Total
18012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-26284 | 1 Simple Client Management System Project | 1 Simple Client Management System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Simple Client Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the manage_client endpoint. This vulnerability allows attackers to dump the application's database via crafted HTTP requests.
|
|||||
| CVE-2022-26268 | 1 Xiaohuanxiong Project | 1 Xiaohuanxiong | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Xiaohuanxiong v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /app/controller/Books.php.
|
|||||
| CVE-2022-26266 | 1 Piwigo | 1 Piwigo | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
Piwigo v12.2.0 was discovered to contain a SQL injection vulnerability via pwg.users.php.
|
|||||
| CVE-2022-26245 | 1 Open-falcon | 1 Falcon-plus | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Falcon-plus v0.3 was discovered to contain a SQL injection vulnerability via the parameter grpName in /config/service/host.go.
|
|||||
| CVE-2022-26201 | 1 Victor Cms Project | 1 Victor Cms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Victor CMS v1.0 was discovered to contain a SQL injection vulnerability.
|
|||||
| CVE-2022-26171 | 1 Bank Management System Project | 1 Bank Management System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Bank Management System v1.o was discovered to contain a SQL injection vulnerability via the email parameter.
|
|||||
| CVE-2022-26170 | 1 Simple Mobile Comparison Website Project | 1 Simple Mobile Comparison Website | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Simple Mobile Comparison Website v1.0 was discovered to contain a SQL injection vulnerability via the search parameter.
|
|||||
| CVE-2022-26169 | 1 Air Cargo Management System Project | 1 Air Cargo Management System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Air Cargo Management System v1.0 was discovered to contain a SQL injection vulnerability via the ref_code parameter.
|
|||||
| CVE-2022-26120 | 1 Fortinet | 1 Fortiadc | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Multiple improper neutralization of special elements used in an SQL Command ('SQL Injection') vulnerabilities [CWE-89] in FortiADC management interface 7.0.0 through 7.0.1, 5.0.0 through 6.2.2 may allow an authenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests.
|
|||||
| CVE-2022-26116 | 1 Fortinet | 1 Fortinac | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
Multiple improper neutralization of special elements used in SQL commands ('SQL Injection') vulnerability [CWE-89] in FortiNAC version 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below, 8.7.6 and below, 8.8.11 and below, 9.1.5 and below, 9.2.2 and below may allow an authenticated attacker to execute unauthorized code or commands via specifically crafted strings parameters.
|
|||||
| CVE-2022-26069 | 1 Deltaww | 1 Diaenergie | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in HandlerPage_KID.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
|
|||||
| CVE-2022-26065 | 1 Deltaww | 1 Diaenergie | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in GetLatestDemandNode. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
|
|||||
| CVE-2022-26059 | 1 Deltaww | 1 Diaenergie | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in GetQueryData. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
|
|||||
| CVE-2022-26013 | 1 Deltaww | 1 Diaenergie | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in DIAE_dmdsetHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
|
|||||
| CVE-2022-25980 | 1 Deltaww | 1 Diaenergie | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in HandlerCommon.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
|
|||||
| CVE-2022-25880 | 1 Deltaww | 1 Diaenergie | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in HandlerTag_KID.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
|
|||||
| CVE-2022-25811 | 1 Transposh | 1 Transposh Wordpress Translation | 2024-11-21 | N/A | 7.2 HIGH |
|
The Transposh WordPress Translation WordPress plugin through 1.0.8 does not sanitise and escape the order and orderby parameters before using them in a SQL statement, leading to a SQL injection
|
|||||
| CVE-2022-25607 | 1 Foliovision | 1 Fv Flowplayer Video Player | 2024-11-21 | 6.5 MEDIUM | 6.6 MEDIUM |
|
Authenticated (author or higher user role) SQL Injection (SQLi) vulnerability discovered in FV Flowplayer Video Player WordPress plugin (versions <= 7.5.15.727).
|
|||||
| CVE-2022-25517 | 1 Baomidou | 1 Mybatis-plus | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
MyBatis plus v3.4.3 was discovered to contain a SQL injection vulnerability via the Column parameter in /core/conditions/AbstractWrapper.java. NOTE: the vendor's position is that the reported execution of a SQL statement was intended behavior.
|
|||||
| CVE-2022-25506 | 1 Freetakserver-ui Project | 1 Freetakserver-ui | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
FreeTAKServer-UI v1.9.8 was discovered to contain a SQL injection vulnerability via the API endpoint /AuthenticateUser.
|
|||||
| CVE-2022-25505 | 1 Taogogo | 1 Taocms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Taocms v3.0.2 was discovered to contain a SQL injection vulnerability via the id parameter in \include\Model\Category.php.
