Total
18012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-22495 | 1 Ibm | 1 I | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
IBM i 7.3, 7.4, and 7.5 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 226941.
|
|||||
| CVE-2022-22463 | 1 Ibm | 1 Security Verify Access | 2024-11-21 | 6.4 MEDIUM | 6.5 MEDIUM |
|
IBM Security Access Manager Appliance 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 225079.
|
|||||
| CVE-2022-22413 | 1 Ibm | 1 Robotic Process Automation | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 223022.
|
|||||
| CVE-2022-22389 | 4 Ibm, Linux, Microsoft and 1 more | 4 Db2, Linux Kernel, Windows and 1 more | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may terminate abnormally when executing specially crafted SQL statements by an authenticated user. IBM X-Force ID: 2219740.
|
|||||
| CVE-2022-22338 | 1 Ibm | 1 Sterling B2b Integrator | 2024-11-21 | N/A | 6.3 MEDIUM |
|
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 219510.
|
|||||
| CVE-2022-22295 | 1 Metinfo | 1 Metinfo | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Metinfo v7.5.0 was discovered to contain a SQL injection vulnerability in parameter_admin.class.php via the table_para parameter.
|
|||||
| CVE-2022-22294 | 1 Zfaka Project | 1 Zfaka | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
A SQL injection vulnerability exists in ZFAKA<=1.43 which an attacker can use to complete SQL injection in the foreground and add a background administrator account.
|
|||||
| CVE-2022-22280 | 1 Sonicwall | 2 Analytics, Global Management System | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Improper Neutralization of Special Elements used in an SQL Command leading to Unauthenticated SQL Injection vulnerability, impacting SonicWall GMS 9.3.1-SP2-Hotfix1, Analytics On-Prem 2.5.0.3-2520 and earlier versions.
|
|||||
| CVE-2022-22149 | 1 Lansweeper | 1 Lansweeper | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
A SQL injection vulnerability exists in the HelpdeskEmailActions.aspx functionality of Lansweeper lansweeper 9.1.20.2. A specially-crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.
|
|||||
| CVE-2022-22055 | 1 Le-yan Dental Management System Project | 1 Le-yan Dental Management System | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
The Le-yan dental management system contains an SQL-injection vulnerability. An unauthenticated remote attacker can inject SQL commands into the input field of the login page to acquire administrator’s privilege and perform arbitrary operations on the system or disrupt service.
|
|||||
| CVE-2022-21666 | 1 Useful Simple Open-source Cms Project | 1 Useful Simple Open-source Cms | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
Useful Simple Open-Source CMS (USOC) is a content management system (CMS) for programmers. Versions prior to Pb2.4Bfx3 allowed Sql injection in usersearch.php only for users with administrative privileges. Users should replace the file `admin/pages/useredit.php` with a newer version. USOC version Pb2.4Bfx3 contains a fixed version of `admin/pages/useredit.php`.
|
|||||
| CVE-2022-21664 | 3 Debian, Fedoraproject, Wordpress | 3 Debian Linux, Fedora, Wordpress | 2024-11-21 | 6.5 MEDIUM | 7.4 HIGH |
|
WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Due to lack of proper sanitization in one of the classes, there's potential for unintended SQL queries to be executed. This has been patched in WordPress version 5.8.3. Older affected versions are also fixed via security release, that go back till 4.1.34. We strongly recommend that you keep auto-updates enabled. There are no known workarounds for this issue.
|
|||||
| CVE-2022-21644 | 1 Useful Simple Open-source Cms Project | 1 Useful Simple Open-source Cms | 2024-11-21 | 6.5 MEDIUM | 9.1 CRITICAL |
|
USOC is an open source CMS with a focus on simplicity. In affected versions USOC allows for SQL injection via usersearch.php. In search terms provided by the user were not sanitized and were used directly to construct a sql statement. The only users permitted to search are site admins. Users are advised to upgrade as soon as possible. There are not workarounds for this issue.
|
|||||
| CVE-2022-21643 | 1 Useful Simple Open-source Cms Project | 1 Useful Simple Open-source Cms | 2024-11-21 | 7.5 HIGH | 10.0 CRITICAL |
|
USOC is an open source CMS with a focus on simplicity. In affected versions USOC allows for SQL injection via register.php. In particular usernames, email addresses, and passwords provided by the user were not sanitized and were used directly to construct a sql statement. Users are advised to upgrade as soon as possible. There are not workarounds for this issue.
