Total
11593 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-44727 | 1 Lineagrafica | 1 Eu Cookie Law Gdpr | 2022-11-15 | N/A | 9.1 CRITICAL |
| The EU Cookie Law GDPR (Banner + Blocker) module before 2.1.3 for PrestaShop allows SQL Injection via a cookie ( lgcookieslaw or __lglaw ). | |||||
| CVE-2022-43290 | 1 Canteen Management System Project | 1 Canteen Management System | 2022-11-10 | N/A | 7.2 HIGH |
| Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /youthappam/editcategory.php. | |||||
| CVE-2022-43291 | 1 Canteen Management System Project | 1 Canteen Management System | 2022-11-10 | N/A | 7.2 HIGH |
| Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /youthappam/editclient.php. | |||||
| CVE-2022-43292 | 1 Canteen Management System Project | 1 Canteen Management System | 2022-11-10 | N/A | 7.2 HIGH |
| Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /youthappam/editfood.php. | |||||
| CVE-2022-43058 | 1 Online Diagnostic Lab Management System Project | 1 Online Diagnostic Lab Management System | 2022-11-10 | N/A | 9.8 CRITICAL |
| Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /odlms//classes/Master.php?f=delete_activity. | |||||
| CVE-2022-3494 | 1 Really-simple-plugins | 1 Complianz | 2022-11-10 | N/A | 8.8 HIGH |
| The Complianz WordPress plugin before 6.3.4, and Complianz Premium WordPress plugin before 6.3.6 allow a translators to inject arbitrary SQL through an unsanitized translation. SQL can be injected through an infected translation file, or by a user with a translator role through translation plugins such as Loco Translate or WPML. | |||||
| CVE-2021-24651 | 1 Ays-pro | 1 Poll Maker | 2022-11-09 | 5.0 MEDIUM | 7.5 HIGH |
| The Poll Maker WordPress plugin before 3.4.2 allows unauthenticated users to perform SQL injection via the ays_finish_poll AJAX action. While the result is not disclosed in the response, it is possible to use a timing attack to exfiltrate data such as password hash. | |||||
| CVE-2021-24626 | 1 Chameleon Css Project | 1 Chameleon Css | 2022-11-09 | 6.5 MEDIUM | 8.8 HIGH |
| The Chameleon CSS WordPress plugin through 1.2 does not have any CSRF and capability checks in all its AJAX calls, allowing any authenticated user, such as subscriber to call them and perform unauthorised actions. One of AJAX call, remove_css, also does not sanitise or escape the css_id POST parameter before using it in a SQL statement, leading to a SQL Injection | |||||
| CVE-2021-24555 | 1 Roosty | 1 Diary-availability-calendar | 2022-11-09 | 6.5 MEDIUM | 8.8 HIGH |
| The daac_delete_booking_callback function, hooked to the daac_delete_booking AJAX action, takes the id POST parameter which is passed into the SQL statement without proper sanitisation, validation or escaping, leading to a SQL Injection issue. Furthermore, the ajax action is lacking any CSRF and capability check, making it available to any authenticated user. | |||||
| CVE-2022-43278 | 1 Canteen Management System Project | 1 Canteen Management System | 2022-11-09 | N/A | 7.2 HIGH |
| Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the categoriesId parameter at /php_action/fetchSelectedCategories.php. | |||||
| CVE-2022-39069 | 1 Zte | 1 Zaip-aie | 2022-11-09 | N/A | 5.3 MEDIUM |
| There is a SQL injection vulnerability in ZTE ZAIP-AIE. Due to lack of input verification by the server, an attacker could trigger an attack by building malicious requests. Exploitation of this vulnerability could cause the leakage of the current table content. | |||||
| CVE-2022-41259 | 1 Sap | 1 Sql Anywhere | 2022-11-09 | N/A | 6.5 MEDIUM |
| SAP SQL Anywhere - version 17.0, allows an authenticated attacker to prevent legitimate users from accessing a SQL Anywhere database server by crashing the server with some queries that use an ARRAY constructor. | |||||
| CVE-2022-27380 | 2 Debian, Mariadb | 2 Debian Linux, Mariadb | 2022-11-08 | 5.0 MEDIUM | 7.5 HIGH |
| An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. | |||||
| CVE-2022-41671 | 1 Schneider-electric | 2 Ecostruxure Operator Terminal Expert, Pro-face Blue | 2022-11-08 | N/A | 7.8 HIGH |
| A CWE-89: Improper Neutralization of Special Elements used in SQL Command (‘SQL Injection’) vulnerability exists that allows adversaries with local user privileges to craft a malicious SQL query and execute as part of project migration which could result in execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1 or prior), Pro-face BLUE(V3.3 Hotfix1 or prior). | |||||
| CVE-2022-43049 | 1 Canteen Management System Project | 1 Canteen Management System | 2022-11-08 | N/A | 7.2 HIGH |
| Canteen Management System Project v1.0 was discovered to contain a SQL injection vulnerability via the component /youthappam/add-food.php. | |||||
| CVE-2022-43051 | 1 Online Diagnostic Lab Management System Project | 1 Online Diagnostic Lab Management System | 2022-11-08 | N/A | 7.2 HIGH |
| Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /odlms/classes/Users.php?f=delete_test. | |||||
| CVE-2022-43052 | 1 Online Diagnostic Lab Management System Project | 1 Online Diagnostic Lab Management System | 2022-11-08 | N/A | 7.2 HIGH |
| Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /odlms/classes/Users.php?f=delete. | |||||
| CVE-2022-42990 | 1 Food Ordering Management System Project | 1 Food Ordering Management System | 2022-11-08 | N/A | 7.2 HIGH |
| Food Ordering Management System v1.0 was discovered to contain a SQL injection vulnerability via the component /foms/all-orders.php?status=Cancelled%20by%20Customer. | |||||
| CVE-2022-43350 | 1 Sanitization Management System Project | 1 Sanitization Management System | 2022-11-08 | N/A | 7.2 HIGH |
| Sanitization Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /php-sms/classes/Master.php?f=delete_inquiry. | |||||
| CVE-2022-43352 | 1 Sanitization Management System Project | 1 Sanitization Management System | 2022-11-08 | N/A | 7.2 HIGH |
| Sanitization Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /php-sms/classes/Master.php?f=delete_quote. | |||||