Total
18012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-35946 | 1 Glpi-project | 1 Glpi | 2024-11-21 | N/A | 5.5 MEDIUM |
|
GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In affected versions request input is not properly validated in the plugin controller and can be used to access low-level API of Plugin class. An attacker can, for instance, alter database data. Attacker must have "General setup" update rights to be able to perform this attack. Users are advised to upgra ...
Show More |
|||||
| CVE-2022-35942 | 1 Linuxfoundation | 1 Loopback-connector-postgresql | 2024-11-21 | N/A | 9.3 CRITICAL |
|
Improper input validation on the `contains` LoopBack filter may allow for arbitrary SQL injection. When the extended filter property `contains` is permitted to be interpreted by the Postgres connector, it is possible to inject arbitrary SQL which may affect the confidentiality and integrity of data stored on the connected database. A patch was released in version 5.5.1. This affects users who does any of the following: - Connect to the database via the DataSource with `allowExtendedProperties: t ...
Show More |
|||||
| CVE-2022-35864 | 1 Bmc | 1 Track-it\! | 2024-11-21 | N/A | 6.5 MEDIUM |
|
This vulnerability allows remote attackers to disclose sensitive information on affected installations of BMC Track-It! 20.21.02.109. Authentication is required to exploit this vulnerability. The specific flaw exists within the GetPopupSubQueryDetails endpoint. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CA ...
Show More |
|||||
| CVE-2022-35628 | 1 In2code | 1 Living User Experience | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
A SQL injection issue was discovered in the lux extension before 17.6.1, and 18.x through 24.x before 24.0.2, for TYPO3.
|
|||||
| CVE-2022-35606 | 1 Inventorymanagementsystem Project | 1 Inventorymanagementsystem | 2024-11-21 | N/A | 9.8 CRITICAL |
|
A SQL injection vulnerability in CustomerDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameter 'customerCode.'
|
|||||
| CVE-2022-35605 | 1 Inventorymanagementsystem Project | 1 Inventorymanagementsystem | 2024-11-21 | N/A | 9.8 CRITICAL |
|
A SQL injection vulnerability in UserDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as 'users', 'pass', etc.
|
|||||
| CVE-2022-35603 | 1 Inventorymanagementsystem Project | 1 Inventorymanagementsystem | 2024-11-21 | N/A | 9.8 CRITICAL |
|
A SQL injection vulnerability in CustomerDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via parameter searchTxt.
|
|||||
| CVE-2022-35602 | 1 Inventorymanagementsystem Project | 1 Inventorymanagementsystem | 2024-11-21 | N/A | 9.8 CRITICAL |
|
A SQL injection vulnerability in UserDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via parameter user.
|
|||||
| CVE-2022-35601 | 1 Inventorymanagementsystem Project | 1 Inventorymanagementsystem | 2024-11-21 | N/A | 9.8 CRITICAL |
|
A SQL injection vulnerability in SupplierDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via parameter searchTxt.
|
|||||
| CVE-2022-35599 | 1 Inventorymanagementsystem Project | 1 Inventorymanagementsystem | 2024-11-21 | N/A | 9.8 CRITICAL |
|
A SQL injection vulnerability in Stocks.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via parameter productcode.
|
|||||
| CVE-2022-35598 | 1 Inventorymanagementsystem Project | 1 Inventorymanagementsystem | 2024-11-21 | N/A | 9.8 CRITICAL |
|
A SQL injection vulnerability in ConnectionFactoryDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via parameter username.
|
|||||
| CVE-2022-35422 | 1 Web Based Quiz System Project | 1 Web Based Quiz System | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Web Based Quiz System v1.0 was discovered to contain a SQL injection vulnerability via the qid parameter at update.php.
|
|||||
| CVE-2022-35421 | 1 Online Tours And Travels Management System Project | 1 Online Tours And Travels Management System | 2024-11-21 | N/A | 7.2 HIGH |
|
Online Tours And Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the pname parameter at /admin/operations/packages.php.
|
|||||
| CVE-2022-35193 | 1 Testlink | 1 Testlink | 2024-11-21 | N/A | 7.2 HIGH |
|
TestLink v1.9.20 was discovered to contain a SQL injection vulnerability via /lib/execute/execNavigator.php.
|
|||||
| CVE-2022-35175 | 1 Barangay Management System Project | 1 Barangay Management System | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Barangay Management System v1.0 was discovered to contain a SQL injection vulnerability via the hidden_id parameter at /blotter/blotter.php.
|
|||||
| CVE-2022-35154 | 1 Shopro | 1 Mall System | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Shopro Mall System v1.3.8 was discovered to contain a SQL injection vulnerability via the value parameter.
|
|||||
| CVE-2022-35148 | 1 Maccms | 1 Maccms | 2024-11-21 | N/A | 6.5 MEDIUM |
|
maccms10 v2021.1000.1081 to v2022.1000.3031 was discovered to contain a SQL injection vulnerability via the table parameter at database/columns.html.
|
|||||
| CVE-2022-35121 | 1 Xxyopen | 1 Novel-plus | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Novel-Plus v3.6.1 was discovered to contain a SQL injection vulnerability via the keyword parameter at /service/impl/BookServiceImpl.java.
|
|||||
| CVE-2022-35115 | 1 Icewarp | 1 Webclient Dc2 | 2024-11-21 | N/A | 9.8 CRITICAL |
|
IceWarp WebClient DC2 - Update 2 Build 9 (13.0.2.9) was discovered to contain a SQL injection vulnerability via the search parameter at /webmail/server/webmail.php.
