Total
11593 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-3802 | 1 Ibax | 1 Go-ibax | 2023-11-07 | N/A | 8.8 HIGH |
| A vulnerability has been found in IBAX go-ibax and classified as critical. This vulnerability affects unknown code of the file /api/v2/open/rowsInfo. The manipulation of the argument where leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-212638 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-3800 | 1 Ibax | 1 Go-ibax | 2023-11-07 | N/A | 8.8 HIGH |
| A vulnerability, which was classified as critical, has been found in IBAX go-ibax. Affected by this issue is some unknown functionality of the file /api/v2/open/rowsInfo. The manipulation of the argument table_name leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-212636. | |||||
| CVE-2022-3799 | 1 Ibax | 1 Go-ibax | 2023-11-07 | N/A | 8.8 HIGH |
| A vulnerability classified as critical was found in IBAX go-ibax. Affected by this vulnerability is an unknown functionality of the file /api/v2/open/tablesInfo. The manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-212635. | |||||
| CVE-2022-3798 | 1 Ibax | 1 Go-ibax | 2023-11-07 | N/A | 8.8 HIGH |
| A vulnerability classified as critical has been found in IBAX go-ibax. Affected is an unknown function of the file /api/v2/open/tablesInfo. The manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-212634 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-3789 | 1 Tim Campus Confession Wall Project | 1 Tim Campus Confession Wall | 2023-11-07 | N/A | 9.8 CRITICAL |
| A vulnerability has been found in Tim Campus Confession Wall and classified as critical. Affected by this vulnerability is an unknown functionality of the file share.php. The manipulation of the argument post_id leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-212611. | |||||
| CVE-2022-3768 | 1 Wpsmartcontracts | 1 Wpsmartcontracts | 2023-11-07 | N/A | 8.8 HIGH |
| The WPSmartContracts WordPress plugin before 1.3.12 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as author | |||||
| CVE-2022-3760 | 1 Miateknoloji | 1 Mia-med | 2023-11-07 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mia Technology Mia-Med.This issue affects Mia-Med: before 1.0.0.58. | |||||
| CVE-2022-3732 | 1 Ehoney Project | 1 Ehoney | 2023-11-07 | N/A | 9.8 CRITICAL |
| A vulnerability was found in seccome Ehoney and classified as critical. Affected by this issue is some unknown functionality of the file /api/v1/bait/set. The manipulation of the argument Payload leads to sql injection. The attack may be launched remotely. VDB-212414 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-3583 | 1 Canteen Management System Project | 1 Canteen Management System | 2023-11-07 | N/A | 9.8 CRITICAL |
| A vulnerability was found in SourceCodester Canteen Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file login.php. The manipulation of the argument business leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-211192. | |||||
| CVE-2022-3504 | 1 Sanitization Management System Project | 1 Sanitization Management System | 2023-11-07 | N/A | 9.8 CRITICAL |
| A vulnerability was found in SourceCodester Sanitization Management System and classified as critical. This issue affects some unknown processing of the file /php-sms/?p=services/view_service. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-210839. | |||||
| CVE-2022-3495 | 1 Simple Online Public Access Catalog Project | 1 Simple Online Public Access Catalog | 2023-11-07 | N/A | 7.2 HIGH |
| A vulnerability has been found in SourceCodester Simple Online Public Access Catalog 1.0 and classified as critical. This vulnerability affects unknown code of the file /opac/Actions.php?a=login of the component Admin Login. The manipulation of the argument username/password leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-210784. | |||||
| CVE-2022-3481 | 1 Opmc | 1 Woocommerce Dropshipping | 2023-11-07 | N/A | 9.8 CRITICAL |
| The WooCommerce Dropshipping WordPress plugin before 4.4 does not properly sanitise and escape a parameter before using it in a SQL statement via a REST endpoint available to unauthenticated users, leading to a SQL injection | |||||
| CVE-2022-3142 | 1 Basixonline | 1 Nex-forms | 2023-11-07 | N/A | 8.8 HIGH |
| The NEX-Forms WordPress plugin before 7.9.7 does not properly sanitise and escape user input before using it in SQL statements, leading to SQL injections. The attack can be executed by anyone who is permitted to view the forms statistics chart, by default administrators, however can be configured otherwise via the plugin settings. | |||||
| CVE-2022-3141 | 1 Cozmoslabs | 1 Translatepress | 2023-11-07 | N/A | 8.8 HIGH |
| The Translate Multilingual sites WordPress plugin before 2.3.3 is vulnerable to an authenticated SQL injection. By adding a new language (via the settings page) containing specific special characters, the backticks in the SQL query can be surpassed and a time-based blind payload can be injected. | |||||
| CVE-2022-3122 | 1 Clinic\'s Patient Management System Project | 1 Clinic\'s Patient Management System | 2023-11-07 | N/A | 9.8 CRITICAL |
| A vulnerability was found in SourceCodester Clinics Patient Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file medicine_details.php. The manipulation of the argument medicine leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-207854 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-3120 | 1 Clinic\'s Patient Management System Project | 1 Clinic\'s Patient Management System | 2023-11-07 | N/A | 9.8 CRITICAL |
| A vulnerability classified as critical was found in SourceCodester Clinics Patient Management System. Affected by this vulnerability is an unknown functionality of the file index.php of the component Login. The manipulation of the argument user_name leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-207847. | |||||
| CVE-2022-38074 | 1 Veronalabs | 1 Wp Statistics | 2023-11-07 | N/A | 8.8 HIGH |
| SQL Injection vulnerability in VeronaLabs WP Statistics pluginĀ <= 13.2.10 versions. | |||||
| CVE-2022-36759 | 1 Online Food Ordering System Project | 1 Online Food Ordering System | 2023-11-07 | N/A | 9.8 CRITICAL |
| Online Food Ordering System v1.0 was discovered to contain a SQL injection vulnerability via the component /dishes.php?res_id=. | |||||
| CVE-2022-34265 | 1 Djangoproject | 1 Django | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0.6. The Trunc() and Extract() database functions are subject to SQL injection if untrusted data is used as a kind/lookup_name value. Applications that constrain the lookup name and kind choice to a known safe list are unaffected. | |||||
| CVE-2022-33875 | 1 Fortinet | 1 Fortiadc | 2023-11-07 | N/A | 8.8 HIGH |
| An improper neutralization of special elements used in an SQL Command ('SQL Injection') vulnerability in Fortinet FortiADC version 7.1.0, version 7.0.0 through 7.0.2 and version 6.2.4 and below allows an authenticatedĀ attacker to execute unauthorized code or commands via specifically crafted HTTP requests. | |||||