|
|||||
| CVE-2022-25494 | 1 Online Banking System Project | 1 Online Banking System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via staff_login.php.
|
|||||
| CVE-2022-25492 | 1 Hospital Management System Project | 1 Hospital Management System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
HMS v1.0 was discovered to contain a SQL injection vulnerability via the medicineid parameter in ajaxmedicine.php.
|
|||||
| CVE-2022-25491 | 1 Hospital Management System Project | 1 Hospital Management System | 2024-11-21 | 7.5 HIGH | 7.5 HIGH |
|
HMS v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in appointment.php.
|
|||||
| CVE-2022-25490 | 1 Hospital Management System Project | 1 Hospital Management System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
HMS v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in department.php.
|
|||||
| CVE-2022-25488 | 1 Thedigitalcraft | 1 Atomcms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Atom CMS v2.0 was discovered to contain a SQL injection vulnerability via the id parameter in /admin/ajax/avatar.php.
|
|||||
| CVE-2022-25406 | 1 Tongda2000 | 1 Tongda2000 | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Tongda2000 v11.10 was discovered to contain a SQL injection vulnerability in delete_query.php via the DELETE_STR parameter.
|
|||||
| CVE-2022-25405 | 1 Tongda2000 | 1 Tongda2000 | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Tongda2000 v11.10 was discovered to contain a SQL injection vulnerability in change_box.php via the DELETE_STR parameter.
|
|||||
| CVE-2022-25404 | 1 Tongda2000 | 1 Tongda2000 | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Tongda2000 v11.10 was discovered to contain a SQL injection vulnerability in delete.php via the DELETE_STR parameter.
|
|||||
| CVE-2022-25403 | 1 Hospital Management System Project | 1 Hospital Management System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
HMS v1.0 was discovered to contain a SQL injection vulnerability via the component admin.php.
|
|||||
| CVE-2022-25399 | 1 Simple Real Estate Portal System Project | 1 Simple Real Estate Portal System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Simple Real Estate Portal System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter.
|
|||||
| CVE-2022-25398 | 1 Auto Spare Parts Management Project | 1 Auto Spare Parts Management | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Auto Spare Parts Management v1.0 was discovered to contain a SQL injection vulnerability via the user parameter.
|
|||||
| CVE-2022-25396 | 1 Cosmetics And Beauty Product Online Store Project | 1 Cosmetics And Beauty Product Online Store | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Cosmetics and Beauty Product Online Store v1.0 was discovered to contain a SQL injection vulnerability via the search parameter.
|
|||||
| CVE-2022-25394 | 1 Medical Store Management System Project | 1 Medical Store Management System | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
Medical Store Management System v1.0 was discovered to contain a SQL injection vulnerability via the cid parameter under customer-add.php.
|
|||||
| CVE-2022-25393 | 1 Simple Bakery Shop Management Project | 1 Simple Bakery Shop Management | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Simple Bakery Shop Management v1.0 was discovered to contain a SQL injection vulnerability via the username parameter.
|
|||||
| CVE-2022-25322 | 1 Zerof | 1 Web Server | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
ZEROF Web Server 2.0 allows /HandleEvent SQL Injection.
|
|||||
| CVE-2022-25228 | 1 Auieo | 1 Candidats | 2024-11-21 | N/A | 6.5 MEDIUM |
|
CandidATS Version 3.0.0 Beta allows an authenticated user to inject SQL queries in '/index.php?m=settings&a=show' via the 'userID' parameter, in '/index.php?m=candidates&a=show' via the 'candidateID', in '/index.php?m=joborders&a=show' via the 'jobOrderID' and '/index.php?m=companies&a=show' via the 'companyID' parameter
|
|||||
| CVE-2022-25225 | 1 Softinventive | 1 Network Olympus | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
Network Olympus version 1.8.0 allows an authenticated admin user to inject SQL queries in '/api/eventinstance' via the 'sqlparameter' JSON parameter. It is also possible to achieve remote code execution in the default installation (PostgreSQL) by exploiting this issue.
|
|||||
| CVE-2022-25223 | 1 Money Transfer Management System Project | 1 Money Transfer Management System | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
Money Transfer Management System Version 1.0 allows an authenticated user to inject SQL queries in 'mtms/admin/?page=transaction/view_details' via the 'id' parameter.
|
|||||
| CVE-2022-25222 | 1 Money Transfer Management System Project | 1 Money Transfer Management System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Money Transfer Management System Version 1.0 allows an unauthenticated user to inject SQL queries in 'admin/maintenance/manage_branch.php' and 'admin/maintenance/manage_fee.php' via the 'id' parameter.
|
|||||