.9.7 does not properly sanitise and escape user input before using it in SQL statements, leading to SQL injections. The attack can be executed by anyone who is permitted to view the forms statistics chart, by default administrators, however can be configured otherwise via the plugin settings.
|
|||||
| CVE-2022-3141 | 1 Cozmoslabs | 1 Translatepress | 2024-11-21 | N/A | 8.8 HIGH |
|
The Translate Multilingual sites WordPress plugin before 2.3.3 is vulnerable to an authenticated SQL injection. By adding a new language (via the settings page) containing specific special characters, the backticks in the SQL query can be surpassed and a time-based blind payload can be injected.
|
|||||
| CVE-2022-3130 | 1 Online Driving School Project Project | 1 Online Driving School Project | 2024-11-21 | N/A | 7.3 HIGH |
|
A vulnerability classified as critical has been found in codeprojects Online Driving School. This affects an unknown part of the file /login.php. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-207873 was assigned to this vulnerability.
|
|||||
| CVE-2022-3122 | 1 Oretnom23 | 1 Clinic\'s Patient Management System | 2024-11-21 | N/A | 6.3 MEDIUM |
|
A vulnerability was found in SourceCodester Clinics Patient Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file medicine_details.php. The manipulation of the argument medicine leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-207854 is the identifier assigned to this vulnerability.
|
|||||
| CVE-2022-3120 | 1 Oretnom23 | 1 Clinic\'s Patient Management System | 2024-11-21 | N/A | 7.3 HIGH |
|
A vulnerability classified as critical was found in SourceCodester Clinics Patient Management System. Affected by this vulnerability is an unknown functionality of the file index.php of the component Login. The manipulation of the argument user_name leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-207847.
|
|||||
| CVE-2022-3118 | 1 Erp System Project Project | 1 Erp System Project | 2024-11-21 | N/A | 7.3 HIGH |
|
A vulnerability was found in Sourcecodehero ERP System Project. It has been rated as critical. This issue affects some unknown processing of the file /pages/processlogin.php. The manipulation of the argument user leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-207845 was assigned to this vulnerability.
|
|||||
| CVE-2022-3059 | 1 Schoolbox | 1 Schoolbox | 2024-11-21 | N/A | 8.6 HIGH |
|
The application was vulnerable to multiple instances of SQL injection (authenticated and unauthenticated) through a vulnerable parameter. Due to the stacked query support, complex SQL commands could be crafted and injected into the vulnerable parameter and using a sleep based inferential SQL injection it was possible to extract data from the database.
|
|||||
| CVE-2022-3013 | 1 Simple Task Managing System Project | 1 Simple Task Managing System | 2024-11-21 | N/A | 6.3 MEDIUM |
|
A vulnerability classified as critical has been found in SourceCodester Simple Task Managing System. This affects an unknown part of the file /loginVaLidation.php. The manipulation of the argument login leads to sql injection. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-207423.
|
|||||
| CVE-2022-3012 | 1 Fast Food Ordering System Project | 1 Fast Food Ordering System | 2024-11-21 | N/A | 6.3 MEDIUM |
|
A vulnerability was found in oretnom23 Fast Food Ordering System. It has been rated as critical. Affected by this issue is some unknown functionality of the file ffos/admin/reports/index.php. The manipulation of the argument date leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-207422 is the identifier assigned to this vulnerability.
|
|||||
| CVE-2022-39822 | 1 Nokia | 1 Network Functions Manager For Transport | 2024-11-21 | N/A | 8.8 HIGH |
|
In NOKIA NFM-T R19.9, a SQL Injection vulnerability occurs in /cgi-bin/R19.9/easy1350.pl of the VM Manager WebUI via the id or host HTTP GET parameter. An authenticated attacker is required for exploitation.
