Total
14188 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-32299 | 1 Youdiancms | 1 Youdiancms | 2022-09-23 | 6.5 MEDIUM | 8.8 HIGH |
| YoudianCMS v9.5.0 was discovered to contain a SQL injection vulnerability via the id parameter at /App/Lib/Action/Admin/SiteAction.class.php. | |||||
| CVE-2022-32300 | 1 Youdiancms | 1 Youdiancms | 2022-09-23 | 6.5 MEDIUM | 8.8 HIGH |
| YoudianCMS v9.5.0 was discovered to contain a SQL injection vulnerability via the MailSendID parameter at /App/Lib/Action/Admin/MailAction.class.php. | |||||
| CVE-2022-32301 | 1 Youdiancms | 1 Youdiancms | 2022-09-23 | 7.5 HIGH | 9.8 CRITICAL |
| YoudianCMS v9.5.0 was discovered to contain a SQL injection vulnerability via the IdList parameter at /App/Lib/Action/Home/ApiAction.class.php. | |||||
| CVE-2022-38576 | 1 Interview Management System Project | 1 Interview Management System | 2022-09-21 | N/A | 7.2 HIGH |
| Interview Management System v1.0 was discovered to contain a SQL injection vulnerability via the component /interview/delete.php?action=deletecand&id=. | |||||
| CVE-2022-37203 | 1 Jflyfox | 1 Jfinal Cms | 2022-09-21 | N/A | 9.8 CRITICAL |
| JFinal CMS 5.1.0 is vulnerable to SQL Injection. These interfaces do not use the same component, nor do they have filters, but each uses its own SQL concatenation method, resulting in SQL injection. | |||||
| CVE-2022-38618 | 1 Bpcbt | 1 Smartvista | 2022-09-21 | N/A | 8.8 HIGH |
| SmartVista SVFE2 v2.2.22 was discovered to contain a SQL injection vulnerability via the UserForm:j_id88, UserForm:j_id90, and UserForm:j_id92 parameters at /SVFE2/pages/feegroups/country_group.jsf. | |||||
| CVE-2022-38617 | 1 Bpcbt | 1 Smartvista | 2022-09-21 | N/A | 8.8 HIGH |
| SmartVista SVFE2 v2.2.22 was discovered to contain a SQL injection vulnerability via the voiceAudit:j_id97 parameter at /SVFE2/pages/audit/voiceaudit.jsf. | |||||
| CVE-2022-2958 | 1 Badgeos | 1 Badgos | 2022-09-21 | N/A | 8.8 HIGH |
| The BadgeOS WordPress plugin before 3.7.1.3 does not sanitise and escape parameters before using them in SQL statements via AJAX actions available to any authenticated users, leading to SQL Injections | |||||
| CVE-2022-2754 | 1 Ketchup Restaurant Reservations Project | 1 Ketchup Restaurant Reservations | 2022-09-21 | N/A | 9.8 CRITICAL |
| The Ketchup Restaurant Reservations WordPress plugin through 1.0.0 does not validate and escape some reservation parameters before using them in SQL statements, which could allow unauthenticated attackers to perform SQL Injection attacks | |||||
| CVE-2022-40766 | 1 Moderncampus | 1 Omni Cms | 2022-09-21 | N/A | 9.8 CRITICAL |
| Modern Campus Omni CMS (formerly OU Campus) 10.2.4 allows login-page SQL injection via a '" OR 1 = 1 -- - , <?php' substring. | |||||
| CVE-2022-26959 | 1 Globalnorthstar | 1 Northstar Club Management | 2022-09-19 | N/A | 9.8 CRITICAL |
| There are two full (read/write) Blind/Time-based SQL injection vulnerabilities in the Northstar Club Management version 6.3 application. The vulnerabilities exist in the userName parameter of the processlogin.jsp page in the /northstar/Portal/ directory and the userID parameter of the login.jsp page in the /northstar/iphone/ directory. Exploitation of the SQL injection vulnerabilities allows full access to the database which contains critical data for organization’s that make full use of the software suite. | |||||
| CVE-2022-37201 | 1 Jflyfox | 1 Jfinal Cms | 2022-09-19 | N/A | 8.8 HIGH |
| JFinal CMS 5.1.0 is vulnerable to SQL Injection. | |||||
| CVE-2022-35947 | 1 Glpi-project | 1 Glpi | 2022-09-19 | N/A | 9.8 CRITICAL |
| GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. Affected versions have been found to be vulnerable to a SQL injection attack which an attacker could leverage to simulate an arbitrary user login. Users are advised to upgrade to version 10.0.3. Users unable to upgrade should disable the `Enable login with external token` API configuration. | |||||
| CVE-2022-35946 | 1 Glpi-project | 1 Glpi | 2022-09-19 | N/A | 6.5 MEDIUM |
| GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In affected versions request input is not properly validated in the plugin controller and can be used to access low-level API of Plugin class. An attacker can, for instance, alter database data. Attacker must have "General setup" update rights to be able to perform this attack. Users are advised to upgrade to version 10.0.3. Users unable to upgrade should remove the `front/plugin.form.php` script. | |||||
| CVE-2022-37207 | 1 Jflyfox | 1 Jfinal Cms | 2022-09-18 | N/A | 8.8 HIGH |
| JFinal CMS 5.1.0 is affected by: SQL Injection. These interfaces do not use the same component, nor do they have filters, but each uses its own SQL concatenation method, resulting in SQL injection | |||||
| CVE-2022-35193 | 1 Testlink | 1 Testlink | 2022-09-17 | N/A | 7.2 HIGH |
| TestLink v1.9.20 was discovered to contain a SQL injection vulnerability via /lib/execute/execNavigator.php. | |||||
| CVE-2022-38808 | 1 Yimihome | 1 Ywoa | 2022-09-17 | N/A | 8.8 HIGH |
| ywoa v6.1 is vulnerable to SQL Injection via backend/oa/visual/exportExcel.do interface. | |||||
| CVE-2022-38771 | 1 Transtek | 1 Mojodat Fixed Asset Management | 2022-09-17 | N/A | 9.8 CRITICAL |
| The mobile application in Transtek Mojodat FAM (Fixed Asset Management) 2.4.6 allows remote attackers to send SCRIPT tags as injected input to the API request. | |||||
| CVE-2022-38595 | 1 Church Management System Project | 1 Church Management System | 2022-09-16 | N/A | 7.2 HIGH |
| Church Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/edit_user.php. | |||||
| CVE-2022-38594 | 1 Church Management System Project | 1 Church Management System | 2022-09-16 | N/A | 7.2 HIGH |
| Church Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/edit_visitor.php. | |||||