Total
11593 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-17900 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2022-11-17 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in fourn/index.php in Dolibarr ERP/CRM version 6.0.4 allows remote attackers to execute arbitrary SQL commands via the socid parameter. | |||||
| CVE-2012-1225 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2022-11-17 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Dolibarr CMS 3.2.0 Alpha and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) memberslist parameter (aka Member List) in list.php or (2) rowid parameter to adherents/fiche.php. | |||||
| CVE-2014-3992 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2022-11-17 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Dolibarr ERP/CRM 3.5.3 allow remote authenticated users to execute arbitrary SQL commands via the (1) entity parameter in an update action to user/fiche.php or (2) sortorder parameter to user/group/index.php. | |||||
| CVE-2017-7886 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2022-11-17 | 7.5 HIGH | 9.8 CRITICAL |
| Dolibarr ERP/CRM 4.0.4 has SQL Injection in doli/theme/eldy/style.css.php via the lang parameter. | |||||
| CVE-2018-19998 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2022-11-17 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in user/card.php in Dolibarr version 8.0.2 allows remote authenticated users to execute arbitrary SQL commands via the employee parameter. | |||||
| CVE-2017-17897 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2022-11-17 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in comm/multiprix.php in Dolibarr ERP/CRM version 6.0.4 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2022-30459 | 1 Chatbot App With Suggestion Project | 1 Chatbot App With Suggestion | 2022-11-17 | 6.5 MEDIUM | 8.8 HIGH |
| ChatBot App with Suggestion in PHP/OOP v1.0 is vulnerable to SQL Injection via /simple_chat_bot/classes/Master.php?f=delete_response, id. | |||||
| CVE-2022-42122 | 1 Liferay | 2 Dxp, Liferay Portal | 2022-11-17 | N/A | 9.8 CRITICAL |
| A SQL injection vulnerability in the Friendly Url module in Liferay Portal 7.3.7, and Liferay DXP 7.3 fix pack 2 through update 4 allows attackers to execute arbitrary SQL commands via a crafted payload injected into the `title` field of a friendly URL. | |||||
| CVE-2022-42121 | 1 Liferay | 2 Dxp, Liferay Portal | 2022-11-17 | N/A | 8.8 HIGH |
| A SQL injection vulnerability in the Layout module in Liferay Portal 7.1.3 through 7.4.3.4, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 17, 7.3 before service pack 3, and 7.4 GA allows remote authenticated attackers to execute arbitrary SQL commands via a crafted payload injected into a page template's 'Name' field. | |||||
| CVE-2022-42120 | 1 Liferay | 2 Dxp, Liferay Portal | 2022-11-17 | N/A | 9.8 CRITICAL |
| A SQL injection vulnerability in the Fragment module in Liferay Portal 7.3.3 through 7.4.3.16, and Liferay DXP 7.3 before update 4, and 7.4 before update 17 allows attackers to execute arbitrary SQL commands via a PortletPreferences' `namespace` attribute. | |||||
| CVE-2020-12507 | 1 Badgermeter | 1 Moni\ | 2022-11-17 | N/A | 8.8 HIGH |
| In s::can moni::tools before version 4.2 an authenticated attacker could get full access to the database through SQL injection. This may result in loss of confidentiality, loss of integrity and DoS. | |||||
| CVE-2022-40405 | 1 Wowonder | 1 Wowonder | 2022-11-17 | N/A | 7.5 HIGH |
| WoWonder Social Network Platform v4.1.2 was discovered to contain a SQL injection vulnerability via the offset parameter at requests.php?f=load-my-blogs. | |||||
| CVE-2022-42984 | 1 Wowonder | 1 Wowonder | 2022-11-17 | N/A | 9.8 CRITICAL |
| WoWonder Social Network Platform 4.1.4 was discovered to contain a SQL injection vulnerability via the offset parameter at requests.php?f=search&s=recipients. | |||||
| CVE-2022-43672 | 1 Zohocorp | 3 Manageengine Access Manager Plus, Manageengine Pam360, Manageengine Password Manager Pro | 2022-11-16 | N/A | 9.8 CRITICAL |
| Zoho ManageEngine Password Manager Pro before 12122, PAM360 before 5711, and Access Manager Plus before 4306 allow SQL Injection (in a different software component relative to CVE-2022-43671. | |||||
| CVE-2022-43288 | 1 Rukovoditel | 1 Rukovoditel | 2022-11-16 | N/A | 8.8 HIGH |
| Rukovoditel v3.2.1 was discovered to contain a SQL injection vulnerability via the order_by parameter at /rukovoditel/index.php?module=logs/view&type=php. | |||||
| CVE-2022-43256 | 1 Seacms | 1 Seacms | 2022-11-16 | N/A | 9.8 CRITICAL |
| SeaCms before v12.6 was discovered to contain a SQL injection vulnerability via the component /js/player/dmplayer/dmku/index.php. | |||||
| CVE-2022-43671 | 1 Zohocorp | 3 Manageengine Access Manager Plus, Manageengine Pam360, Manageengine Password Manager Pro | 2022-11-16 | N/A | 9.8 CRITICAL |
| Zoho ManageEngine Password Manager Pro before 12122, PAM360 before 5711, and Access Manager Plus before 4306 allow SQL Injection. | |||||
| CVE-2022-2214 | 1 Library Management System Project | 1 Library Management System | 2022-11-16 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability was found in SourceCodester Library Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /librarian/bookdetails.php. The manipulation of the argument id with the input ' AND (SELECT 9198 FROM (SELECT(SLEEP(5)))iqZA)-- PbtB leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2020-17373 | 1 Sugarcrm | 1 Sugarcrm | 2022-11-16 | 3.5 LOW | 5.3 MEDIUM |
| SugarCRM before 10.1.0 (Q3 2020) allows SQL Injection. | |||||
| CVE-2022-41892 | 1 Archesproject | 1 Arches | 2022-11-16 | N/A | 9.8 CRITICAL |
| Arches is a web platform for creating, managing, & visualizing geospatial data. Versions prior to 6.1.2, 6.2.1, and 7.1.2 are vulnerable to SQL Injection. With a carefully crafted web request, it's possible to execute certain unwanted sql statements against the database. This issue is fixed in version 7.12, 6.2.1, and 6.1.2. Users are recommended to upgrade as soon as possible. There are no workarounds. | |||||