Total
11593 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-46120 | 1 Helmet Store Showroom Site Project | 1 Helmet Store Showroom Site | 2022-12-16 | N/A | 7.2 HIGH |
| Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/admin/?page=products/view_product&id=. | |||||
| CVE-2022-46121 | 1 Helmet Store Showroom Site Project | 1 Helmet Store Showroom Site | 2022-12-16 | N/A | 7.2 HIGH |
| Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/admin/?page=products/manage_product&id=. | |||||
| CVE-2022-46122 | 1 Helmet Store Showroom Site Project | 1 Helmet Store Showroom Site | 2022-12-16 | N/A | 7.2 HIGH |
| Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/admin/categories/view_category.php?id=. | |||||
| CVE-2022-46123 | 1 Helmet Store Showroom Site Project | 1 Helmet Store Showroom Site | 2022-12-16 | N/A | 7.2 HIGH |
| Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/admin/categories/manage_category.php?id=. | |||||
| CVE-2022-46124 | 1 Helmet Store Showroom Site Project | 1 Helmet Store Showroom Site | 2022-12-16 | N/A | 7.2 HIGH |
| Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/admin/?page=user/manage_user&id=. | |||||
| CVE-2022-46125 | 1 Helmet Store Showroom Site Project | 1 Helmet Store Showroom Site | 2022-12-16 | N/A | 7.2 HIGH |
| Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/admin/?page=client/manage_client&id=. | |||||
| CVE-2022-46126 | 1 Helmet Store Showroom Site Project | 1 Helmet Store Showroom Site | 2022-12-16 | N/A | 7.2 HIGH |
| Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/admin/brands/manage_brand.php?id=. | |||||
| CVE-2022-46127 | 1 Helmet Store Showroom Site Project | 1 Helmet Store Showroom Site | 2022-12-16 | N/A | 7.2 HIGH |
| Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/classes/Master.php?f=delete_product. | |||||
| CVE-2022-46051 | 1 Aerocms Project | 1 Aerocms | 2022-12-15 | N/A | 7.2 HIGH |
| The approve parameter from the AeroCMS-v0.0.1 CMS system is vulnerable to SQL injection attacks. | |||||
| CVE-2022-46047 | 1 Aerocms Project | 1 Aerocms | 2022-12-15 | N/A | 4.9 MEDIUM |
| AeroCMS v0.0.1 is vulnerable to SQL Injection via the delete parameter. | |||||
| CVE-2022-44790 | 1 Interspire | 1 Email Marketer | 2022-12-14 | N/A | 7.5 HIGH |
| Interspire Email Marketer through 6.5.1 allows SQL Injection via the surveys module. An unauthenticated attacker could successfully perform an attack to extract potentially sensitive information from the database if the survey id exists. | |||||
| CVE-2016-9048 | 1 Processmaker | 1 Processmaker | 2022-12-14 | 6.5 MEDIUM | 7.4 HIGH |
| Multiple exploitable SQL Injection vulnerabilities exists in ProcessMaker Enterprise Core 3.0.1.7-community. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and in certain setups access the underlying operating system. | |||||
| CVE-2022-23510 | 1 Cube | 1 Cube.js | 2022-12-13 | N/A | 8.8 HIGH |
| cube-js is a headless business intelligence platform. In version 0.31.23 all authenticated Cube clients could bypass SQL row-level security and run arbitrary SQL via the newly introduced /v1/sql-runner endpoint. This issue has been resolved in version 0.31.24. Users are advised to either upgrade to 0.31.24 or to downgrade to 0.31.22. There are no known workarounds for this vulnerability. | |||||
| CVE-2022-28111 | 1 Pagehelper Project | 1 Pagehelper | 2022-12-12 | 7.5 HIGH | 9.8 CRITICAL |
| MyBatis PageHelper v1.x.x-v3.7.0 v4.0.0-v5.0.0,v5.1.0-v5.3.0 was discovered to contain a time-blind SQL injection vulnerability via the orderBy parameter. | |||||
| CVE-2022-44838 | 1 Automotive Shop Management System Project | 1 Automotive Shop Management System | 2022-12-12 | N/A | 7.2 HIGH |
| Automotive Shop Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /services/view_service.php. | |||||
| CVE-2019-4147 | 1 Ibm | 1 Sterling File Gateway | 2022-12-09 | 6.5 MEDIUM | 7.2 HIGH |
| IBM Sterling File Gateway 2.2.0.0 through 6.0.1.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 158413. | |||||
| CVE-2022-3711 | 1 Sophos | 2 Xg Firewall, Xg Firewall Firmware | 2022-12-09 | N/A | 4.3 MEDIUM |
| A post-auth read-only SQL injection vulnerability allows users to read non-sensitive configuration database contents in the User Portal of Sophos Firewall releases older than version 19.5 GA. | |||||
| CVE-2022-31101 | 1 Prestashop | 1 Blockwishlist | 2022-12-09 | 6.5 MEDIUM | 8.8 HIGH |
| prestashop/blockwishlist is a prestashop extension which adds a block containing the customer's wishlists. In affected versions an authenticated customer can perform SQL injection. This issue is fixed in version 2.1.1. Users are advised to upgrade. There are no known workarounds for this issue. | |||||
| CVE-2022-44393 | 1 Sanitization Management System Project | 1 Sanitization Management System | 2022-12-09 | N/A | 7.2 HIGH |
| Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/?page=services/view_service&id=. | |||||
| CVE-2022-45010 | 1 Simple Phone Book\/directory Web App Project | 1 Simple Phone Book\/directory Web App | 2022-12-08 | N/A | 9.8 CRITICAL |
| Simple Phone Book/Directory Web App v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter at /PhoneBook/edit.php. | |||||