Total
14188 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-37113 | 1 Bluecms Project | 1 Bluecms | 2022-08-24 | N/A | 9.8 CRITICAL |
| Bluecms 1.6 has SQL injection in line 132 of admin/area.php | |||||
| CVE-2022-37112 | 1 Bluecms Project | 1 Bluecms | 2022-08-24 | N/A | 9.8 CRITICAL |
| BlueCMS 1.6 has SQL injection in line 55 of admin/model.php | |||||
| CVE-2022-36030 | 1 Project-nexus Project | 1 Project-nexus | 2022-08-23 | N/A | 9.8 CRITICAL |
| Project-nexus is a general-purpose blog website framework. Affected versions are subject to SQL injection due to a lack of sensitization of user input. This issue has not yet been patched. Users are advised to restrict user input and to upgrade when a new release becomes available. | |||||
| CVE-2022-2593 | 1 Deliciousbrains | 1 Better Search Replace | 2022-08-23 | N/A | 7.2 HIGH |
| The Better Search Replace WordPress plugin before 1.4.1 does not properly sanitise and escape table data before inserting it into a SQL query, which could allow high privilege users to perform SQL Injection attacks | |||||
| CVE-2022-36606 | 1 Yimihome | 1 Ywoa | 2022-08-23 | N/A | 9.8 CRITICAL |
| Ywoa before v6.1 was discovered to contain a SQL injection vulnerability via /oa/setup/checkPool?database. | |||||
| CVE-2022-36605 | 1 Yimihome | 1 Ywoa | 2022-08-23 | N/A | 9.8 CRITICAL |
| Yimioa v6.1 was discovered to contain a SQL injection vulnerability via the orderbyGET parameter. | |||||
| CVE-2022-36578 | 1 Jizhicms | 1 Jizhicms | 2022-08-22 | N/A | 9.8 CRITICAL |
| jizhicms v2.3.1 has SQL injection in the background. | |||||
| CVE-2022-36729 | 1 Library Management System Project | 1 Library Management System | 2022-08-22 | N/A | 9.8 CRITICAL |
| Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the M_Id parameter at /librarian/del.php. | |||||
| CVE-2022-36728 | 1 Library Management System Project | 1 Library Management System | 2022-08-22 | 7.5 HIGH | 9.8 CRITICAL |
| Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the RollNo parameter at /staff/delstu.php. | |||||
| CVE-2022-36727 | 1 Library Management System Project | 1 Library Management System | 2022-08-22 | N/A | 9.8 CRITICAL |
| Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the bookId parameter at /staff/delete.php. | |||||
| CVE-2022-25228 | 1 Auieo | 1 Candidats | 2022-08-19 | N/A | 6.5 MEDIUM |
| CandidATS Version 3.0.0 Beta allows an authenticated user to inject SQL queries in '/index.php?m=settings&a=show' via the 'userID' parameter, in '/index.php?m=candidates&a=show' via the 'candidateID', in '/index.php?m=joborders&a=show' via the 'jobOrderID' and '/index.php?m=companies&a=show' via the 'companyID' parameter | |||||
| CVE-2022-35154 | 1 Shopro | 1 Mall System | 2022-08-19 | N/A | 9.8 CRITICAL |
| Shopro Mall System v1.3.8 was discovered to contain a SQL injection vulnerability via the value parameter. | |||||
| CVE-2022-36722 | 1 Library Management System Project | 1 Library Management System | 2022-08-19 | N/A | 9.8 CRITICAL |
| Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the title parameter at /librarian/history.php. | |||||
| CVE-2022-36725 | 1 Library Management System Project | 1 Library Management System | 2022-08-19 | N/A | 9.8 CRITICAL |
| Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the M_Id parameter at /student/dele.php. | |||||
| CVE-2022-2876 | 1 Student Management System Project | 1 Student Management System | 2022-08-19 | N/A | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, was found in SourceCodester Student Management System. Affected is an unknown function of the file index.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-206634 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-35121 | 1 Novel-plus Project | 1 Novel-plus | 2022-08-19 | N/A | 9.8 CRITICAL |
| Novel-Plus v3.6.1 was discovered to contain a SQL injection vulnerability via the keyword parameter at /service/impl/BookServiceImpl.java. | |||||
| CVE-2022-35601 | 1 Inventorymanagementsystem Project | 1 Inventorymanagementsystem | 2022-08-18 | N/A | 9.8 CRITICAL |
| A SQL injection vulnerability in SupplierDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via parameter searchTxt. | |||||
| CVE-2022-35602 | 1 Inventorymanagementsystem Project | 1 Inventorymanagementsystem | 2022-08-18 | N/A | 9.8 CRITICAL |
| A SQL injection vulnerability in UserDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via parameter user. | |||||
| CVE-2022-35599 | 1 Inventorymanagementsystem Project | 1 Inventorymanagementsystem | 2022-08-18 | N/A | 9.8 CRITICAL |
| A SQL injection vulnerability in Stocks.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via parameter productcode. | |||||
| CVE-2022-35606 | 1 Inventorymanagementsystem Project | 1 Inventorymanagementsystem | 2022-08-18 | N/A | 9.8 CRITICAL |
| A SQL injection vulnerability in CustomerDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameter 'customerCode.' | |||||