Total
14188 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-4726 | 1 Sanitization Management System Project | 1 Sanitization Management System | 2023-11-07 | N/A | 9.8 CRITICAL |
| A vulnerability classified as critical was found in SourceCodester Sanitization Management System 1.0. Affected by this vulnerability is an unknown functionality of the component Admin Login. The manipulation of the argument username/password leads to sql injection. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-216739. | |||||
| CVE-2022-4592 | 1 Crmx Project | 1 Crmx | 2023-11-07 | N/A | 9.8 CRITICAL |
| A vulnerability was found in luckyshot CRMx and classified as critical. This issue affects the function get/save/delete/comment/commentdelete of the file index.php. The manipulation leads to sql injection. The attack may be initiated remotely. The name of the patch is 8c62d274986137d6a1d06958a6f75c3553f45f8f. It is recommended to apply a patch to fix this issue. The identifier VDB-216185 was assigned to this vulnerability. | |||||
| CVE-2022-4274 | 1 House Rental System Project | 1 House Rental System | 2023-11-07 | N/A | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, was found in House Rental System. Affected is an unknown function of the file /view-property.php. The manipulation of the argument property_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-214770 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-4403 | 1 Canteen Management System Project | 1 Canteen Management System | 2023-11-07 | N/A | 8.8 HIGH |
| A vulnerability classified as critical was found in SourceCodester Canteen Management System. This vulnerability affects unknown code of the file ajax_represent.php. The manipulation of the argument customer_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-215272. | |||||
| CVE-2022-4290 | 1 Cyr To Lat Project | 1 Cyr To Lat | 2023-11-07 | N/A | 8.8 HIGH |
| The Cyr to Lat plugin for WordPress is vulnerable to authenticated SQL Injection via the 'ctl_sanitize_title' function in versions up to, and including, 3.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This potentially allows authenticated users with the ability to add or modify terms or tags to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. A partial patch became available in version 3.6 and the issue was fully patched in version 3.7. | |||||
| CVE-2022-4375 | 1 Mingsoft | 1 Mcms | 2023-11-07 | N/A | 9.8 CRITICAL |
| A vulnerability was found in Mingsoft MCMS up to 5.2.9. It has been classified as critical. Affected is an unknown function of the file /cms/category/list. The manipulation of the argument sqlWhere leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 5.2.10 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-215196. | |||||
| CVE-2022-4322 | 1 Maku | 1 Maku-boot | 2023-11-07 | N/A | 7.2 HIGH |
| A vulnerability, which was classified as critical, was found in maku-boot up to 2.2.0. This affects the function doExecute of the file AbstractScheduleJob.java of the component Scheduled Task Handler. The manipulation leads to injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 446eb7294332efca2bfd791bc37281cedac0d0ff. It is recommended to apply a patch to fix this issue. The identifier VDB-215013 was assigned to this vulnerability. | |||||
| CVE-2022-4454 | 1 M0ver | 1 Bible-online | 2023-11-07 | N/A | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, has been found in m0ver bible-online. Affected by this issue is the function query of the file src/main/java/custom/application/search.java of the component Search Handler. The manipulation leads to sql injection. The name of the patch is 6ef0aabfb2d4ccd53fcaa9707781303af357410e. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-215444. | |||||
| CVE-2022-4399 | 1 Nodau Project | 1 Nodau | 2023-11-07 | N/A | 9.8 CRITICAL |
| A vulnerability was found in TicklishHoneyBee nodau. It has been rated as critical. Affected by this issue is some unknown functionality of the file src/db.c. The manipulation of the argument value/name leads to sql injection. The name of the patch is 7a7d737a3929f335b9717ddbd31db91151b69ad2. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-215252. | |||||
| CVE-2022-4222 | 1 Canteen Management System Project | 1 Canteen Management System | 2023-11-07 | N/A | 9.8 CRITICAL |
| A vulnerability was found in SourceCodester Canteen Management System. It has been rated as critical. This issue affects the function query of the file ajax_invoice.php of the component POST Request Handler. The manipulation of the argument search leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214523. | |||||
| CVE-2022-4416 | 1 Mxsdoc Project | 1 Mxsdoc | 2023-11-07 | N/A | 8.8 HIGH |
| A vulnerability was found in RainyGao DocSys. It has been declared as critical. This vulnerability affects the function getReposAllUsers of the file /DocSystem/Repos/getReposAllUsers.do. The manipulation of the argument searchWord/reposId leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-215278 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-4275 | 1 House Rental System Project | 1 House Rental System | 2023-11-07 | N/A | 9.8 CRITICAL |
| A vulnerability has been found in House Rental System and classified as critical. Affected by this vulnerability is an unknown functionality of the file search-property.php of the component POST Request Handler. The manipulation of the argument search_property leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214771. | |||||
| CVE-2022-48589 | 1 Sciencelogic | 1 Sl1 | 2023-11-07 | N/A | 8.8 HIGH |
| A SQL injection vulnerability exists in the “reporting job editor” feature of the ScienceLogic SL1 that takes unsanitized user-controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database. | |||||
| CVE-2022-48588 | 1 Sciencelogic | 1 Sl1 | 2023-11-07 | N/A | 8.8 HIGH |
| A SQL injection vulnerability exists in the “schedule editor decoupled” feature of the ScienceLogic SL1 that takes unsanitized user-controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database. | |||||
| CVE-2022-48591 | 1 Sciencelogic | 1 Sl1 | 2023-11-07 | N/A | 8.8 HIGH |
| A SQL injection vulnerability exists in the vendor_state parameter of the “vendor print report” feature of the ScienceLogic SL1 that takes unsanitized user-controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database. | |||||
| CVE-2022-48602 | 1 Sciencelogic | 1 Sl1 | 2023-11-07 | N/A | 8.8 HIGH |
| A SQL injection vulnerability exists in the “message viewer print” feature of the ScienceLogic SL1 that takes unsanitized user-controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database. | |||||
| CVE-2022-48603 | 1 Sciencelogic | 1 Sl1 | 2023-11-07 | N/A | 8.8 HIGH |
| A SQL injection vulnerability exists in the “message viewer iframe” feature of the ScienceLogic SL1 that takes unsanitized user-controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database. | |||||
| CVE-2022-48604 | 1 Sciencelogic | 1 Sl1 | 2023-11-07 | N/A | 8.8 HIGH |
| A SQL injection vulnerability exists in the “logging export” feature of the ScienceLogic SL1 that takes unsanitized user-controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database. | |||||
| CVE-2022-4012 | 1 Hospital Management Center Project | 1 Hospital Management Center | 2023-11-07 | N/A | 9.8 CRITICAL |
| A vulnerability classified as critical has been found in Hospital Management Center. Affected is an unknown function of the file patient-info.php. The manipulation of the argument pt_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-213786 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-48149 | 1 Online Student Admission System Project | 1 Online Student Admission System | 2023-11-07 | N/A | 9.8 CRITICAL |
| Online Student Admission System in PHP Free Source Code 1.0 was discovered to contain a SQL injection vulnerability via the username parameter. | |||||