Total
11593 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-43775 | 1 Deltaww | 1 Diaenergie | 2022-10-28 | N/A | 9.8 CRITICAL |
| The HICT_Loop class in Delta Electronics DIAEnergy v1.9 contains a SQL Injection flaw that could allow an attacker to gain code execution on a remote system. | |||||
| CVE-2022-43774 | 1 Deltaww | 1 Diaenergie | 2022-10-28 | N/A | 9.8 CRITICAL |
| The HandlerPageP_KID class in Delta Electronics DIAEnergy v1.9 contains a SQL Injection flaw that could allow an attacker to gain code execution on a remote system. | |||||
| CVE-2020-28702 | 1 Pybbs Project | 1 Pybbs | 2022-10-27 | 5.0 MEDIUM | 7.5 HIGH |
| A SQL injection vulnerability in TopicMapper.xml of PybbsCMS v5.2.1 allows attackers to access sensitive database information. | |||||
| CVE-2022-36839 | 1 Samsung | 1 Checkout | 2022-10-27 | N/A | 5.5 MEDIUM |
| SQL injection vulnerability via IAPService in Samsung Checkout prior to version 5.0.53.1 allows attackers to access IAP information. | |||||
| CVE-2020-15333 | 1 Zyxel | 1 Cloudcnm Secumanager | 2022-10-27 | N/A | 5.3 MEDIUM |
| Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows attackers to discover accounts via MySQL "select * from Administrator_users" and "select * from Users_users" requests. | |||||
| CVE-2022-3246 | 1 Adenion | 1 Blog2social | 2022-10-27 | N/A | 8.8 HIGH |
| The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin before 6.9.10 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by any authenticated users, such as subscribers | |||||
| CVE-2020-17463 | 1 Thedaylightstudio | 1 Fuel Cms | 2022-10-26 | 7.5 HIGH | 9.8 CRITICAL |
| FUEL CMS 1.4.7 allows SQL Injection via the col parameter to /pages/items, /permissions/items, or /navigation/items. | |||||
| CVE-2022-3395 | 1 Soflyy | 1 Wp All Export | 2022-10-26 | N/A | 8.8 HIGH |
| The WP All Export Pro WordPress plugin before 1.7.9 uses the contents of the cc_sql POST parameter directly as a database query, allowing users which has been given permission to run exports to execute arbitrary SQL statements, leading to a SQL Injection vulnerability. By default only users with the Administrator role can perform exports, but this can be delegated to lower privileged users as well. | |||||
| CVE-2022-32964 | 1 Omicard Edm Project | 1 Omicard Edm | 2022-10-26 | N/A | 9.8 CRITICAL |
| OMICARD EDM’s API function has insufficient validation for user input. An unauthenticated remote attacker can inject arbitrary SQL commands to access, modify, delete database or disrupt service. | |||||
| CVE-2017-20135 | 1 Itechscripts | 1 Dating Script | 2022-10-26 | N/A | 9.8 CRITICAL |
| A vulnerability classified as critical was found in Itech Dating Script 3.26. Affected by this vulnerability is an unknown functionality of the file /see_more_details.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2022-3302 | 1 Cleantalk | 1 Spam Protection\, Antispam\, Firewall | 2022-10-26 | N/A | 7.2 HIGH |
| The Spam protection, AntiSpam, FireWall by CleanTalk WordPress plugin before 5.185.1 does not validate ids before using them in a SQL statement, which could lead to SQL injection exploitable by high privilege users such as admin | |||||
| CVE-2021-24928 | 1 Rearrange Woocommerce Products Project | 1 Rearrange Woocommerce Products | 2022-10-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| The Rearrange Woocommerce Products WordPress plugin before 3.0.8 does not have proper access controls in the save_all_order AJAX action, nor validation and escaping when inserting user data in SQL statement, leading to an SQL injection, and allowing any authenticated user, such as subscriber, to modify arbitrary post content (for example with an XSS payload), as well as exfiltrate any data by copying it to another post. | |||||
| CVE-2022-42021 | 1 Best Student Result Management System Project | 1 Best Student Result Management System | 2022-10-21 | N/A | 9.8 CRITICAL |
| Best Student Result Management System v1.0 is vulnerable to SQL Injection via /upresult/upresult/notice-details.php?nid=. | |||||
| CVE-2017-20042 | 1 Vendavo | 1 Pricepoint | 2022-10-21 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability has been found in Navetti PricePoint 4.6.0.0 and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to sql injection (Blind). The attack can be launched remotely. Upgrading to version 4.7.0.0 is able to address this issue. It is recommended to upgrade the affected component. | |||||
| CVE-2022-3131 | 1 Codexpert | 1 Search Logger | 2022-10-21 | N/A | 7.2 HIGH |
| The Search Logger WordPress plugin through 0.9 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users | |||||
| CVE-2022-42218 | 1 Open Source Sacco Management System Project | 1 Open Source Sacco Management System | 2022-10-20 | N/A | 7.2 HIGH |
| Open Source SACCO Management System v1.0 vulnerable to SQL Injection via /sacco_shield/manage_loan.php. | |||||
| CVE-2022-39056 | 1 Changingtec | 1 Rava Certificate Validation System | 2022-10-20 | N/A | 9.8 CRITICAL |
| RAVA certificate validation system has insufficient validation for user input. An unauthenticated remote attacker can inject arbitrary SQL command to access, modify and delete database. | |||||
| CVE-2022-3158 | 1 Rockwellautomation | 1 Factorytalk Vantagepoint | 2022-10-20 | N/A | 8.8 HIGH |
| Rockwell Automation FactoryTalk VantagePoint versions 8.0, 8.10, 8.20, 8.30, 8.31 are vulnerable to an input validation vulnerability. The FactoryTalk VantagePoint SQL Server lacks input validation when users enter SQL statements to retrieve information from the back-end database. If successfully exploited, this could allow a user with basic user privileges to perform remote code execution on the server. | |||||
| CVE-2022-43023 | 1 Opencats | 1 Opencats | 2022-10-20 | N/A | 6.5 MEDIUM |
| OpenCATS v0.9.6 was discovered to contain a SQL injection vulnerability via the importID parameter in the Import viewerrors function. | |||||
| CVE-2022-43022 | 1 Opencats | 1 Opencats | 2022-10-20 | N/A | 6.5 MEDIUM |
| OpenCATS v0.9.6 was discovered to contain a SQL injection vulnerability via the tag_id variable in the Tag deletion function. | |||||