Total
18012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-34700 | 1 Microsoft | 1 Dynamics 365 | 2024-11-21 | N/A | 8.8 HIGH |
|
Microsoft Dynamics CRM (on-premises) Remote Code Execution Vulnerability
|
|||||
| CVE-2022-34652 | 1 Wwbn | 1 Avideo | 2024-11-21 | N/A | 8.8 HIGH |
|
A sql injection vulnerability exists in the ObjectYPT functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability.This vulnerability exists in the Live Schedules plugin, allowing an attacker to inject SQL by manipulating the description parameter.
|
|||||
| CVE-2022-34590 | 1 Hospital Management System Project | 1 Hospital Management System | 2024-11-21 | N/A | 7.2 HIGH |
|
Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in /HMS/admin.php.
|
|||||
| CVE-2022-34588 | 1 Advanced School Management System Project | 1 Advanced School Management System | 2024-11-21 | N/A | 8.8 HIGH |
|
itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via the grade parameter at /school/view/timetable_insert_form.php.
|
|||||
| CVE-2022-34586 | 1 Advanced School Management System Project | 1 Advanced School Management System | 2024-11-21 | N/A | 8.8 HIGH |
|
itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via the grade parameter at /school/view/student_grade_wise.php.
|
|||||
| CVE-2022-34557 | 1 Barangay Management System Project | 1 Barangay Management System | 2024-11-21 | N/A | 8.8 HIGH |
|
Barangay Management System v1.0 was discovered to contain a SQL injection vulnerability via the hidden_id parameter at /pages/permit/permit.php.
|
|||||
| CVE-2022-34265 | 1 Djangoproject | 1 Django | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0.6. The Trunc() and Extract() database functions are subject to SQL injection if untrusted data is used as a kind/lookup_name value. Applications that constrain the lookup name and kind choice to a known safe list are unaffected.
|
|||||
| CVE-2022-34132 | 1 Jorani | 1 Jorani | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Benjamin BALET Jorani v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at application/controllers/Leaves.php.
|
|||||
| CVE-2022-34042 | 1 Barangay Management System Project | 1 Barangay Management System | 2024-11-21 | N/A | 7.2 HIGH |
|
Barangay Management System v1.0 was discovered to contain a SQL injection vulnerability via the hidden_id parameter at /pages/household/household.php.
|
|||||
| CVE-2022-34023 | 1 Barangay Management System Project | 1 Barangay Management System | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Barangay Management System v1.0 was discovered to contain a SQL injection vulnerability via the hidden_id parameter at /officials/officials.php.
|
|||||
| CVE-2022-33965 | 1 Plugins-market | 1 Wp Visitor Statistics | 2024-11-21 | N/A | 9.3 CRITICAL |
|
Multiple Unauthenticated SQL Injection (SQLi) vulnerabilities in Osamaesh WP Visitor Statistics plugin <= 5.7 at WordPress.
|
|||||
| CVE-2022-33960 | 1 Supsystic | 1 Social Share Buttons | 2024-11-21 | N/A | 8.5 HIGH |
|
Multiple Authenticated (subscriber or higher user role) SQL Injection (SQLi) vulnerabilities in Social Share Buttons by Supsystic plugin <= 2.2.3 at WordPress.
|
|||||
| CVE-2022-33875 | 1 Fortinet | 1 Fortiadc | 2024-11-21 | N/A | 5.4 MEDIUM |
|
An improper neutralization of special elements used in an SQL Command ('SQL Injection') vulnerability in Fortinet FortiADC version 7.1.0, version 7.0.0 through 7.0.2 and version 6.2.4 and below allows an authenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests.
|
|||||
| CVE-2022-33171 | 1 Typeorm | 1 Typeorm | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The findOne function in TypeORM before 0.3.0 can either be supplied with a string or a FindOneOptions object. When input to the function is a user-controlled parsed JSON object, supplying a crafted FindOneOptions instead of an id string leads to SQL injection. NOTE: the vendor's position is that the user's application is responsible for input validation
|
|||||
| CVE-2022-33149 | 1 Wwbn | 1 Avideo | 2024-11-21 | N/A | 8.8 HIGH |
|
A sql injection vulnerability exists in the ObjectYPT functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability.This vulnerability exists in the CloneSite plugin, allowing an attacker to inject SQL by manipulating the url parameter.
|
|||||
| CVE-2022-33148 | 1 Wwbn | 1 Avideo | 2024-11-21 | N/A | 8.8 HIGH |
|
A sql injection vulnerability exists in the ObjectYPT functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability.This vulnerability exists in the Live Schedules plugin, allowing an attacker to inject SQL by manipulating the title parameter.
