Total
11593 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-42304 | 1 Veritas | 1 Netbackup | 2022-10-04 | N/A | 9.8 CRITICAL |
| An issue was discovered in Veritas NetBackup through 10.0 and related Veritas products. The NetBackup Primary server is vulnerable to a SQL Injection attack affecting idm, nbars, and SLP manager code. | |||||
| CVE-2022-42303 | 1 Veritas | 1 Netbackup | 2022-10-04 | N/A | 9.8 CRITICAL |
| An issue was discovered in Veritas NetBackup through 10.0 and related Veritas products. The NetBackup Primary server is vulnerable to a second-order SQL Injection attack affecting the NBFSMCLIENT service by leveraging CVE-2022-42302. | |||||
| CVE-2022-41440 | 1 Billing System Project Project | 1 Billing System Project | 2022-10-04 | N/A | 7.2 HIGH |
| Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /phpinventory/editcategory.php. | |||||
| CVE-2022-41439 | 1 Billing System Project Project | 1 Billing System Project | 2022-10-04 | N/A | 7.2 HIGH |
| Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /phpinventory/edituser.php. | |||||
| CVE-2020-35674 | 1 Bigprof | 1 Online Invoicing System | 2022-10-03 | N/A | 9.8 CRITICAL |
| BigProf Online Invoicing System before 2.9 suffers from an unauthenticated SQL Injection found in /membership_passwordReset.php (the endpoint that is responsible for issuing self-service password resets). An unauthenticated attacker is able to send a request containing a crafted payload that can result in sensitive information being extracted from the database, eventually leading into an application takeover. This vulnerability was introduced as a result of the developer trying to roll their own sanitization implementation in order to allow the application to be used in legacy environments. | |||||
| CVE-2022-36201 | 1 Doctor\'s Appointment System Project | 1 Doctor\'s Appointment System | 2022-10-01 | N/A | 9.8 CRITICAL |
| Doctor’s Appointment System v1.0 is vulnerable to Blind SQLi via settings.php. | |||||
| CVE-2022-38118 | 1 Hgiga | 1 Oaklouds Portal | 2022-10-01 | N/A | 8.8 HIGH |
| OAKlouds Portal website’s Meeting Room has insufficient validation for user input. A remote attacker with general user privilege can perform SQL-injection to access, modify, delete database, perform system operations and disrupt service. | |||||
| CVE-2020-5515 | 1 Gilacms | 1 Gila Cms | 2022-09-30 | 6.5 MEDIUM | 7.2 HIGH |
| Gila CMS 1.11.8 allows /admin/sql?query= SQL Injection. | |||||
| CVE-2022-31367 | 1 Strapi | 1 Strapi | 2022-09-30 | N/A | 8.8 HIGH |
| Strapi before 3.6.10 and 4.x before 4.1.10 mishandles hidden attributes within admin API responses. | |||||
| CVE-2021-45788 | 1 Metersphere | 1 Metersphere | 2022-09-30 | N/A | 8.8 HIGH |
| Time-based SQL Injection vulnerabilities were found in Metersphere v1.15.4 via the "orders" parameter. | |||||
| CVE-2022-37209 | 1 Jflyfox | 1 Jfinal Cms | 2022-09-29 | N/A | 8.8 HIGH |
| JFinal CMS 5.1.0 is affected by: SQL Injection. These interfaces do not use the same component, nor do they have filters, but each uses its own SQL concatenation method, resulting in SQL injection. | |||||
| CVE-2022-3323 | 1 Advantech | 1 Iview | 2022-09-29 | N/A | 7.5 HIGH |
| An SQL injection vulnerability in Advantech iView 5.7.04.6469. The specific flaw exists within the ConfigurationServlet endpoint, which listens on TCP port 8080 by default. An unauthenticated remote attacker can craft a special column_value parameter in the setConfiguration action to bypass checks in com.imc.iview.utils.CUtils.checkSQLInjection() to perform SQL injection. For example, the attacker can exploit the vulnerability to retrieve the iView admin password. | |||||
| CVE-2022-27381 | 2 Debian, Mariadb | 2 Debian Linux, Mariadb | 2022-09-29 | 5.0 MEDIUM | 7.5 HIGH |
| An issue in the component Field::set_default of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. | |||||
| CVE-2022-27384 | 2 Debian, Mariadb | 2 Debian Linux, Mariadb | 2022-09-29 | 5.0 MEDIUM | 7.5 HIGH |
| An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. | |||||
| CVE-2022-27386 | 2 Debian, Mariadb | 2 Debian Linux, Mariadb | 2022-09-29 | 5.0 MEDIUM | 7.5 HIGH |
| MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component sql/sql_class.cc. | |||||
| CVE-2022-41570 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2022-09-28 | N/A | 9.8 CRITICAL |
| An issue was discovered in EyesOfNetwork (EON) through 5.3.11. Unauthenticated SQL injection can occur. | |||||
| CVE-2022-40877 | 1 Exam Reviewer Management System Project | 1 Exam Reviewer Management System | 2022-09-28 | N/A | 9.8 CRITICAL |
| Exam Reviewer Management System 1.0 is vulnerable to SQL Injection via the ‘id’ parameter. | |||||
| CVE-2022-40354 | 1 Online Tours \& Travels Management System Project | 1 Online Tours \& Travels Management System | 2022-09-28 | N/A | 7.2 HIGH |
| Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/update_booking.php. | |||||
| CVE-2022-40353 | 1 Online Tours \& Travels Management System Project | 1 Online Tours \& Travels Management System | 2022-09-28 | N/A | 7.2 HIGH |
| Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/up_booking.php. | |||||
| CVE-2021-41433 | 1 Resumes Management And Job Application Website Application Project | 1 Resumes Management And Job Application Website Application | 2022-09-28 | N/A | 9.8 CRITICAL |
| SQL Injection vulnerability exists in version 1.0 of the Resumes Management and Job Application Website application login form by EGavilan Media that allows authentication bypass through login.php. | |||||