Total
11593 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-43330 | 1 Canteen Management System Project | 1 Canteen Management System | 2022-11-01 | N/A | 7.2 HIGH |
| Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /editorder.php. | |||||
| CVE-2022-43329 | 1 Canteen Management System Project | 1 Canteen Management System | 2022-11-01 | N/A | 7.2 HIGH |
| Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /print.php. | |||||
| CVE-2022-43328 | 1 Canteen Management System Project | 1 Canteen Management System | 2022-11-01 | N/A | 7.2 HIGH |
| Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /editorder.php. | |||||
| CVE-2022-43331 | 1 Canteen Management System Project | 1 Canteen Management System | 2022-11-01 | N/A | 7.2 HIGH |
| Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /php_action/printOrder.php. | |||||
| CVE-2022-42923 | 1 Formalms | 1 Formalms | 2022-11-01 | N/A | 8.8 HIGH |
| Forma LMS on its 3.1.0 version and earlier is vulnerable to a SQL injection vulnerability. The exploitation of this vulnerability could allow an authenticated attacker (with the role of student) to perform a SQL injection on the 'id' parameter in the 'appCore/index.php?r=adm/mediagallery/delete' function in order to dump the entire database or delete all contents from the 'core_user_file' table. | |||||
| CVE-2022-41680 | 1 Formalms | 1 Formalms | 2022-11-01 | N/A | 6.5 MEDIUM |
| Forma LMS on its 3.1.0 version and earlier is vulnerable to a SQL injection vulnerability. The exploitation of this vulnerability could allow an authenticated attacker (with the role of student) to perform a SQL injection on the 'search[value] parameter in the appLms/ajax.server.php?r=mycertificate/getMyCertificates' function in order to dump the entire database. | |||||
| CVE-2018-8967 | 1 Zzcms | 1 Zzcms | 2022-11-01 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in zzcms 8.2. It allows SQL injection via the id parameter in an adv2.php?action=modify request. | |||||
| CVE-2018-9309 | 1 Zzcms | 1 Zzcms | 2022-11-01 | 5.0 MEDIUM | 9.8 CRITICAL |
| An issue was discovered in zzcms 8.2. It allows SQL injection via the id parameter in a dl/dl_sendsms.php request. | |||||
| CVE-2022-42924 | 1 Formalms | 1 Formalms | 2022-11-01 | N/A | 6.5 MEDIUM |
| Forma LMS on its 3.1.0 version and earlier is vulnerable to a SQL injection vulnerability. The exploitation of this vulnerability could allow an authenticated attacker (with the role of student) to perform a SQL injection on the 'dyn_filter' parameter in the 'appLms/ajax.adm_server.php?r=widget/userselector/getusertabledata' function in order to dump the entire database. | |||||
| CVE-2022-43353 | 1 Sanitization Management System Project | 1 Sanitization Management System | 2022-11-01 | N/A | 7.2 HIGH |
| Sanitization Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/?page=orders/view_order. | |||||
| CVE-2022-43354 | 1 Sanitization Management System Project | 1 Sanitization Management System | 2022-11-01 | N/A | 7.2 HIGH |
| Sanitization Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/?page=orders/manage_request. | |||||
| CVE-2022-43355 | 1 Sanitization Management System Project | 1 Sanitization Management System | 2022-11-01 | N/A | 7.2 HIGH |
| Sanitization Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /php-sms/classes/Master.php?f=delete_service. | |||||
| CVE-2022-3254 | 1 Awpcp | 1 Another Wordpress Classifieds Plugin | 2022-11-01 | N/A | 9.8 CRITICAL |
| The WordPress Classifieds Plugin WordPress plugin before 4.3 does not properly sanitise and escape some parameters before using them in a SQL statement via an AJAX action available to unauthenticated users and when a specific premium module is active, leading to a SQL injection | |||||
| CVE-2022-43168 | 1 Rukovoditel | 1 Rukovoditel | 2022-11-01 | N/A | 9.8 CRITICAL |
| Rukovoditel v3.2.1 was discovered to contain a SQL injection vulnerability via the reports_id parameter. | |||||
| CVE-2022-40352 | 1 Online Tours \& Travels Management System Project | 1 Online Tours \& Travels Management System | 2022-10-31 | N/A | 7.2 HIGH |
| Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/update_traveller.php. | |||||
| CVE-2021-36898 | 1 Expresstech | 1 Quiz And Survey Master | 2022-10-31 | N/A | 7.2 HIGH |
| Auth. SQL Injection (SQLi) vulnerability in Quiz And Survey Master plugin <= 7.3.4 on WordPress. | |||||
| CVE-2022-3300 | 1 10web | 1 Form Maker | 2022-10-29 | N/A | 7.2 HIGH |
| The Form Maker by 10Web WordPress plugin before 1.15.6 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin | |||||
| CVE-2022-1014 | 1 Labarta | 1 Wp Contacts Manager | 2022-10-29 | 7.5 HIGH | 9.8 CRITICAL |
| The WP Contacts Manager WordPress plugin through 2.2.4 fails to properly sanitize user supplied POST data before it is being interpolated in an SQL statement and then executed, leading to an SQL injection vulnerability. | |||||
| CVE-2022-22524 | 1 Gavazziautomation | 3 Cpy Car Park Server, Uwp 3.0 Monitoring Gateway And Controller, Uwp 3.0 Monitoring Gateway And Controller Firmware | 2022-10-28 | N/A | 9.4 CRITICAL |
| In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 an unauthenticated remote attacker could utilize a SQL-Injection vulnerability to gain full database access, modify users and stop services . | |||||
| CVE-2022-22389 | 4 Ibm, Linux, Microsoft and 1 more | 4 Db2, Linux Kernel, Windows and 1 more | 2022-10-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may terminate abnormally when executing specially crafted SQL statements by an authenticated user. IBM X-Force ID: 2219740. | |||||