|
|||||
| CVE-2022-34989 | 1 Fruits Bazar Project | 1 Fruits Bazar | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Fruits Bazar v1.0 was discovered to contain a SQL injection vulnerability via the recover_email parameter at user_password_recover.php.
|
|||||
| CVE-2022-34972 | 1 So Filter Shop By Project | 1 So Filter Shop By | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
So Filter Shop v3.x was discovered to contain multiple blind SQL injection vulnerabilities via the att_value_id , manu_value_id , opt_value_id , and subcate_value_id parameters at /index.php?route=extension/module/so_filter_shop_by/filter_data.
|
|||||
| CVE-2022-34968 | 1 Percona | 1 Percona Server | 2024-11-21 | N/A | 7.5 HIGH |
|
An issue in the fetch_step function in Percona Server for MySQL v8.0.28-19 allows attackers to cause a Denial of Service (DoS) via a SQL query.
|
|||||
| CVE-2022-34956 | 1 Pligg | 1 Pligg Cms | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Pligg CMS v2.0.2 was discovered to contain a time-based SQL injection vulnerability via the page_size parameter at load_data_for_groups.php.
|
|||||
| CVE-2022-34955 | 1 Pligg | 1 Pligg Cms | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Pligg CMS v2.0.2 was discovered to contain a time-based SQL injection vulnerability via the page_size parameter at load_data_for_topusers.php.
|
|||||
| CVE-2022-34954 | 1 Phptpoint | 1 Pharmacy Management System | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at invoiceprint.php.
|
|||||
| CVE-2022-34953 | 1 Phptpoint | 1 Pharmacy Management System | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the startDate parameter at getOrderReport.php.
|
|||||
| CVE-2022-34952 | 1 Phptpoint | 1 Pharmacy Management System | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at edituser.php.
|
|||||
| CVE-2022-34951 | 1 Phptpoint | 1 Pharmacy Management System | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the startDate parameter at getsalereport.php.
|
|||||
| CVE-2022-34950 | 1 Pharmacy Management System Project | 1 Pharmacy Management System | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at editproduct.php.
|
|||||
| CVE-2022-34949 | 1 Pharmacy Management System Project | 1 Pharmacy Management System | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Pharmacy Management System v1.0 was discovered to contain multiple SQL injection vulnerabilities via the email or password parameter at login.php.
|
|||||
| CVE-2022-34948 | 1 Pharmacy Management System Project | 1 Pharmacy Management System | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at editbrand.php.
|
|||||
| CVE-2022-34947 | 1 Pharmacy Management System Project | 1 Pharmacy Management System | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at editcategory.php.
|
|||||
| CVE-2022-34946 | 1 Pharmacy Management System Project | 1 Pharmacy Management System | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the startDate parameter at getexpproduct.php.
|
|||||
| CVE-2022-34945 | 1 Pharmacy Management System Project | 1 Pharmacy Management System | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the startDate parameter at getproductreport.php.
|
|||||
| CVE-2022-34928 | 1 Jflyfox | 1 Jfinal Cms | 2024-11-21 | N/A | 8.8 HIGH |
|
JFinal CMS v5.1.0 was discovered to contain a SQL injection vulnerability via /system/user.
|
|||||
| CVE-2022-34878 | 1 Vicidial | 1 Vicidial | 2024-11-21 | 9.0 HIGH | 5.5 MEDIUM |
|
SQL Injection vulnerability in User Stats interface (/vicidial/user_stats.php) of VICIdial via the file_download parameter allows attacker to spoof identity, tamper with existing data, allow the complete disclosure of all data on the system, destroy the data or make it otherwise unavailable, and become administrators of the database server.
|
|||||
| CVE-2022-34877 | 1 Vicidial | 1 Vicidial | 2024-11-21 | 9.0 HIGH | 6.4 MEDIUM |
|
SQL Injection vulnerability in AST Agent Time Sheet interface ((/vicidial/AST_agent_time_sheet.php) of VICIdial via the agent parameter allows attacker to spoof identity, tamper with existing data, allow the complete disclosure of all data on the system, destroy the data or make it otherwise unavailable, and become administrators of the database server. This issue affects: VICIdial 2.14b0.5 versions prior to 3555.
|
|||||
| CVE-2022-34876 | 1 Vicidial | 1 Vicidial | 2024-11-21 | 8.5 HIGH | 5.5 MEDIUM |
|
SQL Injection vulnerability in admin interface (/vicidial/admin.php) of VICIdial via modify_email_accounts, access_recordings, and agentcall_email parameters allows attacker to spoof identity, tamper with existing data, allow the complete disclosure of all data on the system, destroy the data or make it otherwise unavailable, and become administrators of the database server. This issue affects: VICIdial 2.14b0.5 versions prior to 3555.
|
|||||
| CVE-2022-34872 | 1 Centreon | 1 Centreon | 2024-11-21 | N/A | 6.5 MEDIUM |
|
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of Virtual Metrics. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-16336.
|
|||||
| CVE-2022-34871 | 1 Centreon | 1 Centreon | 2024-11-21 | N/A | 7.2 HIGH |
|
This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the configuration of poller resources. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to escalate privileges to the level of an administrator. Was ZDI-CAN-16335.
|
|||||