Total
11593 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-4592 | 1 Crmx Project | 1 Crmx | 2023-11-07 | N/A | 9.8 CRITICAL |
| A vulnerability was found in luckyshot CRMx and classified as critical. This issue affects the function get/save/delete/comment/commentdelete of the file index.php. The manipulation leads to sql injection. The attack may be initiated remotely. The name of the patch is 8c62d274986137d6a1d06958a6f75c3553f45f8f. It is recommended to apply a patch to fix this issue. The identifier VDB-216185 was assigned to this vulnerability. | |||||
| CVE-2022-4566 | 1 Ruoyi | 1 Ruoyi | 2023-11-07 | N/A | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, has been found in y_project RuoYi 4.7.5. This issue affects some unknown processing of the file com/ruoyi/generator/controller/GenController. The manipulation leads to sql injection. The name of the patch is 167970e5c4da7bb46217f576dc50622b83f32b40. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-215975. | |||||
| CVE-2022-4547 | 1 Thedotstore | 1 Conditional Payment Methods For Woocommerce | 2023-11-07 | N/A | 7.2 HIGH |
| The Conditional Payment Methods for WooCommerce WordPress plugin through 1.0 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by [high privilege users such as admin|users with a role as low as admin. | |||||
| CVE-2022-4546 | 1 Conceptbeans | 1 Mapwiz | 2023-11-07 | N/A | 7.2 HIGH |
| The Mapwiz WordPress plugin through 1.0.1 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin. | |||||
| CVE-2022-4454 | 1 M0ver | 1 Bible-online | 2023-11-07 | N/A | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, has been found in m0ver bible-online. Affected by this issue is the function query of the file src/main/java/custom/application/search.java of the component Search Handler. The manipulation leads to sql injection. The name of the patch is 6ef0aabfb2d4ccd53fcaa9707781303af357410e. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-215444. | |||||
| CVE-2022-4416 | 1 Mxsdoc Project | 1 Mxsdoc | 2023-11-07 | N/A | 8.8 HIGH |
| A vulnerability was found in RainyGao DocSys. It has been declared as critical. This vulnerability affects the function getReposAllUsers of the file /DocSystem/Repos/getReposAllUsers.do. The manipulation of the argument searchWord/reposId leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-215278 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-4403 | 1 Canteen Management System Project | 1 Canteen Management System | 2023-11-07 | N/A | 8.8 HIGH |
| A vulnerability classified as critical was found in SourceCodester Canteen Management System. This vulnerability affects unknown code of the file ajax_represent.php. The manipulation of the argument customer_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-215272. | |||||
| CVE-2022-4399 | 1 Nodau Project | 1 Nodau | 2023-11-07 | N/A | 9.8 CRITICAL |
| A vulnerability was found in TicklishHoneyBee nodau. It has been rated as critical. Affected by this issue is some unknown functionality of the file src/db.c. The manipulation of the argument value/name leads to sql injection. The name of the patch is 7a7d737a3929f335b9717ddbd31db91151b69ad2. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-215252. | |||||
| CVE-2022-4375 | 1 Mingsoft | 1 Mcms | 2023-11-07 | N/A | 9.8 CRITICAL |
| A vulnerability was found in Mingsoft MCMS up to 5.2.9. It has been classified as critical. Affected is an unknown function of the file /cms/category/list. The manipulation of the argument sqlWhere leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 5.2.10 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-215196. | |||||
| CVE-2022-4360 | 1 Wp Rss By Publishers Project | 1 Wp Rss By Publishers | 2023-11-07 | N/A | 7.2 HIGH |
| The WP RSS By Publishers WordPress plugin through 0.1 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin | |||||
| CVE-2022-4322 | 1 Maku | 1 Maku-boot | 2023-11-07 | N/A | 7.2 HIGH |
| A vulnerability, which was classified as critical, was found in maku-boot up to 2.2.0. This affects the function doExecute of the file AbstractScheduleJob.java of the component Scheduled Task Handler. The manipulation leads to injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 446eb7294332efca2bfd791bc37281cedac0d0ff. It is recommended to apply a patch to fix this issue. The identifier VDB-215013 was assigned to this vulnerability. | |||||
| CVE-2022-4290 | 1 Cyr To Lat Project | 1 Cyr To Lat | 2023-11-07 | N/A | 8.8 HIGH |
| The Cyr to Lat plugin for WordPress is vulnerable to authenticated SQL Injection via the 'ctl_sanitize_title' function in versions up to, and including, 3.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This potentially allows authenticated users with the ability to add or modify terms or tags to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. A partial patch became available in version 3.6 and the issue was fully patched in version 3.7. | |||||
| CVE-2022-4275 | 1 House Rental System Project | 1 House Rental System | 2023-11-07 | N/A | 9.8 CRITICAL |
| A vulnerability has been found in House Rental System and classified as critical. Affected by this vulnerability is an unknown functionality of the file search-property.php of the component POST Request Handler. The manipulation of the argument search_property leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214771. | |||||
| CVE-2022-4274 | 1 House Rental System Project | 1 House Rental System | 2023-11-07 | N/A | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, was found in House Rental System. Affected is an unknown function of the file /view-property.php. The manipulation of the argument property_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-214770 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-4230 | 1 Veronalabs | 1 Wp Statistics | 2023-11-07 | N/A | 8.8 HIGH |
| The WP Statistics WordPress plugin before 13.2.9 does not escape a parameter, which could allow authenticated users to perform SQL Injection attacks. By default, the affected feature is available to users with the manage_options capability (admin+), however the plugin has a settings to allow low privilege users to access it as well. | |||||
| CVE-2022-4222 | 1 Canteen Management System Project | 1 Canteen Management System | 2023-11-07 | N/A | 9.8 CRITICAL |
| A vulnerability was found in SourceCodester Canteen Management System. It has been rated as critical. This issue affects the function query of the file ajax_invoice.php of the component POST Request Handler. The manipulation of the argument search leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214523. | |||||
| CVE-2022-4161 | 1 Contest-gallery | 1 Contest Gallery | 2023-11-07 | N/A | 6.5 MEDIUM |
| The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cg_copy_start POST parameter before concatenating it to an SQL query in copy-gallery-images.php. This may allow malicious users with at least author privilege to leak sensitive information from the site's database. | |||||
| CVE-2022-4151 | 1 Contest-gallery | 1 Contest Gallery | 2023-11-07 | N/A | 6.5 MEDIUM |
| The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the option_id GET parameter before concatenating it to an SQL query in export-images-data.php. This may allow malicious users with at least author privilege to leak sensitive information from the site's database. | |||||
| CVE-2022-4088 | 1 Stock Management System Project | 1 Stock Management System | 2023-11-07 | N/A | 9.8 CRITICAL |
| A vulnerability was found in rickxy Stock Management System and classified as critical. Affected by this issue is some unknown functionality of the file /pages/processlogin.php. The manipulation of the argument user/password leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-214322 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-4059 | 1 Blocksera | 1 Cryptocurrency Widgets Pack | 2023-11-07 | N/A | 9.8 CRITICAL |
| The Cryptocurrency Widgets Pack WordPress plugin before 2.0 does not sanitise and escape some parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection. | |||||