Total
11593 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-38274 | 1 Jflyfox | 1 Jfinal Cms | 2022-09-13 | N/A | 7.2 HIGH |
| JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/comment/list. | |||||
| CVE-2022-38275 | 1 Jflyfox | 1 Jfinal Cms | 2022-09-13 | N/A | 7.2 HIGH |
| JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/contact/list. | |||||
| CVE-2022-38276 | 1 Jflyfox | 1 Jfinal Cms | 2022-09-13 | N/A | 7.2 HIGH |
| JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/foldernotice/list. | |||||
| CVE-2022-1807 | 1 Sophos | 1 Firewall | 2022-09-12 | N/A | 7.2 HIGH |
| Multiple SQLi vulnerabilities in Webadmin allow for privilege escalation from admin to super-admin in Sophos Firewall older than version 18.5 MR4 and version 19.0 MR1. | |||||
| CVE-2022-3130 | 1 Online Driving School Project Project | 1 Online Driving School Project | 2022-09-12 | N/A | 9.8 CRITICAL |
| A vulnerability classified as critical has been found in codeprojects Online Driving School. This affects an unknown part of the file /login.php. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-207873 was assigned to this vulnerability. | |||||
| CVE-2019-5114 | 1 Youphptube | 1 Youphptube | 2022-09-10 | 9.3 HIGH | 9.9 CRITICAL |
| An exploitable SQL injection vulnerability exists in the authenticated portion of YouPHPTube 7.6. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and,in certain configuration, access the underlying operating system. | |||||
| CVE-2021-43481 | 1 Webtareas Project | 1 Webtareas | 2022-09-09 | 7.5 HIGH | 9.8 CRITICAL |
| An SQL Injection vulnerability exists in Webtareas 2.4p3 and earlier via the $uq HTTP POST parameter in editapprovalstage.php. | |||||
| CVE-2022-27927 | 1 Microfinance Management System Project | 1 Microfinance Management System | 2022-09-09 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL injection vulnerability exists in Microfinance Management System 1.0 when MySQL is being used as the application database. An attacker can issue SQL commands to the MySQL database through the vulnerable course_code and/or customer_number parameter. | |||||
| CVE-2022-37185 | 1 Ems Project | 1 Ems | 2022-09-09 | N/A | 7.5 HIGH |
| SQL injection vulnerability exists in the school information query interface (repschoolproj.php) of the EMS 6.2 system of the Office of the Thai Basic Education Commission, which can lead to data leakage. | |||||
| CVE-2022-29058 | 1 Fortinet | 4 Fortiap, Fortiap-s, Fortiap-u and 1 more | 2022-09-09 | N/A | 7.8 HIGH |
| An improper neutralization of special elements [CWE-89] used in an OS command vulnerability [CWE-78] in the command line interpreter of FortiAP 6.0.0 through 6.4.7, 7.0.0 through 7.0.3, 7.2.0, FortiAP-S 6.0.0 through 6.4.7, FortiAP-W2 6.0.0 through 6.4.7, 7.0.0 through 7.0.3, 7.2.0 and FortiAP-U 5.4.0 through 6.2.3 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands. | |||||
| CVE-2022-38250 | 1 Nagios | 1 Nagios Xi | 2022-09-09 | N/A | 9.8 CRITICAL |
| Nagios XI v5.8.6 was discovered to contain a SQL injection vulnerability via the mib_name parameter at the Manage MIBs page. | |||||
| CVE-2022-38255 | 1 Interview Management System Project | 1 Interview Management System | 2022-09-09 | N/A | 7.2 HIGH |
| Interview Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /interview/editQuestion.php. | |||||
| CVE-2022-38260 | 1 Interview Management System Project | 1 Interview Management System | 2022-09-09 | N/A | 7.2 HIGH |
| Interview Management System v1.0 was discovered to contain a SQL injection vulnerability via the component /interview/delete.php?action=questiondelete&id=. | |||||
| CVE-2022-3118 | 1 Erp System Project Project | 1 Erp System Project | 2022-09-09 | N/A | 9.8 CRITICAL |
| A vulnerability was found in Sourcecodehero ERP System Project. It has been rated as critical. This issue affects some unknown processing of the file /pages/processlogin.php. The manipulation of the argument user leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-207845 was assigned to this vulnerability. | |||||
| CVE-2022-38812 | 1 Aerocms Project | 1 Aerocms | 2022-09-07 | N/A | 6.5 MEDIUM |
| AeroCMS 0.1.1 is vulnerable to SQL Injection via the author parameter. | |||||
| CVE-2022-36581 | 1 Online Ordering System Project | 1 Online Ordering System | 2022-09-02 | N/A | 7.5 HIGH |
| Online Ordering System v2.3.2 was discovered to contain a SQL injection vulnerability via the user_email parameter at /admin/login.php. | |||||
| CVE-2022-36636 | 1 Garage Management System Project | 1 Garage Management System | 2022-09-02 | N/A | 8.8 HIGH |
| Garage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /print.php. | |||||
| CVE-2022-36609 | 1 Clinic\'s Patient Management System Project | 1 Clinic\'s Patient Management System | 2022-09-02 | N/A | 9.8 CRITICAL |
| Clinic's Patient Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /pms/update_patient.php. | |||||
| CVE-2022-36594 | 1 Mybatis | 1 Mapper | 2022-09-02 | N/A | 9.8 CRITICAL |
| Mapper v4.0.0 to v4.2.0 was discovered to contain a SQL injection vulnerability via the ids parameter at the selectByIds function. | |||||
| CVE-2022-36676 | 1 Simple Task Scheduling System Project | 1 Simple Task Scheduling System | 2022-09-02 | N/A | 7.2 HIGH |
| Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /categories/view_category.php. | |||||