Total
11593 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-39041 | 1 Aenrich | 1 A\+hrd | 2023-01-10 | N/A | 9.8 CRITICAL |
| aEnrich a+HRD has insufficient user input validation for specific API parameter. An unauthenticated remote attacker can exploit this vulnerability to inject arbitrary SQL commands to access, modify and delete database. | |||||
| CVE-2022-43437 | 1 Easy Test Project | 1 Easy Test | 2023-01-09 | N/A | 8.8 HIGH |
| The Download function’s parameter of EasyTest has insufficient validation for user input. A remote attacker authenticated as a general user can inject arbitrary SQL command to access, modify or delete database. | |||||
| CVE-2022-34324 | 1 Sage | 1 Sage Xrt Business Exchange | 2023-01-09 | N/A | 8.8 HIGH |
| Multiple SQL injections in Sage XRT Business Exchange 12.4.302 allow an authenticated attacker to inject malicious data in SQL queries: Add Currencies, Payment Order, and Transfer History. | |||||
| CVE-2022-46442 | 1 Dedecms | 1 Dedecms | 2023-01-06 | N/A | 9.8 CRITICAL |
| dedecms <=V5.7.102 is vulnerable to SQL Injection. In sys_ sql_ n query.php there are no restrictions on the sql query. | |||||
| CVE-2020-24600 | 1 Capexweb Project | 1 Capexweb | 2023-01-05 | N/A | 9.8 CRITICAL |
| Shilpi CAPExWeb 1.1 allows SQL injection via a servlet/capexweb.cap_sendMail GET request. | |||||
| CVE-2022-44015 | 1 Simmeth | 1 Lieferantenmanager | 2023-01-05 | N/A | 9.8 CRITICAL |
| An issue was discovered in Simmeth Lieferantenmanager before 5.6. An attacker can inject raw SQL queries. By activating MSSQL features, the attacker is able to execute arbitrary commands on the MSSQL server via the xp_cmdshell extended procedure. | |||||
| CVE-2022-44137 | 1 Sanitization Management System Project | 1 Sanitization Management System | 2023-01-05 | N/A | 7.2 HIGH |
| SourceCodester Sanitization Management System 1.0 is vulnerable to SQL Injection. | |||||
| CVE-2022-45889 | 1 Planetestream | 1 Planet Estream | 2023-01-04 | N/A | 7.2 HIGH |
| Planet eStream before 6.72.10.07 allows a remote attacker (who is a publisher or admin) to obtain access to all records stored in the database, and achieve the ability to execute arbitrary SQL commands, via Search (the StatisticsResults.aspx flt parameter). | |||||
| CVE-2022-1887 | 2 Apple, Mozilla | 2 Iphone Os, Firefox | 2022-12-24 | N/A | 9.8 CRITICAL |
| The search term could have been specified externally to trigger SQL injection. This vulnerability affects Firefox for iOS < 101. | |||||
| CVE-2022-45041 | 1 Rockoa | 1 Xinhu | 2022-12-23 | N/A | 7.5 HIGH |
| SQL Injection exits in xinhu < 2.5.0 | |||||
| CVE-2022-42535 | 1 Google | 1 Android | 2022-12-21 | N/A | 5.5 MEDIUM |
| In a query in MmsSmsProvider.java, there is a possible access to restricted tables due to SQL injection. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-224770183 | |||||
| CVE-2021-31650 | 1 Online Grading System Project | 1 Online Grading System | 2022-12-21 | N/A | 9.8 CRITICAL |
| A SQL injection vulnerability in Sourcecodester Online Grading System 1.0 allows remote attackers to execute arbitrary SQL commands via the uname parameter. | |||||
| CVE-2022-40315 | 2 Fedoraproject, Moodle | 3 Extra Packages For Enterprise Linux, Fedora, Moodle | 2022-12-21 | N/A | 9.8 CRITICAL |
| A limited SQL injection risk was identified in the "browse list of users" site administration page. | |||||
| CVE-2021-24728 | 1 Cozmoslabs | 1 Membership \& Content Restriction - Paid Member Subscriptions | 2022-12-20 | 6.5 MEDIUM | 8.8 HIGH |
| The Membership & Content Restriction – Paid Member Subscriptions WordPress plugin before 2.4.2 did not sanitise, validate or escape its order and orderby parameters before using them in SQL statement, leading to Authenticated SQL Injections in the Members and Payments pages. | |||||
| CVE-2022-20518 | 1 Google | 1 Android | 2022-12-20 | N/A | 5.5 MEDIUM |
| In query of MmsSmsProvider.java, there is a possible access to restricted tables due to SQL injection. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-224770203 | |||||
| CVE-2022-20517 | 1 Google | 1 Android | 2022-12-20 | N/A | 5.5 MEDIUM |
| In getMessagesByPhoneNumber of MmsSmsProvider.java, there is a possible access to restricted tables due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-224769956 | |||||
| CVE-2022-38488 | 1 Logrocket-oauth2-example Project | 1 Logrocket-oauth2-example | 2022-12-19 | N/A | 9.8 CRITICAL |
| logrocket-oauth2-example through 2020-05-27 allows SQL injection via the /auth/register username parameter. | |||||
| CVE-2022-46117 | 1 Helmet Store Showroom Site Project | 1 Helmet Store Showroom Site | 2022-12-16 | N/A | 7.2 HIGH |
| Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/?page=view_product&id=. | |||||
| CVE-2022-46118 | 1 Helmet Store Showroom Site Project | 1 Helmet Store Showroom Site | 2022-12-16 | N/A | 7.2 HIGH |
| Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/?page=product_per_brand&bid=. | |||||
| CVE-2022-46119 | 1 Helmet Store Showroom Site Project | 1 Helmet Store Showroom Site | 2022-12-16 | N/A | 7.2 HIGH |
| Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/?page=categories&c=. | |||||