|
|||||
| CVE-2022-33147 | 1 Wwbn | 1 Avideo | 2024-11-21 | N/A | 8.8 HIGH |
|
A sql injection vulnerability exists in the ObjectYPT functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability.This vulnerability exists in the aVideoEncoder functionality which can be used to add new videos, allowing an attacker to inject SQL by manipulating the videoDownloadedLink or duration parameter.
|
|||||
| CVE-2022-33128 | 1 Ruijienetworks | 2 Rg-eg350, Rg-eg350 Firmware | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
|
RG-EG series gateway EG350 EG_RGOS 11.1(6) was discovered to contain a SQL injection vulnerability via the function get_alarmAction at /alarm_pi/alarmService.php.
|
|||||
| CVE-2022-33114 | 1 Jflyfox | 1 Jfinal Cms | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
Jfinal CMS v5.1.0 was discovered to contain a SQL injection vulnerability via the attrVal parameter at /jfinal_cms/system/dict/list.
|
|||||
| CVE-2022-33097 | 1 74cms | 1 74cmsse | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability via the keyword parameter at /home/campus/campus_job.
|
|||||
| CVE-2022-33096 | 1 74cms | 1 74cmsse | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability via the keyword parameter at /home/resume/index.
|
|||||
| CVE-2022-33095 | 1 74cms | 1 74cmsse | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability via the keyword parameter at /home/jobfairol/resumelist.
|
|||||
| CVE-2022-33094 | 1 74cms | 1 74cmsse | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability via the keyword parameter at /home/job/map.
|
|||||
| CVE-2022-33093 | 1 74cms | 1 74cmsse | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability via the key parameter at /freelance/resume_list.
|
|||||
| CVE-2022-33092 | 1 74cms | 1 74cmsse | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability via the keyword parameter at /home/job/index.
|
|||||
| CVE-2022-33061 | 1 Online Railway Reservation System Project | 1 Online Railway Reservation System | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_service.
|
|||||
| CVE-2022-33060 | 1 Online Railway Reservation System Project | 1 Online Railway Reservation System | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_schedule.
|
|||||
| CVE-2022-33059 | 1 Online Railway Reservation System Project | 1 Online Railway Reservation System | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_train.
|
|||||
| CVE-2022-33058 | 1 Online Railway Reservation System Project | 1 Online Railway Reservation System | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_message.
|
|||||
| CVE-2022-33057 | 1 Online Railway Reservation System Project | 1 Online Railway Reservation System | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_reservation.
|
|||||
| CVE-2022-33056 | 1 Online Railway Reservation System Project | 1 Online Railway Reservation System | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /orrs/admin/schedules/manage_schedule.php.
|
|||||
| CVE-2022-33055 | 1 Online Railway Reservation System Project | 1 Online Railway Reservation System | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /orrs/admin/trains/manage_train.php.
|
|||||
| CVE-2022-33049 | 1 Online Railway Reservation System Project | 1 Online Railway Reservation System | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /orrs/admin/?page=user/manage_user.
|
|||||
| CVE-2022-33048 | 1 Online Railway Reservation System Project | 1 Online Railway Reservation System | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /orrs/admin/reservations/view_details.php.
|
|||||
| CVE-2022-33042 | 1 Online Railway Reservation System Project | 1 Online Railway Reservation System | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/inquiries/view_details.php.
|
|||||
| CVE-2022-32992 | 1 Online Tours And Travels Management System Project | 1 Online Tours And Travels Management System | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
Online Tours And Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the tname parameter at /admin/operations/tax.php.
|
|||||
| CVE-2022-32991 | 1 Web Based Quiz System Project | 1 Web Based Quiz System | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
Web Based Quiz System v1.0 was discovered to contain a SQL injection vulnerability via the eid parameter at welcome.php.
|
|||||
| CVE-2022-32964 | 1 Omicard Edm Project | 1 Omicard Edm | 2024-11-21 | N/A | 9.8 CRITICAL |
|
OMICARD EDM’s API function has insufficient validation for user input. An unauthenticated remote attacker can inject arbitrary SQL commands to access, modify, delete database or disrupt service.
|
|||||
| CVE-2022-32456 | 1 Digiwin | 1 Business Process Management | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Digiwin BPM’s function has insufficient validation for user input. An unauthenticated remote attacker can inject arbitrary SQL command to access, modify, delete database or disrupt service.
|
|||||
| CVE-2022-32416 | 1 Product Show Room Site Project | 1 Product Show Room Site | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/classes/Master.php?f=delete_product.
|
|||||