Total
11593 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-43021 | 1 Opencats | 1 Opencats | 2022-10-20 | N/A | 6.5 MEDIUM |
| OpenCATS v0.9.6 was discovered to contain a SQL injection vulnerability via the entriesPerPage variable. | |||||
| CVE-2022-43020 | 1 Opencats | 1 Opencats | 2022-10-20 | N/A | 6.5 MEDIUM |
| OpenCATS v0.9.6 was discovered to contain a SQL injection vulnerability via the tag_id variable in the Tag update function. | |||||
| CVE-2022-42143 | 1 Open Source Sacco Management System Project | 1 Open Source Sacco Management System | 2022-10-19 | N/A | 7.2 HIGH |
| Open Source SACCO Management System v1.0 is vulnerable to SQL Injection via /sacco_shield/manage_payment.php. | |||||
| CVE-2022-41498 | 1 Billing System Project | 1 Billing System | 2022-10-19 | N/A | 7.2 HIGH |
| Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /phpinventory/editbrand.php. | |||||
| CVE-2022-42237 | 1 Merchandise Online Store Project | 1 Merchandise Online Store | 2022-10-19 | N/A | 9.8 CRITICAL |
| A SQL Injection issue in Merchandise Online Store v.1.0 allows an attacker to log in to the admin account. | |||||
| CVE-2020-25695 | 2 Debian, Postgresql | 2 Debian Linux, Postgresql | 2022-10-19 | 6.5 MEDIUM | 8.8 HIGH |
| A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. An attacker having permission to create non-temporary objects in at least one schema can execute arbitrary SQL functions under the identity of a superuser. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | |||||
| CVE-2021-21263 | 1 Laravel | 1 Laravel | 2022-10-19 | 5.0 MEDIUM | 5.3 MEDIUM |
| Laravel is a web application framework. Versions of Laravel before 6.20.11, 7.30.2 and 8.22.1 contain a query binding exploitation. This same exploit applies to the illuminate/database package which is used by Laravel. If a request is crafted where a field that is normally a non-array value is an array, and that input is not validated or cast to its expected type before being passed to the query builder, an unexpected number of query bindings can be added to the query. In some situations, this will simply lead to no results being returned by the query builder; however, it is possible certain queries could be affected in a way that causes the query to return unexpected results. | |||||
| CVE-2022-41416 | 1 Online Tours \& Travels Management System Project | 1 Online Tours \& Travels Management System | 2022-10-18 | N/A | 7.2 HIGH |
| Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /user/update_booking.php. | |||||
| CVE-2022-41535 | 1 Open Source Sacco Management System Project | 1 Open Source Sacco Management System | 2022-10-17 | N/A | 7.2 HIGH |
| Open Source SACCO Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /sacco_shield/manage_borrower.php. | |||||
| CVE-2022-41536 | 1 Open Source Sacco Management System Project | 1 Open Source Sacco Management System | 2022-10-17 | N/A | 7.2 HIGH |
| Open Source SACCO Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /sacco_shield/manage_user.php. | |||||
| CVE-2022-34022 | 1 Resiot | 1 Iot Platform And Lorawan Network Server | 2022-10-17 | N/A | 7.2 HIGH |
| SQL injection vulnerability in ResIOT IOT Platform + LoRaWAN Network Server through 4.1.1000114 via a crafted POST request to /ResiotQueryDBActive. | |||||
| CVE-2022-39303 | 1 Ree6 | 1 Ree6 | 2022-10-17 | N/A | 9.8 CRITICAL |
| Ree6 is a moderation bot. This vulnerability allows manipulation of SQL queries. This issue has been patched in version 1.7.0 by using Javas PreparedStatements, which allow object setting without the risk of SQL injection. There are currently no known workarounds. | |||||
| CVE-2022-38540 | 1 Archerydms | 1 Archery | 2022-10-17 | N/A | 9.8 CRITICAL |
| Archery v1.4.0 to v1.8.5 was discovered to contain a SQL injection vulnerability via the ThreadIDs parameter in the create_kill_session interface. | |||||
| CVE-2022-41390 | 1 Ocomon Project | 1 Ocomon | 2022-10-17 | N/A | 9.8 CRITICAL |
| OcoMon v4.0 was discovered to contain a SQL injection vulnerability via the cod parameter at download.php. | |||||
| CVE-2022-41391 | 1 Ocomon Project | 1 Ocomon | 2022-10-17 | N/A | 9.8 CRITICAL |
| OcoMon v4.0 was discovered to contain a SQL injection vulnerability via the cod parameter at showImg.php. | |||||
| CVE-2022-42064 | 1 Online Diagnostic Lab Management System Project | 1 Online Diagnostic Lab Management System | 2022-10-15 | N/A | 9.8 CRITICAL |
| Online Diagnostic Lab Management System version 1.0 remote exploit that bypasses login with SQL injection and then uploads a shell. | |||||
| CVE-2022-41403 | 1 Newsletter Subscribe \(popup \+ Regular Module\) Project | 1 Newsletter Subscribe \(popup \+ Regular Module\) | 2022-10-14 | N/A | 9.8 CRITICAL |
| OpenCart 3.x Newsletter Custom Popup was discovered to contain a SQL injection vulnerability via the email parameter at index.php?route=extension/module/so_newletter_custom_popup/newsletter. | |||||
| CVE-2022-0836 | 1 Semadatacoop | 1 Sema Api | 2022-10-14 | 7.5 HIGH | 9.8 CRITICAL |
| The SEMA API WordPress plugin before 4.02 does not properly sanitise and escape some parameters before using them in SQL statements via an AJAX action, leading to SQL Injections exploitable by unauthenticated users | |||||
| CVE-2022-41532 | 1 Open Source Sacco Management System Project | 1 Open Source Sacco Management System | 2022-10-13 | N/A | 7.2 HIGH |
| Open Source SACCO Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /sacco_shield/ajax.php?action=delete_plan. | |||||
| CVE-2022-41530 | 1 Open Source Sacco Management System Project | 1 Open Source Sacco Management System | 2022-10-13 | N/A | 7.2 HIGH |
| Open Source SACCO Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /sacco_shield/ajax.php?action=delete_borrower. | |||||