Total
11593 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-41407 | 1 Online Pet Shop We App Project | 1 Online Pet Shop We App | 2022-10-13 | N/A | 7.2 HIGH |
| Online Pet Shop We App v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/?page=orders/view_order. | |||||
| CVE-2022-41408 | 1 Online Pet Shop We App Project | 1 Online Pet Shop We App | 2022-10-13 | N/A | 9.8 CRITICAL |
| Online Pet Shop We App v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/?page=orders/view_order. | |||||
| CVE-2022-37208 | 1 Jflyfox | 1 Jfinal Cms | 2022-10-13 | N/A | 8.8 HIGH |
| JFinal CMS 5.1.0 is vulnerable to SQL Injection. These interfaces do not use the same component, nor do they have filters, but each uses its own SQL concatenation method, resulting in SQL injection. | |||||
| CVE-2022-20351 | 1 Google | 1 Android | 2022-10-12 | N/A | 5.5 MEDIUM |
| In queryInternal of CallLogProvider.java, there is a possible access to voicemail information due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-224771921 | |||||
| CVE-2022-42230 | 1 Simple Cold Storage Management System Project | 1 Simple Cold Storage Managment System | 2022-10-11 | N/A | 7.2 HIGH |
| Simple Cold Storage Management System v1.0 is vulnerable to SQL Injection via /csms/admin/?page=user/manage_user&id=. | |||||
| CVE-2022-36635 | 1 Zkteco | 1 Zkbiosecurity V5000 | 2022-10-11 | N/A | 8.8 HIGH |
| ZKteco ZKBioSecurity V5000 4.1.3 was discovered to contain a SQL injection vulnerability via the component /baseOpLog.do. | |||||
| CVE-2022-41515 | 1 Open Source Sacco Management System Project | 1 Open Source Sacco Management System | 2022-10-10 | N/A | 7.2 HIGH |
| Open Source SACCO Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /sacco_shield/ajax.php?action=delete_payment. | |||||
| CVE-2022-41514 | 1 Open Source Sacco Management System Project | 1 Open Source Sacco Management System | 2022-10-10 | N/A | 7.2 HIGH |
| Open Source SACCO Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /sacco_shield/ajax.php?action=delete_loan. | |||||
| CVE-2022-42073 | 1 Online Diagnostic Lab Management System Project | 1 Online Diagnostic Lab Management System | 2022-10-10 | N/A | 7.2 HIGH |
| Online Diagnostic Lab Management System v1.0 is vulnerable to SQL Injection via /diagnostic/editclient.php?id=. | |||||
| CVE-2022-42074 | 1 Online Diagnostic Lab Management System Project | 1 Online Diagnostic Lab Management System | 2022-10-10 | N/A | 7.2 HIGH |
| Online Diagnostic Lab Management System v1.0 is vulnerable to SQL Injection via /diagnostic/editcategory.php?id=. | |||||
| CVE-2022-41377 | 1 Online Pet Shop We App Project | 1 Online Pet Shop We App | 2022-10-10 | N/A | 7.2 HIGH |
| Online Pet Shop We App v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /pet_shop/admin/?page=maintenance/manage_category. | |||||
| CVE-2022-41378 | 1 Online Pet Shop We App Project | 1 Online Pet Shop We App | 2022-10-10 | N/A | 7.2 HIGH |
| Online Pet Shop We App v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /pet_shop/admin/?page=inventory/manage_inventory. | |||||
| CVE-2022-41513 | 1 Online Diagnostic Lab Management System Project | 1 Online Diagnostic Lab Management System | 2022-10-09 | N/A | 7.2 HIGH |
| Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /diagnostic/edittest.php. | |||||
| CVE-2022-27379 | 2 Debian, Mariadb | 2 Debian Linux, Mariadb | 2022-10-08 | 5.0 MEDIUM | 7.5 HIGH |
| An issue in the component Arg_comparator::compare_real_fixed of MariaDB Server v10.6.2 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. | |||||
| CVE-2022-27378 | 2 Debian, Mariadb | 2 Debian Linux, Mariadb | 2022-10-08 | 5.0 MEDIUM | 7.5 HIGH |
| An issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. | |||||
| CVE-2022-40872 | 1 Simple E-learning System Project | 1 Simple E-learning System | 2022-10-07 | N/A | 9.8 CRITICAL |
| An SQL injection vulnerability issue was discovered in Sourcecodester Simple E-Learning System 1.0., in /vcs/classRoom.php?classCode=, classCode. | |||||
| CVE-2022-41355 | 1 Online Leave Management System Project | 1 Online Leave Management System | 2022-10-07 | N/A | 7.2 HIGH |
| Online Leave Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /leave_system/classes/Master.php?f=delete_department. | |||||
| CVE-2018-5696 | 1 Ijoomla | 1 Ad Agency | 2022-10-07 | 7.5 HIGH | 9.8 CRITICAL |
| The iJoomla com_adagency plugin 6.0.9 for Joomla! allows SQL injection via the `advertiser_status` and `status_select` parameters to index.php. | |||||
| CVE-2022-28815 | 1 Gavazziautomation | 3 Cpy Car Park Server, Uwp 3.0 Monitoring Gateway And Controller, Uwp 3.0 Monitoring Gateway And Controller Firmware | 2022-10-07 | N/A | 2.7 LOW |
| In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 the Sentilo Proxy server was discovered to contain a SQL injection vulnerability allowing an attacker to query other tables of the Sentilo service. | |||||
| CVE-2022-22794 | 1 Cybonet | 1 Pineapp Mail Secure | 2022-10-07 | 7.5 HIGH | 9.8 CRITICAL |
| Cybonet - PineApp Mail Relay Unauthenticated Sql Injection. Attacker can send a request to: /manage/emailrichment/userlist.php?CUSTOMER_ID_INNER=1 /admin/emailrichment/userlist.php?CUSTOMER_ID_INNER=1 /manage/emailrichment/usersunlist.php?CUSTOMER_ID_INNER=1 /admin/emailrichment/usersunlist.php?CUSTOMER_ID_INNER=1 and by doing that, the attacker can run Remote Code Execution in one liner. | |||||