|
|||||
| CVE-2022-21234 | 1 Lansweeper | 1 Lansweeper | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
An SQL injection vulnerability exists in the EchoAssets.aspx functionality of Lansweeper lansweeper 9.1.20.2. A specially-crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.
|
|||||
| CVE-2022-21210 | 1 Lansweeper | 1 Lansweeper | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
An SQL injection vulnerability exists in the AssetActions.aspx functionality of Lansweeper lansweeper 9.1.20.2. A specially-crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.
|
|||||
| CVE-2022-21176 | 1 Airspan | 9 A5x, A5x Firmware, C5c and 6 more | 2024-11-21 | 5.0 MEDIUM | 8.6 HIGH |
|
MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not properly sanitize user input, which may allow an attacker to perform a SQL injection and obtain sensitive information.
|
|||||
| CVE-2022-20867 | 1 Cisco | 3 Asyncos, Secure Email And Web Manager, Secure Email Gateway | 2024-11-21 | N/A | 5.4 MEDIUM |
|
A vulnerability in web-based management interface of the of Cisco Email Security Appliance and Cisco Secure Email and Web Manager could allow an authenticated, remote attacker to conduct SQL injection attacks as root on an affected system. The attacker must have the credentials of a high-privileged user account.
This vulnerability is due to improper validation of user-submitted parameters. An attacker could exploit this vulnerability by authenticating to the application and sending malicious ...
Show More |
|||||
| CVE-2022-20786 | 1 Cisco | 1 Unified Communications Manager Im And Presence Service | 2024-11-21 | 5.5 MEDIUM | 5.4 MEDIUM |
|
A vulnerability in the web-based management interface of Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability is due to improper validation of user-submitted parameters. An attacker could exploit this vulnerability by authenticating to the application and sending malicious requests to an affected system. A successful exploit could allow the atta ...
Show More |
|||||
| CVE-2022-20351 | 1 Google | 1 Android | 2024-11-21 | N/A | 5.5 MEDIUM |
|
In queryInternal of CallLogProvider.java, there is a possible access to voicemail information due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-224771921
|
|||||
| CVE-2022-20280 | 1 Google | 1 Android | 2024-11-21 | N/A | 3.3 LOW |
|
In MMSProvider, there is a possible read of protected data due to improper input validationSQL injection. This could lead to local information disclosure of sms/mms data with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-204117261
|
|||||
| CVE-2022-1950 | 1 Kainelabs | 1 Youzify | 2024-11-21 | N/A | 9.8 CRITICAL |
|
The Youzify WordPress plugin before 1.2.0 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to an unauthenticated SQL injection
|
|||||
| CVE-2022-1905 | 1 E-dynamics | 1 Events Made Easy | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The Events Made Easy WordPress plugin before 2.2.81 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection
|
|||||
| CVE-2022-1883 | 1 Camptocamp | 1 Terraboard | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
SQL Injection in GitHub repository camptocamp/terraboard prior to 2.2.0.
|
|||||
| CVE-2022-1839 | 1 Home Clean Services Management System Project | 1 Home Clean Services Management System | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
|
A vulnerability classified as critical was found in Home Clean Services Management System 1.0. This vulnerability affects the file login.php. The manipulation of the argument email with the input admin%'/**/AND/**/(SELECT/**/5383/**/FROM/**/(SELECT(SLEEP(2)))JPeh)/**/AND/**/'frfq%'='frfq leads to sql injection. The attack can be initiated remotely but it requires authentication. Exploit details have been disclosed to the public.
|
|||||
| CVE-2022-1838 | 1 Home Clean Services Management System Project | 1 Home Clean Services Management System | 2024-11-21 | 6.5 MEDIUM | 4.7 MEDIUM |
|
A vulnerability classified as critical has been found in Home Clean Services Management System 1.0. This affects an unknown part of admin/login.php. The manipulation of the argument username with the input admin%'/**/AND/**/(SELECT/**/5383/**/FROM/**/(SELECT(SLEEP(5)))JPeh)/**/AND/**/'frfq%'='frfq leads to sql injection. It is possible to initiate the attack remotely but it requires authentication. Exploit details have been disclosed to the public.
|
|||||
| CVE-2022-1800 | 1 Soflyy | 1 Export Any Wordpress Data To Xml\/csv | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
The Export any WordPress data to XML/CSV WordPress plugin before 1.3.5 does not sanitize the cpt POST parameter when exporting post data before using it in a database query, leading to an SQL injection vulnerability.
