Total
11593 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-15627 | 1 Control-webpanel | 1 Webpanel | 2023-01-24 | 7.8 HIGH | 7.5 HIGH |
| This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_mail_autoreply.php. When parsing the account parameter, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose information in the context of root. Was ZDI-CAN-9738. | |||||
| CVE-2020-10230 | 1 Control-webpanel | 1 Webpanel | 2023-01-24 | 7.5 HIGH | 9.8 CRITICAL |
| CentOS-WebPanel.com (aka CWP) CentOS Web Panel (for CentOS 6 and 7) allows SQL Injection via the /cwp_{SESSION_HASH}/admin/loader_ajax.php term parameter. | |||||
| CVE-2020-15616 | 1 Control-webpanel | 1 Webpanel | 2023-01-24 | 7.8 HIGH | 7.5 HIGH |
| This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_list_accounts.php. When parsing the package parameter, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose information in the context of root. Was ZDI-CAN-9706. | |||||
| CVE-2022-46093 | 1 Hospital Management System Project | 1 Hospital Management System | 2023-01-24 | N/A | 8.2 HIGH |
| Hospital Management System v1.0 is vulnerable to SQL Injection. Attackers can gain administrator privileges without the need for a password. | |||||
| CVE-2020-14349 | 2 Opensuse, Postgresql | 2 Leap, Postgresql | 2023-01-24 | 4.6 MEDIUM | 7.1 HIGH |
| It was found that PostgreSQL versions before 12.4, before 11.9 and before 10.14 did not properly sanitize the search_path during logical replication. An authenticated attacker could use this flaw in an attack similar to CVE-2018-1058, in order to execute arbitrary SQL command in the context of the user used for replication. | |||||
| CVE-2022-46502 | 1 Online Student Enrollment System Project | 1 Online Student Enrollment System | 2023-01-23 | N/A | 9.8 CRITICAL |
| Online Student Enrollment System v1.0 was discovered to contain a SQL injection vulnerability via the username parameter at /student_enrollment/admin/login.php. | |||||
| CVE-2022-46472 | 1 Helmet Store Showroom Site Project | 1 Helmet Store Showroom Site | 2023-01-23 | N/A | 7.2 HIGH |
| Helmet Store Showroom Site v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /hss/classes/Users.php?f=delete. | |||||
| CVE-2022-46471 | 1 Online Health Care System Project | 1 Online Health Care System | 2023-01-23 | N/A | 9.8 CRITICAL |
| Online Health Care System v1.0 was discovered to contain a SQL injection vulnerability via the consulting_id parameter at /healthcare/Admin/consulting_detail.php. | |||||
| CVE-2022-23692 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2023-01-23 | N/A | 8.8 HIGH |
| Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database potentially leading to complete compromise of the ClearPass Policy Manager cluster in Aruba ClearPass Policy Manager version(s): 6.10.x: 6.10.6 and below; 6.9.x: 6.9.11 and below. Aruba has released upgrades for Aruba ClearPass Policy Manager that address these security vulnerabilities. | |||||
| CVE-2022-23693 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2023-01-23 | N/A | 8.8 HIGH |
| Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database potentially leading to complete compromise of the ClearPass Policy Manager cluster in Aruba ClearPass Policy Manager version(s): 6.10.x: 6.10.6 and below; 6.9.x: 6.9.11 and below. Aruba has released upgrades for Aruba ClearPass Policy Manager that address these security vulnerabilities. | |||||
| CVE-2022-23694 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2023-01-23 | N/A | 8.8 HIGH |
| Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database potentially leading to complete compromise of the ClearPass Policy Manager cluster in Aruba ClearPass Policy Manager version(s): 6.10.x: 6.10.6 and below; 6.9.x: 6.9.11 and below. Aruba has released upgrades for Aruba ClearPass Policy Manager that address these security vulnerabilities. | |||||
| CVE-2022-23695 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2023-01-23 | N/A | 8.8 HIGH |
| Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database potentially leading to complete compromise of the ClearPass Policy Manager cluster in Aruba ClearPass Policy Manager version(s): 6.10.x: 6.10.6 and below; 6.9.x: 6.9.11 and below. Aruba has released upgrades for Aruba ClearPass Policy Manager that address these security vulnerabilities. | |||||
| CVE-2022-23696 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2023-01-23 | N/A | 8.8 HIGH |
| Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database potentially leading to complete compromise of the ClearPass Policy Manager cluster in Aruba ClearPass Policy Manager version(s): 6.10.x: 6.10.6 and below; 6.9.x: 6.9.11 and below. Aruba has released upgrades for Aruba ClearPass Policy Manager that address these security vulnerabilities. | |||||
| CVE-2022-48090 | 1 Hotel Management System Project | 1 Hotel Management System | 2023-01-20 | N/A | 6.5 MEDIUM |
| Tramyardg hotel-mgmt-system version 2022.4 is vulnerable to SQL Injection via /app/dao/CustomerDAO.php. | |||||
| CVE-2022-46623 | 1 Judging Management System Project | 1 Judging Management System | 2023-01-20 | N/A | 7.8 HIGH |
| Judging Management System v1.0.0 was discovered to contain a SQL injection vulnerability via the username parameter. | |||||
| CVE-2022-46946 | 1 Helmet Store Showroom Site Project | 1 Helmet Store Showroom Site | 2023-01-20 | N/A | 7.2 HIGH |
| Helmet Store Showroom Site v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_brand. | |||||
| CVE-2022-46947 | 1 Helmet Store Showroom Site Project | 1 Helmet Store Showroom Site | 2023-01-20 | N/A | 7.2 HIGH |
| Helmet Store Showroom Site v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_category. | |||||
| CVE-2022-46949 | 1 Helmet Store Showroom Site Project | 1 Helmet Store Showroom Site | 2023-01-20 | N/A | 7.2 HIGH |
| Helmet Store Showroom Site v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_helmet. | |||||
| CVE-2022-46950 | 1 Dynamic Transaction Queuing System Project | 1 Dynamic Transaction Queuing System | 2023-01-20 | N/A | 7.2 HIGH |
| Dynamic Transaction Queuing System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/ajax.php?action=delete_window. | |||||
| CVE-2022-46951 | 1 Dynamic Transaction Queuing System Project | 1 Dynamic Transaction Queuing System | 2023-01-20 | N/A | 7.2 HIGH |
| Dynamic Transaction Queuing System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/ajax.php?action=delete_uploads. | |||||