Total
14188 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-13588 | 1 Rukovoditel | 1 Rukovoditel | 2022-10-06 | 6.8 MEDIUM | 8.8 HIGH |
| An exploitable SQL injection vulnerability exists in the ‘entities/fields’ page of the Rukovoditel Project Management App 2.7.2. The heading_field_id parameter in ‘‘entities/fields’ page is vulnerable to authenticated SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability, this can be done either with administrator credentials or through cross-site request forgery. | |||||
| CVE-2019-9165 | 1 Nagios | 1 Nagios Xi | 2022-10-06 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in Nagios XI before 5.5.11 allows attackers to execute arbitrary SQL commands via the API when using fusekeys and malicious user id. | |||||
| CVE-2022-29155 | 3 Debian, Netapp, Openldap | 14 Debian Linux, H300s, H300s Firmware and 11 more | 2022-10-06 | 7.5 HIGH | 9.8 CRITICAL |
| In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerability exists in the experimental back-sql backend to slapd, via a SQL statement within an LDAP query. This can occur during an LDAP search operation when the search filter is processed, due to a lack of proper escaping. | |||||
| CVE-2022-39817 | 1 Nokia | 1 1350 Optical Management System | 2022-10-06 | N/A | 8.8 HIGH |
| In NOKIA 1350 OMS R14.2, multiple SQL Injection vulnerabilities occurs. Exploitation requires an authenticated attacker. Through the injection of arbitrary SQL statements, a potential authenticated attacker can modify query syntax and perform unauthorized (and unexpected) operations against the remote database. | |||||
| CVE-2022-38542 | 1 Archerydms | 1 Archery | 2022-10-06 | N/A | 9.8 CRITICAL |
| Archery v1.4.0 to v1.8.5 was discovered to contain a SQL injection vulnerability via the ThreadIDs parameter in the kill_session interface. The project has released an update, please upgrade to v1.9.0 and above. | |||||
| CVE-2022-38539 | 1 Archerydms | 1 Archery | 2022-10-06 | N/A | 9.8 CRITICAL |
| Archery v1.7.5 to v1.8.5 was discovered to contain a SQL injection vulnerability via the where parameter at /archive/apply. | |||||
| CVE-2022-42302 | 1 Veritas | 1 Netbackup | 2022-10-05 | N/A | 9.8 CRITICAL |
| An issue was discovered in Veritas NetBackup through 10.0 and related Veritas products. The NetBackup Primary server is vulnerable to a SQL Injection attack affecting the NBFSMCLIENT service. | |||||
| CVE-2022-22540 | 1 Sap | 1 Netweaver Application Server Abap | 2022-10-05 | 5.0 MEDIUM | 7.5 HIGH |
| SAP NetWeaver AS ABAP (Workplace Server) - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 787, allows an attacker to execute crafted database queries, that could expose the backend database. Successful attacks could result in disclosure of a table of contents from the system, but no risk of modification possible. | |||||
| CVE-2021-21936 | 1 Advantech | 1 R-seenet | 2022-10-05 | 6.5 MEDIUM | 8.8 HIGH |
| A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘health_alt_filter’ parameter. This can be done as any authenticated user or through cross-site request forgery. | |||||
| CVE-2022-42304 | 1 Veritas | 1 Netbackup | 2022-10-04 | N/A | 9.8 CRITICAL |
| An issue was discovered in Veritas NetBackup through 10.0 and related Veritas products. The NetBackup Primary server is vulnerable to a SQL Injection attack affecting idm, nbars, and SLP manager code. | |||||
| CVE-2022-42303 | 1 Veritas | 1 Netbackup | 2022-10-04 | N/A | 9.8 CRITICAL |
| An issue was discovered in Veritas NetBackup through 10.0 and related Veritas products. The NetBackup Primary server is vulnerable to a second-order SQL Injection attack affecting the NBFSMCLIENT service by leveraging CVE-2022-42302. | |||||
| CVE-2020-35674 | 1 Bigprof | 1 Online Invoicing System | 2022-10-03 | N/A | 9.8 CRITICAL |
| BigProf Online Invoicing System before 2.9 suffers from an unauthenticated SQL Injection found in /membership_passwordReset.php (the endpoint that is responsible for issuing self-service password resets). An unauthenticated attacker is able to send a request containing a crafted payload that can result in sensitive information being extracted from the database, eventually leading into an application takeover. This vulnerability was introduced as a result of the developer trying to roll their own sanitization implementation in order to allow the application to be used in legacy environments. | |||||
| CVE-2022-36201 | 1 Doctor\'s Appointment System Project | 1 Doctor\'s Appointment System | 2022-10-01 | N/A | 9.8 CRITICAL |
| Doctor’s Appointment System v1.0 is vulnerable to Blind SQLi via settings.php. | |||||
| CVE-2022-38118 | 1 Hgiga | 1 Oaklouds Portal | 2022-10-01 | N/A | 8.8 HIGH |
| OAKlouds Portal website’s Meeting Room has insufficient validation for user input. A remote attacker with general user privilege can perform SQL-injection to access, modify, delete database, perform system operations and disrupt service. | |||||
| CVE-2020-5515 | 1 Gilacms | 1 Gila Cms | 2022-09-30 | 6.5 MEDIUM | 7.2 HIGH |
| Gila CMS 1.11.8 allows /admin/sql?query= SQL Injection. | |||||
| CVE-2021-45788 | 1 Metersphere | 1 Metersphere | 2022-09-30 | N/A | 8.8 HIGH |
| Time-based SQL Injection vulnerabilities were found in Metersphere v1.15.4 via the "orders" parameter. | |||||
| CVE-2022-27381 | 2 Debian, Mariadb | 2 Debian Linux, Mariadb | 2022-09-29 | 5.0 MEDIUM | 7.5 HIGH |
| An issue in the component Field::set_default of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. | |||||
| CVE-2022-27386 | 2 Debian, Mariadb | 2 Debian Linux, Mariadb | 2022-09-29 | 5.0 MEDIUM | 7.5 HIGH |
| MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component sql/sql_class.cc. | |||||
| CVE-2022-27384 | 2 Debian, Mariadb | 2 Debian Linux, Mariadb | 2022-09-29 | 5.0 MEDIUM | 7.5 HIGH |
| An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. | |||||
| CVE-2022-31181 | 1 Prestashop | 1 Prestashop | 2022-09-27 | N/A | 9.8 CRITICAL |
| PrestaShop is an Open Source e-commerce platform. In versions from 1.6.0.10 and before 1.7.8.7 PrestaShop is subject to an SQL injection vulnerability which can be chained to call PHP's Eval function on attacker input. The problem is fixed in version 1.7.8.7. Users are advised to upgrade. Users unable to upgrade may delete the MySQL Smarty cache feature. | |||||