Total
11593 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-38509 | 1 Wedding Planner Project | 1 Wedding Planner | 2022-09-22 | N/A | 9.8 CRITICAL |
| Wedding Planner v1.0 was discovered to contain a SQL injection vulnerability via the booking_id parameter at /admin/budget.php. | |||||
| CVE-2022-38619 | 1 Bpcbt | 1 Smartvista Front-end | 2022-09-22 | N/A | 9.8 CRITICAL |
| SmartVista SVFE2 v2.2.22 was discovered to contain a SQL injection vulnerability via the UserForm:j_id90 parameter at /SVFE2/pages/feegroups/mcc_group.jsf. | |||||
| CVE-2022-37205 | 1 Jflyfox | 1 Jfinal Cms | 2022-09-22 | N/A | 8.8 HIGH |
| JFinal CMS 5.1.0 is affected by: SQL Injection. These interfaces do not use the same component, nor do they have filters, but each uses its own SQL concatenation method, resulting in SQL injection. | |||||
| CVE-2022-37204 | 1 Jflyfox | 1 Jfinal Cms | 2022-09-21 | N/A | 9.8 CRITICAL |
| Final CMS 5.1.0 is vulnerable to SQL Injection. | |||||
| CVE-2022-38576 | 1 Interview Management System Project | 1 Interview Management System | 2022-09-21 | N/A | 7.2 HIGH |
| Interview Management System v1.0 was discovered to contain a SQL injection vulnerability via the component /interview/delete.php?action=deletecand&id=. | |||||
| CVE-2022-37203 | 1 Jflyfox | 1 Jfinal Cms | 2022-09-21 | N/A | 9.8 CRITICAL |
| JFinal CMS 5.1.0 is vulnerable to SQL Injection. These interfaces do not use the same component, nor do they have filters, but each uses its own SQL concatenation method, resulting in SQL injection. | |||||
| CVE-2022-38618 | 1 Bpcbt | 1 Smartvista | 2022-09-21 | N/A | 8.8 HIGH |
| SmartVista SVFE2 v2.2.22 was discovered to contain a SQL injection vulnerability via the UserForm:j_id88, UserForm:j_id90, and UserForm:j_id92 parameters at /SVFE2/pages/feegroups/country_group.jsf. | |||||
| CVE-2022-38617 | 1 Bpcbt | 1 Smartvista | 2022-09-21 | N/A | 8.8 HIGH |
| SmartVista SVFE2 v2.2.22 was discovered to contain a SQL injection vulnerability via the voiceAudit:j_id97 parameter at /SVFE2/pages/audit/voiceaudit.jsf. | |||||
| CVE-2022-2958 | 1 Badgeos | 1 Badgos | 2022-09-21 | N/A | 8.8 HIGH |
| The BadgeOS WordPress plugin before 3.7.1.3 does not sanitise and escape parameters before using them in SQL statements via AJAX actions available to any authenticated users, leading to SQL Injections | |||||
| CVE-2022-2754 | 1 Ketchup Restaurant Reservations Project | 1 Ketchup Restaurant Reservations | 2022-09-21 | N/A | 9.8 CRITICAL |
| The Ketchup Restaurant Reservations WordPress plugin through 1.0.0 does not validate and escape some reservation parameters before using them in SQL statements, which could allow unauthenticated attackers to perform SQL Injection attacks | |||||
| CVE-2022-40766 | 1 Moderncampus | 1 Omni Cms | 2022-09-21 | N/A | 9.8 CRITICAL |
| Modern Campus Omni CMS (formerly OU Campus) 10.2.4 allows login-page SQL injection via a '" OR 1 = 1 -- - , <?php' substring. | |||||
| CVE-2022-40300 | 1 Zohocorp | 3 Manageengine Access Manager Plus, Manageengine Pam360, Manageengine Password Manager Pro | 2022-09-21 | N/A | 9.8 CRITICAL |
| Zoho ManageEngine Password Manager Pro through 12120 before 12121, PAM360 through 5550 before 5600, and Access Manager Plus through 4304 before 4305 have multiple SQL injection vulnerabilities. | |||||
| CVE-2022-26959 | 1 Globalnorthstar | 1 Northstar Club Management | 2022-09-19 | N/A | 9.8 CRITICAL |
| There are two full (read/write) Blind/Time-based SQL injection vulnerabilities in the Northstar Club Management version 6.3 application. The vulnerabilities exist in the userName parameter of the processlogin.jsp page in the /northstar/Portal/ directory and the userID parameter of the login.jsp page in the /northstar/iphone/ directory. Exploitation of the SQL injection vulnerabilities allows full access to the database which contains critical data for organization’s that make full use of the software suite. | |||||
| CVE-2022-37201 | 1 Jflyfox | 1 Jfinal Cms | 2022-09-19 | N/A | 8.8 HIGH |
| JFinal CMS 5.1.0 is vulnerable to SQL Injection. | |||||
| CVE-2022-35947 | 1 Glpi-project | 1 Glpi | 2022-09-19 | N/A | 9.8 CRITICAL |
| GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. Affected versions have been found to be vulnerable to a SQL injection attack which an attacker could leverage to simulate an arbitrary user login. Users are advised to upgrade to version 10.0.3. Users unable to upgrade should disable the `Enable login with external token` API configuration. | |||||
| CVE-2022-35946 | 1 Glpi-project | 1 Glpi | 2022-09-19 | N/A | 6.5 MEDIUM |
| GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In affected versions request input is not properly validated in the plugin controller and can be used to access low-level API of Plugin class. An attacker can, for instance, alter database data. Attacker must have "General setup" update rights to be able to perform this attack. Users are advised to upgrade to version 10.0.3. Users unable to upgrade should remove the `front/plugin.form.php` script. | |||||
| CVE-2022-37207 | 1 Jflyfox | 1 Jfinal Cms | 2022-09-18 | N/A | 8.8 HIGH |
| JFinal CMS 5.1.0 is affected by: SQL Injection. These interfaces do not use the same component, nor do they have filters, but each uses its own SQL concatenation method, resulting in SQL injection | |||||
| CVE-2022-38878 | 1 School Activity Updates With Sms Notification Project | 1 School Activity Updates With Sms Notification | 2022-09-17 | N/A | 7.2 HIGH |
| School Activity Updates with SMS Notification v1.0 is vulnerable to SQL Injection via /activity/admin/modules/event/index.php?view=edit&id=. | |||||
| CVE-2022-35193 | 1 Testlink | 1 Testlink | 2022-09-17 | N/A | 7.2 HIGH |
| TestLink v1.9.20 was discovered to contain a SQL injection vulnerability via /lib/execute/execNavigator.php. | |||||
| CVE-2022-38808 | 1 Yimihome | 1 Ywoa | 2022-09-17 | N/A | 8.8 HIGH |
| ywoa v6.1 is vulnerable to SQL Injection via backend/oa/visual/exportExcel.do interface. | |||||