|
|||||
| CVE-2022-39817 | 1 Nokia | 1 1350 Optical Management System | 2024-11-21 | N/A | 8.8 HIGH |
|
In NOKIA 1350 OMS R14.2, multiple SQL Injection vulnerabilities occurs. Exploitation requires an authenticated attacker. Through the injection of arbitrary SQL statements, a potential authenticated attacker can modify query syntax and perform unauthorized (and unexpected) operations against the remote database.
|
|||||
| CVE-2022-39323 | 1 Glpi-project | 1 Glpi | 2024-11-21 | N/A | 7.4 HIGH |
|
GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Time based attack using a SQL injection in api REST user_token. This issue has been patched, please upgrade to version 10.0.4. As a workaround, disable login with user_token on API Rest.
|
|||||
| CVE-2022-39303 | 1 Ree6 | 1 Ree6 | 2024-11-21 | N/A | 8.1 HIGH |
|
Ree6 is a moderation bot. This vulnerability allows manipulation of SQL queries. This issue has been patched in version 1.7.0 by using Javas PreparedStatements, which allow object setting without the risk of SQL injection. There are currently no known workarounds.
|
|||||
| CVE-2022-39180 | 1 College Management System Project | 1 College Management System | 2024-11-21 | N/A | 9.8 CRITICAL |
|
College Management System v1.0 - SQL Injection (SQLi).
By inserting SQL commands to the username and password fields in the login.php page
|
|||||
| CVE-2022-39056 | 1 Changingtec | 1 Rava Certificate Validation System | 2024-11-21 | N/A | 9.8 CRITICAL |
|
RAVA certificate validation system has insufficient validation for user input. An unauthenticated remote attacker can inject arbitrary SQL command to access, modify and delete database.
|
|||||
| CVE-2022-39041 | 1 Aenrich | 1 A\+hrd | 2024-11-21 | N/A | 9.8 CRITICAL |
|
aEnrich a+HRD has insufficient user input validation for specific API parameter. An unauthenticated remote attacker can exploit this vulnerability to inject arbitrary SQL commands to access, modify and delete database.
|
|||||
| CVE-2022-38812 | 1 Aerocms Project | 1 Aerocms | 2024-11-21 | N/A | 6.5 MEDIUM |
|
AeroCMS 0.1.1 is vulnerable to SQL Injection via the author parameter.
|
|||||
| CVE-2022-38808 | 1 Yimihome | 1 Ywoa | 2024-11-21 | N/A | 8.8 HIGH |
|
ywoa v6.1 is vulnerable to SQL Injection via backend/oa/visual/exportExcel.do interface.
|
|||||
| CVE-2022-38771 | 1 Transtek | 1 Mojodat Fixed Asset Management | 2024-11-21 | N/A | 9.8 CRITICAL |
|
The mobile application in Transtek Mojodat FAM (Fixed Asset Management) 2.4.6 allows remote attackers to send SCRIPT tags as injected input to the API request.
|
|||||
| CVE-2022-38637 | 1 Hospital Management System Project | 1 Hospital Management System | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Hospital Management System v1.0 was discovered to contain multiple SQL injection vulnerabilities via the Username and Password parameters on the Login page.
|
|||||
| CVE-2022-38618 | 1 Bpcbt | 1 Smartvista | 2024-11-21 | N/A | 8.8 HIGH |
|
SmartVista SVFE2 v2.2.22 was discovered to contain a SQL injection vulnerability via the UserForm:j_id88, UserForm:j_id90, and UserForm:j_id92 parameters at /SVFE2/pages/feegroups/country_group.jsf.
|
|||||
| CVE-2022-38617 | 1 Bpcbt | 1 Smartvista | 2024-11-21 | N/A | 8.8 HIGH |
|
SmartVista SVFE2 v2.2.22 was discovered to contain a SQL injection vulnerability via the voiceAudit:j_id97 parameter at /SVFE2/pages/audit/voiceaudit.jsf.
|
|||||
| CVE-2022-38616 | 1 Bpcbt | 1 Smartvista Front-end | 2024-11-21 | N/A | 8.8 HIGH |
|
SmartVista SVFE2 v2.2.22 was discovered to contain a SQL injection vulnerability via the UserForm:j_id90 parameter at /feegroups/tgrt_group.jsf.
