Total
11593 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-27733 | 1 Zohocorp | 1 Manageengine Applications Manager | 2022-10-07 | 6.5 MEDIUM | 8.8 HIGH |
| Zoho ManageEngine Applications Manager before 14 build 14880 allows an authenticated SQL Injection via a crafted Alarmview request. | |||||
| CVE-2020-10381 | 1 Mbconnectline | 2 Mbconnect24, Mymbconnect24 | 2022-10-07 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software in all versions through 2.5.0. There is an unauthenticated SQL injection in DATA24, allowing attackers to discover database and table names. | |||||
| CVE-2020-13381 | 1 Os4ed | 1 Opensis | 2022-10-07 | 7.5 HIGH | 9.8 CRITICAL |
| openSIS through 7.4 allows SQL Injection. | |||||
| CVE-2022-33880 | 1 Hospital Management System Mini-project Project | 1 Hospital Management System Mini-project | 2022-10-06 | N/A | 9.8 CRITICAL |
| hms-staff.php in Projectworlds Hospital Management System Mini-Project through 2018-06-17 allows SQL injection via the type parameter. | |||||
| CVE-2016-4507 | 1 Bosch | 1 Bladecontrol-webvis | 2022-10-06 | 5.5 MEDIUM | 6.4 MEDIUM |
| SQL injection vulnerability in Rexroth Bosch BLADEcontrol-WebVIS 3.0.2 and earlier allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2020-36002 | 1 Seat-reservation-system Project | 1 Seat-reservation-system | 2022-10-06 | 5.0 MEDIUM | 7.5 HIGH |
| Seat-Reservation-System 1.0 has a SQL injection vulnerability in index.php in the id parameter where attackers can obtain sensitive database information. | |||||
| CVE-2019-9204 | 1 Nagios | 1 Incident Manager | 2022-10-06 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in Nagios IM (component of Nagios XI) before 2.2.7 allows attackers to execute arbitrary SQL commands. | |||||
| CVE-2020-13589 | 1 Rukovoditel | 1 Rukovoditel | 2022-10-06 | 6.8 MEDIUM | 8.8 HIGH |
| An exploitable SQL injection vulnerability exists in the ‘entities/fields’ page of the Rukovoditel Project Management App 2.7.2. The entities_id parameter in the 'entities/fields page (mulitple_edit or copy_selected or export function) is vulnerable to authenticated SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability, this can be done either with administrator credentials or through cross-site request forgery. | |||||
| CVE-2020-13588 | 1 Rukovoditel | 1 Rukovoditel | 2022-10-06 | 6.8 MEDIUM | 8.8 HIGH |
| An exploitable SQL injection vulnerability exists in the ‘entities/fields’ page of the Rukovoditel Project Management App 2.7.2. The heading_field_id parameter in ‘‘entities/fields’ page is vulnerable to authenticated SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability, this can be done either with administrator credentials or through cross-site request forgery. | |||||
| CVE-2019-9165 | 1 Nagios | 1 Nagios Xi | 2022-10-06 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in Nagios XI before 5.5.11 allows attackers to execute arbitrary SQL commands via the API when using fusekeys and malicious user id. | |||||
| CVE-2022-29155 | 3 Debian, Netapp, Openldap | 14 Debian Linux, H300s, H300s Firmware and 11 more | 2022-10-06 | 7.5 HIGH | 9.8 CRITICAL |
| In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerability exists in the experimental back-sql backend to slapd, via a SQL statement within an LDAP query. This can occur during an LDAP search operation when the search filter is processed, due to a lack of proper escaping. | |||||
| CVE-2022-39817 | 1 Nokia | 1 1350 Optical Management System | 2022-10-06 | N/A | 8.8 HIGH |
| In NOKIA 1350 OMS R14.2, multiple SQL Injection vulnerabilities occurs. Exploitation requires an authenticated attacker. Through the injection of arbitrary SQL statements, a potential authenticated attacker can modify query syntax and perform unauthorized (and unexpected) operations against the remote database. | |||||
| CVE-2022-38542 | 1 Archerydms | 1 Archery | 2022-10-06 | N/A | 9.8 CRITICAL |
| Archery v1.4.0 to v1.8.5 was discovered to contain a SQL injection vulnerability via the ThreadIDs parameter in the kill_session interface. The project has released an update, please upgrade to v1.9.0 and above. | |||||
| CVE-2022-38539 | 1 Archerydms | 1 Archery | 2022-10-06 | N/A | 9.8 CRITICAL |
| Archery v1.7.5 to v1.8.5 was discovered to contain a SQL injection vulnerability via the where parameter at /archive/apply. | |||||
| CVE-2022-40887 | 1 Best Student Result Management System Project | 1 Best Student Result Management System | 2022-10-06 | N/A | 9.8 CRITICAL |
| SourceCodester Best Student Result Management System 1.0 is vulnerable to SQL Injection. | |||||
| CVE-2020-12271 | 1 Sophos | 2 Sfos, Xg Firewall | 2022-10-05 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL injection issue was found in SFOS 17.0, 17.1, 17.5, and 18.0 before 2020-04-25 on Sophos XG Firewall devices, as exploited in the wild in April 2020. This affected devices configured with either the administration (HTTPS) service or the User Portal exposed on the WAN zone. A successful attack may have caused remote code execution that exfiltrated usernames and hashed passwords for the local device admin(s), portal admins, and user accounts used for remote access (but not external Active Directory or LDAP passwords) | |||||
| CVE-2022-0788 | 1 Wpmet | 1 Wp Fundraising Donation And Crowdfunding Platform | 2022-10-05 | 7.5 HIGH | 9.8 CRITICAL |
| The WP Fundraising Donation and Crowdfunding Platform WordPress plugin before 1.5.0 does not sanitise and escape a parameter before using it in a SQL statement via one of it's REST route, leading to an SQL injection exploitable by unauthenticated users | |||||
| CVE-2022-42302 | 1 Veritas | 1 Netbackup | 2022-10-05 | N/A | 9.8 CRITICAL |
| An issue was discovered in Veritas NetBackup through 10.0 and related Veritas products. The NetBackup Primary server is vulnerable to a SQL Injection attack affecting the NBFSMCLIENT service. | |||||
| CVE-2022-22540 | 1 Sap | 1 Netweaver Application Server Abap | 2022-10-05 | 5.0 MEDIUM | 7.5 HIGH |
| SAP NetWeaver AS ABAP (Workplace Server) - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 787, allows an attacker to execute crafted database queries, that could expose the backend database. Successful attacks could result in disclosure of a table of contents from the system, but no risk of modification possible. | |||||
| CVE-2021-21936 | 1 Advantech | 1 R-seenet | 2022-10-05 | 6.5 MEDIUM | 8.8 HIGH |
| A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘health_alt_filter’ parameter. This can be done as any authenticated user or through cross-site request forgery. | |||||