Total
18012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-36692 | 1 Ingredients Stock Management System Project | 1 Ingredients Stock Management System | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_category.
|
|||||
| CVE-2022-36690 | 1 Ingredient Stock Management System Project | 1 Ingredient Stock Management System | 2024-11-21 | N/A | 8.8 HIGH |
|
Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/?page=user/manage_user&id=.
|
|||||
| CVE-2022-36689 | 1 Ingredient Stock Management System Project | 1 Ingredient Stock Management System | 2024-11-21 | N/A | 8.8 HIGH |
|
Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the month parameter at /admin/?page=reports/waste&month=.
|
|||||
| CVE-2022-36688 | 1 Ingredient Stock Management System Project | 1 Ingredient Stock Management System | 2024-11-21 | N/A | 8.8 HIGH |
|
Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the month parameter at /admin/?page=reports/stockout&month=.
|
|||||
| CVE-2022-36686 | 1 Ingredient Stock Management System Project | 1 Ingredient Stock Management System | 2024-11-21 | N/A | 8.8 HIGH |
|
Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the month parameter at /admin/?page=reports/stockin&month=.
|
|||||
| CVE-2022-36683 | 1 Simple Task Scheduling System Project | 1 Simple Task Scheduling System | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_payment.
|
|||||
| CVE-2022-36682 | 1 Simple Task Scheduling System Project | 1 Simple Task Scheduling System | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_student.
|
|||||
| CVE-2022-36681 | 1 Simple Task Scheduling System Project | 1 Simple Task Scheduling System | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_account.
|
|||||
| CVE-2022-36680 | 1 Simple Task Scheduling System Project | 1 Simple Task Scheduling System | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_schedule.
|
|||||
| CVE-2022-36679 | 1 Simple Task Scheduling System Project | 1 Simple Task Scheduling System | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/?page=user/manage_user.
|
|||||
| CVE-2022-36678 | 1 Simple Task Scheduling System Project | 1 Simple Task Scheduling System | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_category.
|
|||||
| CVE-2022-36676 | 1 Simple Task Scheduling System Project | 1 Simple Task Scheduling System | 2024-11-21 | N/A | 7.2 HIGH |
|
Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /categories/view_category.php.
|
|||||
| CVE-2022-36675 | 1 Simple Task Scheduling System Project | 1 Simple Task Scheduling System | 2024-11-21 | N/A | 7.2 HIGH |
|
Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /schedules/manage_schedule.php.
|
|||||
| CVE-2022-36674 | 1 Simple Task Scheduling System Project | 1 Simple Task Scheduling System | 2024-11-21 | N/A | 7.2 HIGH |
|
Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /schedules/view_schedule.php.
|
|||||
| CVE-2022-36669 | 1 Hospital Information System Project | 1 Hospital Information System | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Hospital Information System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
|
|||||
| CVE-2022-36636 | 1 Garage Management System Project | 1 Garage Management System | 2024-11-21 | N/A | 8.8 HIGH |
|
Garage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /print.php.
|
|||||
| CVE-2022-36635 | 1 Zkteco | 1 Zkbiosecurity V5000 | 2024-11-21 | N/A | 8.8 HIGH |
|
ZKteco ZKBioSecurity V5000 4.1.3 was discovered to contain a SQL injection vulnerability via the component /baseOpLog.do.
|
|||||
| CVE-2022-36609 | 1 Oretnom23 | 1 Clinic\'s Patient Management System | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Clinic's Patient Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /pms/update_patient.php.
|
|||||
| CVE-2022-36606 | 1 Yimihome | 1 Ywoa | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Ywoa before v6.1 was discovered to contain a SQL injection vulnerability via /oa/setup/checkPool?database.
|
|||||
| CVE-2022-36605 | 1 Yimihome | 1 Ywoa | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Yimioa v6.1 was discovered to contain a SQL injection vulnerability via the orderbyGET parameter.
|
|||||
| CVE-2022-36599 | 1 Mingsoft | 1 Mcms | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Mingsoft MCMS 5.2.8 was discovered to contain a SQL injection vulnerability in /mdiy/model/delete URI via models Lists.
|
|||||
| CVE-2022-36594 | 1 Mybatis | 1 Mapper | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Mapper v4.0.0 to v4.2.0 was discovered to contain a SQL injection vulnerability via the ids parameter at the selectByIds function.
|
|||||
| CVE-2022-36581 | 1 Online Ordering System Project | 1 Online Ordering System | 2024-11-21 | N/A | 7.5 HIGH |
|
Online Ordering System v2.3.2 was discovered to contain a SQL injection vulnerability via the user_email parameter at /admin/login.php.
|
|||||
| CVE-2022-36578 | 1 Jizhicms | 1 Jizhicms | 2024-11-21 | N/A | 9.8 CRITICAL |
|
jizhicms v2.3.1 has SQL injection in the background.
