Total
14188 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-3802 | 1 Ibax | 1 Go-ibax | 2023-11-07 | N/A | 8.8 HIGH |
| A vulnerability has been found in IBAX go-ibax and classified as critical. This vulnerability affects unknown code of the file /api/v2/open/rowsInfo. The manipulation of the argument where leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-212638 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-3798 | 1 Ibax | 1 Go-ibax | 2023-11-07 | N/A | 8.8 HIGH |
| A vulnerability classified as critical has been found in IBAX go-ibax. Affected is an unknown function of the file /api/v2/open/tablesInfo. The manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-212634 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-3760 | 1 Miateknoloji | 1 Mia-med | 2023-11-07 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mia Technology Mia-Med.This issue affects Mia-Med: before 1.0.0.58. | |||||
| CVE-2022-3789 | 1 Tim Campus Confession Wall Project | 1 Tim Campus Confession Wall | 2023-11-07 | N/A | 9.8 CRITICAL |
| A vulnerability has been found in Tim Campus Confession Wall and classified as critical. Affected by this vulnerability is an unknown functionality of the file share.php. The manipulation of the argument post_id leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-212611. | |||||
| CVE-2022-3878 | 1 Maxonerp | 1 Maxon | 2023-11-07 | N/A | 9.8 CRITICAL |
| A vulnerability classified as critical has been found in Maxon ERP. This affects an unknown part of the file /index.php/purchase_order/browse_data. The manipulation of the argument tb_search leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-213039. | |||||
| CVE-2022-3141 | 1 Cozmoslabs | 1 Translatepress | 2023-11-07 | N/A | 8.8 HIGH |
| The Translate Multilingual sites WordPress plugin before 2.3.3 is vulnerable to an authenticated SQL injection. By adding a new language (via the settings page) containing specific special characters, the backticks in the SQL query can be surpassed and a time-based blind payload can be injected. | |||||
| CVE-2022-3142 | 1 Basixonline | 1 Nex-forms | 2023-11-07 | N/A | 8.8 HIGH |
| The NEX-Forms WordPress plugin before 7.9.7 does not properly sanitise and escape user input before using it in SQL statements, leading to SQL injections. The attack can be executed by anyone who is permitted to view the forms statistics chart, by default administrators, however can be configured otherwise via the plugin settings. | |||||
| CVE-2022-38074 | 1 Veronalabs | 1 Wp Statistics | 2023-11-07 | N/A | 8.8 HIGH |
| SQL Injection vulnerability in VeronaLabs WP Statistics pluginĀ <= 13.2.10 versions. | |||||
| CVE-2022-36759 | 1 Online Food Ordering System Project | 1 Online Food Ordering System | 2023-11-07 | N/A | 9.8 CRITICAL |
| Online Food Ordering System v1.0 was discovered to contain a SQL injection vulnerability via the component /dishes.php?res_id=. | |||||
| CVE-2022-33875 | 1 Fortinet | 1 Fortiadc | 2023-11-07 | N/A | 8.8 HIGH |
| An improper neutralization of special elements used in an SQL Command ('SQL Injection') vulnerability in Fortinet FortiADC version 7.1.0, version 7.0.0 through 7.0.2 and version 6.2.4 and below allows an authenticatedĀ attacker to execute unauthorized code or commands via specifically crafted HTTP requests. | |||||
| CVE-2022-34265 | 1 Djangoproject | 1 Django | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0.6. The Trunc() and Extract() database functions are subject to SQL injection if untrusted data is used as a kind/lookup_name value. Applications that constrain the lookup name and kind choice to a known safe list are unaffected. | |||||
| CVE-2022-31197 | 3 Debian, Fedoraproject, Postgresql | 3 Debian Linux, Fedora, Postgresql Jdbc Driver | 2023-11-07 | N/A | 8.0 HIGH |
| PostgreSQL JDBC Driver (PgJDBC for short) allows Java programs to connect to a PostgreSQL database using standard, database independent Java code. The PGJDBC implementation of the `java.sql.ResultRow.refreshRow()` method is not performing escaping of column names so a malicious column name that contains a statement terminator, e.g. `;`, could lead to SQL injection. This could lead to executing additional SQL commands as the application's JDBC user. User applications that do not invoke the `ResultSet.refreshRow()` method are not impacted. User application that do invoke that method are impacted if the underlying database that they are querying via their JDBC application may be under the control of an attacker. The attack requires the attacker to trick the user into executing SQL against a table name who's column names would contain the malicious SQL and subsequently invoke the `refreshRow()` method on the ResultSet. Note that the application's JDBC user and the schema owner need not be the same. A JDBC application that executes as a privileged user querying database schemas owned by potentially malicious less-privileged users would be vulnerable. In that situation it may be possible for the malicious user to craft a schema that causes the application to execute commands as the privileged user. Patched versions will be released as `42.2.26` and `42.4.1`. Users are advised to upgrade. There are no known workarounds for this issue. | |||||
| CVE-2022-30599 | 3 Fedoraproject, Moodle, Redhat | 3 Fedora, Moodle, Enterprise Linux | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| A flaw was found in moodle where an SQL injection risk was identified in Badges code relating to configuring criteria. | |||||
| CVE-2022-2504 | 1 Sdd-baro Project | 1 Sdd-baro | 2023-11-07 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SDD Computer Software SDD-Baro allows SQL Injection.This issue affects SDD-Baro: before 2.8.432. | |||||
| CVE-2022-2238 | 1 Redhat | 1 Advanced Cluster Management For Kubernetes | 2023-11-07 | N/A | 6.5 MEDIUM |
| A vulnerability was found in the search-api container in Red Hat Advanced Cluster Management for Kubernetes when a query in the search filter gets parsed by the backend. This flaw allows an attacker to craft specific strings containing special characters that lead to crashing the pod and affects system availability while restarting. | |||||
| CVE-2022-29650 | 1 Online Food Ordering System Project | 1 Online Food Ordering System | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| Online Food Ordering System v1.0 was discovered to contain a SQL injection vulnerability via the Search parameter at /online-food-order/food-search.php. | |||||
| CVE-2022-2017 | 1 Prison Management System Project | 1 Prison Management System | 2023-11-07 | 6.5 MEDIUM | 7.2 HIGH |
| A vulnerability was found in SourceCodester Prison Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /pms/admin/visits/view_visit.php of the component Visit Handler. The manipulation of the argument id with the input 2%27and%201=2%20union%20select%201,2,3,4,5,6,7,user(),database()--+ leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2022-2018 | 1 Prison Management System Project | 1 Prison Management System | 2023-11-07 | 7.5 HIGH | 7.2 HIGH |
| A vulnerability classified as critical has been found in SourceCodester Prison Management System 1.0. Affected is an unknown function of the file /admin/?page=inmates/view_inmate of the component Inmate Handler. The manipulation of the argument id with the input 1%27%20and%201=2%20union%20select%201,user(),3,4,5,6,7,8,9,0,database(),2,3,4,5,6,7,8,9,0,1,2,3,4--+ leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2022-29316 | 1 Complete Online Job Search System Project | 1 Complete Online Job Search System | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| Complete Online Job Search System v1.0 was discovered to contain a SQL injection vulnerability via /eris/index.php?q=result&searchfor=advancesearch. | |||||
| CVE-2022-2577 | 1 Garage Management System Project | 1 Garage Management System | 2023-11-07 | N/A | 8.8 HIGH |
| A vulnerability classified as critical was found in SourceCodester Garage Management System 1.0. This vulnerability affects unknown code of the file /edituser.php. The manipulation of the argument id with the input -2'%20UNION%20select%2011,user(),333,444--+ leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||