|
|||||
| CVE-2022-1731 | 1 Allgeier | 1 Metasonic Doc Webclient | 2024-11-21 | 6.8 MEDIUM | 9.8 CRITICAL |
|
Metasonic Doc WebClient 7.0.14.0 / 7.0.12.0 / 7.0.3.0 is vulnerable to a SQL injection attack in the username field. SSO or System authentication are required to be enabled for vulnerable conditions to exist.
|
|||||
| CVE-2022-1692 | 1 Dwbooster | 1 Cp Image Store With Slideshow | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The CP Image Store with Slideshow WordPress plugin before 1.0.68 does not sanitise and escape the ordering_by query parameter before using it in a SQL statement in pages where the [codepeople-image-store] is embed, allowing unauthenticated users to perform an SQL injection attack
|
|||||
| CVE-2022-1691 | 1 Realtyworkstation | 1 Realty Workstation | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
|
The Realty Workstation WordPress plugin before 1.0.15 does not sanitise and escape the trans_edit parameter before using it in a SQL statement when an agent edit a transaction, leading to an SQL injection
|
|||||
| CVE-2022-1690 | 1 Datainterlock | 1 Note Press | 2024-11-21 | 4.0 MEDIUM | 2.7 LOW |
|
The Note Press WordPress plugin through 0.1.10 does not sanitise and escape the ids from the bulk actions before using them in a SQL statement in an admin page, leading to an SQL injection
|
|||||
| CVE-2022-1689 | 1 Datainterlock | 1 Note Press | 2024-11-21 | 4.0 MEDIUM | 2.7 LOW |
|
The Note Press WordPress plugin through 0.1.10 does not sanitise and escape the Update parameter before using it in a SQL statement when updating a note via the admin dashboard, leading to an SQL injection
|
|||||
| CVE-2022-1688 | 1 Datainterlock | 1 Note Press | 2024-11-21 | 4.0 MEDIUM | 2.7 LOW |
|
The Note Press WordPress plugin through 0.1.10 does not sanitise and escape the id parameter before using it in various SQL statement via the admin dashboard, leading to SQL Injections
|
|||||
| CVE-2022-1687 | 1 Logo Slider Project | 1 Logo Slider | 2024-11-21 | 4.0 MEDIUM | 2.7 LOW |
|
The Logo Slider WordPress plugin through 1.4.8 does not sanitise and escape the lsp_slider_id parameter before using it in a SQL statement via the Manage Slider Images admin page, leading to an SQL Injection
|
|||||
| CVE-2022-1686 | 1 Five Minute Webshop Project | 1 Five Minute Webshop | 2024-11-21 | 4.0 MEDIUM | 2.7 LOW |
|
The Five Minute Webshop WordPress plugin through 1.3.2 does not sanitise and escape the id parameter before using it in a SQL statement when editing a product via the admin dashboard, leading to an SQL Injection
|
|||||
| CVE-2022-1685 | 1 Five Minute Webshop Project | 1 Five Minute Webshop | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
|
The Five Minute Webshop WordPress plugin through 1.3.2 does not properly validate and sanitise the orderby parameter before using it in a SQL statement via the Manage Products admin page, leading to an SQL Injection
|
|||||
| CVE-2022-1684 | 1 Webpsilon | 1 Cube Slider | 2024-11-21 | 4.0 MEDIUM | 2.7 LOW |
|
The Cube Slider WordPress plugin through 1.2 does not sanitise and escape the idslider parameter before using it in various SQL queries, leading to SQL Injections exploitable by high privileged users such as admin
|
|||||
| CVE-2022-1683 | 1 Amtythumb Project | 1 Amtythumb | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
The amtyThumb WordPress plugin through 4.2.0 does not sanitise and escape a parameter before using it in a SQL statement via its shortcode, leading to an SQL injection and is exploitable by any authenticated user (and not just Author+ like the original advisory mention) due to the fact that they can execute shortcodes via an AJAX action
|
|||||
| CVE-2022-1556 | 1 Era404 | 1 Stafflist | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The StaffList WordPress plugin before 3.1.5 does not properly sanitise and escape a parameter before using it in a SQL statement when searching for Staff in the admin dashboard, leading to an SQL Injection
|
|||||
| CVE-2022-1552 | 1 Postgresql | 1 Postgresql | 2024-11-21 | N/A | 8.8 HIGH |
|
A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pg_amcheck commands activated relevant protections too late or not at all during the process. This flaw allows an attacker with permission to create non-temporary objects in at least one schema to execute arbitrary SQL functions under a superuser identity.
|
|||||