|
|||||
| CVE-2022-36529 | 1 Kensite Cms Project | 1 Kensite Cms | 2024-11-21 | N/A | 8.8 HIGH |
|
Kensite CMS v1.0 was discovered to contain multiple SQL injection vulnerabilities via the name and oldname parameters at /framework/mod/db/DBMapper.xml.
|
|||||
| CVE-2022-36394 | 1 Contest-gallery | 1 Contest Gallery | 2024-11-21 | N/A | 7.6 HIGH |
|
Authenticated (author+) SQL Injection (SQLi) vulnerability in Contest Gallery plugin <= 17.0.4 at WordPress.
|
|||||
| CVE-2022-36276 | 1 Tcman | 1 Gim | 2024-11-21 | N/A | 9.9 CRITICAL |
|
TCMAN GIM v8.0.1 is vulnerable to a SQL injection via the 'SqlWhere' parameter inside the function 'BuscarESM'. The exploitation of this vulnerability might allow a remote attacker to directly interact with the database.
|
|||||
| CVE-2022-36272 | 1 Mingsoft | 1 Mcms | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Mingsoft MCMS 5.2.8 was discovered to contain a SQL injection vulnerability in /mdiy/page/verify URI via fieldName parameter.
|
|||||
| CVE-2022-36259 | 1 Inventorymanagementsystem Project | 1 Inventorymanagementsystem | 2024-11-21 | N/A | 7.5 HIGH |
|
A SQL injection vulnerability in ConnectionFactory.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as "username", "password", etc.
|
|||||
| CVE-2022-36258 | 1 Inventorymanagementsystem Project | 1 Inventorymanagementsystem | 2024-11-21 | N/A | 7.5 HIGH |
|
A SQL injection vulnerability in CustomerDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as "searchTxt".
|
|||||
| CVE-2022-36257 | 1 Inventorymanagementsystem Project | 1 Inventorymanagementsystem | 2024-11-21 | N/A | 7.5 HIGH |
|
A SQL injection vulnerability in UserDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as "users", "pass", etc.
|
|||||
| CVE-2022-36256 | 1 Inventorymanagementsystem Project | 1 Inventorymanagementsystem | 2024-11-21 | N/A | 7.5 HIGH |
|
A SQL injection vulnerability in Stocks.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as "productcode".
|
|||||
| CVE-2022-36255 | 1 Inventorymanagementsystem Project | 1 Inventorymanagementsystem | 2024-11-21 | N/A | 7.5 HIGH |
|
A SQL injection vulnerability in SupplierDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as "searchTxt".
|
|||||
| CVE-2022-36242 | 1 Oretnom23 | 1 Clinic\'s Patient Management System | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Clinic's Patient Management System v1.0 is vulnerable to SQL Injection via /pms/update_medicine.php?id=.
|
|||||
| CVE-2022-36201 | 1 Doctor\'s Appointment System Project | 1 Doctor\'s Appointment System | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Doctor’s Appointment System v1.0 is vulnerable to Blind SQLi via settings.php.
|
|||||
| CVE-2022-36198 | 1 Phpgurukul | 1 Bus Pass Management System | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Multiple SQL injections detected in Bus Pass Management System 1.0 via buspassms/admin/view-enquiry.php, buspassms/admin/pass-bwdates-reports-details.php, buspassms/admin/changeimage.php, buspassms/admin/search-pass.php, buspassms/admin/edit-category-detail.php, and buspassms/admin/edit-pass-detail.php
|
|||||
| CVE-2022-36161 | 1 Garage Management System Project | 1 Garage Management System | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Orange Station 1.0 was discovered to contain a SQL injection vulnerability via the username parameter.
|
|||||
| CVE-2022-36030 | 1 Project-nexus Project | 1 Project-nexus | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Project-nexus is a general-purpose blog website framework. Affected versions are subject to SQL injection due to a lack of sensitization of user input. This issue has not yet been patched. Users are advised to restrict user input and to upgrade when a new release becomes available.
|
|||||
| CVE-2022-35956 | 1 Update By Case Project | 1 Update By Case | 2024-11-21 | N/A | 5.8 MEDIUM |
|
This Rails gem adds two methods to the ActiveRecord::Base class that allow you to update many records on a single database hit, using a case sql statement for it. Before version 0.1.3 `update_by_case` gem used custom sql strings, and it was not sanitized, making it vulnerable to sql injection. Upgrade to version >= 0.1.3 that uses `Arel` instead to construct the resulting sql statement, with sanitized sql.
|
|||||
| CVE-2022-35947 | 1 Glpi-project | 1 Glpi | 2024-11-21 | N/A | 10.0 CRITICAL |
|
GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. Affected versions have been found to be vulnerable to a SQL injection attack which an attacker could leverage to simulate an arbitrary user login. Users are advised to upgrade to version 10.0.3. Users unable to upgrade should disable the `Enable login with external token` API configuration.
|
|||||