|
|||||
| CVE-2022-38615 | 1 Bpcbt | 1 Smartvista Front-end | 2024-11-21 | N/A | 8.8 HIGH |
|
SmartVista SVFE2 v2.2.22 was discovered to contain multiple SQL injection vulnerabilities via the UserForm:j_id88, UserForm:j_id90, and UserForm:j_id92 parameters at /SVFE2/pages/feegroups/service_group.jsf.
|
|||||
| CVE-2022-38610 | 1 Garage Management System Project | 1 Garage Management System | 2024-11-21 | N/A | 7.2 HIGH |
|
Garage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /garage/editclient.php.
|
|||||
| CVE-2022-38606 | 1 Garage Management System Project | 1 Garage Management System | 2024-11-21 | N/A | 7.2 HIGH |
|
Garage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /garage/editcategory.php.
|
|||||
| CVE-2022-38605 | 1 Church Management System Project | 1 Church Management System | 2024-11-21 | N/A | 7.2 HIGH |
|
Church Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/edit_event.php.
|
|||||
| CVE-2022-38595 | 1 Church Management System Project | 1 Church Management System | 2024-11-21 | N/A | 7.2 HIGH |
|
Church Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/edit_user.php.
|
|||||
| CVE-2022-38594 | 1 Church Management System Project | 1 Church Management System | 2024-11-21 | N/A | 7.2 HIGH |
|
Church Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/edit_visitor.php.
|
|||||
| CVE-2022-38542 | 1 Archerydms | 1 Archery | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Archery v1.4.0 to v1.8.5 was discovered to contain a SQL injection vulnerability via the ThreadIDs parameter in the kill_session interface. The project has released an update, please upgrade to v1.9.0 and above.
|
|||||
| CVE-2022-38541 | 1 Archerydms | 1 Archery | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Archery v1.8.3 to v1.8.5 was discovered to contain multiple SQL injection vulnerabilities via the start_time and stop_time parameters in the my2sql interface.
|
|||||
| CVE-2022-38540 | 1 Archerydms | 1 Archery | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Archery v1.4.0 to v1.8.5 was discovered to contain a SQL injection vulnerability via the ThreadIDs parameter in the create_kill_session interface.
|
|||||
| CVE-2022-38539 | 1 Archerydms | 1 Archery | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Archery v1.7.5 to v1.8.5 was discovered to contain a SQL injection vulnerability via the where parameter at /archive/apply.
|
|||||
| CVE-2022-38538 | 1 Archerydms | 1 Archery | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Archery v1.7.0 to v1.8.5 was discovered to contain a SQL injection vulnerability via the checksum parameter in the report module.
|
|||||
| CVE-2022-38537 | 1 Archerydms | 1 Archery | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Archery v1.4.5 to v1.8.5 was discovered to contain multiple SQL injection vulnerabilities via the start_file, end_file, start_time, and stop_time parameters in the binlog2sql interface.
|
|||||
| CVE-2022-38304 | 1 Online Leave Management System Project | 1 Online Leave Management System | 2024-11-21 | N/A | 7.2 HIGH |
|
Online Leave Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /maintenance/manage_leave_type.php.
|
|||||
| CVE-2022-38303 | 1 Online Leave Management System Project | 1 Online Leave Management System | 2024-11-21 | N/A | 7.2 HIGH |
|
Online Leave Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /employees/manage_leave_type.php.
|
|||||
| CVE-2022-38302 | 1 Online Leave Management System Project | 1 Online Leave Management System | 2024-11-21 | N/A | 7.2 HIGH |
|
Online Leave Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /maintenance/manage_department.php.
|
|||||
| CVE-2022-38286 | 1 Jflyfox | 1 Jfinal Cms | 2024-11-21 | N/A | 7.2 HIGH |
|
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /system/role/list.
|
|||||