Total
11593 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-34953 | 1 Phptpoint | 1 Pharmacy Management System | 2022-08-05 | N/A | 9.8 CRITICAL |
| Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the startDate parameter at getOrderReport.php. | |||||
| CVE-2022-34952 | 1 Phptpoint | 1 Pharmacy Management System | 2022-08-05 | N/A | 9.8 CRITICAL |
| Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at edituser.php. | |||||
| CVE-2022-34951 | 1 Phptpoint | 1 Pharmacy Management System | 2022-08-05 | N/A | 9.8 CRITICAL |
| Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the startDate parameter at getsalereport.php. | |||||
| CVE-2022-34945 | 1 Pharmacy Management System Project | 1 Pharmacy Management System | 2022-08-04 | N/A | 9.8 CRITICAL |
| Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the startDate parameter at getproductreport.php. | |||||
| CVE-2022-34946 | 1 Pharmacy Management System Project | 1 Pharmacy Management System | 2022-08-04 | N/A | 9.8 CRITICAL |
| Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the startDate parameter at getexpproduct.php. | |||||
| CVE-2022-34947 | 1 Pharmacy Management System Project | 1 Pharmacy Management System | 2022-08-04 | N/A | 9.8 CRITICAL |
| Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at editcategory.php. | |||||
| CVE-2022-34948 | 1 Pharmacy Management System Project | 1 Pharmacy Management System | 2022-08-04 | N/A | 9.8 CRITICAL |
| Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at editbrand.php. | |||||
| CVE-2022-34949 | 1 Pharmacy Management System Project | 1 Pharmacy Management System | 2022-08-04 | N/A | 9.8 CRITICAL |
| Pharmacy Management System v1.0 was discovered to contain multiple SQL injection vulnerabilities via the email or password parameter at login.php. | |||||
| CVE-2022-34950 | 1 Pharmacy Management System Project | 1 Pharmacy Management System | 2022-08-04 | N/A | 9.8 CRITICAL |
| Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at editproduct.php. | |||||
| CVE-2022-34955 | 1 Pligg | 1 Pligg Cms | 2022-08-04 | N/A | 9.8 CRITICAL |
| Pligg CMS v2.0.2 was discovered to contain a time-based SQL injection vulnerability via the page_size parameter at load_data_for_topusers.php. | |||||
| CVE-2022-34956 | 1 Pligg | 1 Pligg Cms | 2022-08-04 | N/A | 9.8 CRITICAL |
| Pligg CMS v2.0.2 was discovered to contain a time-based SQL injection vulnerability via the page_size parameter at load_data_for_groups.php. | |||||
| CVE-2022-35421 | 1 Online Tours And Travels Management System Project | 1 Online Tours And Travels Management System | 2022-08-04 | N/A | 7.2 HIGH |
| Online Tours And Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the pname parameter at /admin/operations/packages.php. | |||||
| CVE-2022-35422 | 1 Web Based Quiz System Project | 1 Web Based Quiz System | 2022-08-04 | N/A | 9.8 CRITICAL |
| Web Based Quiz System v1.0 was discovered to contain a SQL injection vulnerability via the qid parameter at update.php. | |||||
| CVE-2022-1950 | 1 Kainelabs | 1 Youzify | 2022-08-04 | N/A | 9.8 CRITICAL |
| The Youzify WordPress plugin before 1.2.0 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to an unauthenticated SQL injection | |||||
| CVE-2022-34954 | 1 Phptpoint | 1 Pharmacy Management System | 2022-08-04 | N/A | 9.8 CRITICAL |
| Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at invoiceprint.php. | |||||
| CVE-2021-24750 | 1 Wp Visitor Statistics \(real Time Traffic\) Project | 1 Wp Visitor Statistics \(real Time Traffic\) | 2022-08-04 | 6.5 MEDIUM | 8.8 HIGH |
| The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 4.8 does not properly sanitise and escape the refUrl in the refDetails AJAX action, available to any authenticated user, which could allow users with a role as low as subscriber to perform SQL injection attacks | |||||
| CVE-2022-0410 | 1 Wp Visitor Statistics Project | 1 Wp Visitor Statistics | 2022-08-04 | 6.5 MEDIUM | 8.8 HIGH |
| The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 5.6 does not sanitise and escape the id parameter before using it in a SQL statement via the refUrlDetails AJAX action, available to any authenticated user, leading to a SQL injection | |||||
| CVE-2022-34557 | 1 Barangay Management System Project | 1 Barangay Management System | 2022-08-04 | N/A | 8.8 HIGH |
| Barangay Management System v1.0 was discovered to contain a SQL injection vulnerability via the hidden_id parameter at /pages/permit/permit.php. | |||||
| CVE-2022-27613 | 1 Synology | 1 Carddav Server | 2022-08-03 | N/A | 8.8 HIGH |
| Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in webapi component in Synology CardDAV Server before 6.0.10-0153 allows remote authenticated users to inject SQL commands via unspecified vectors. | |||||
| CVE-2022-36161 | 1 Garage Management System Project | 1 Garage Management System | 2022-08-02 | N/A | 9.8 CRITICAL |
| Orange Station 1.0 was discovered to contain a SQL injection vulnerability via the username parameter. | |||||