Total
14188 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-2698 | 1 Simple E-learning System Project | 1 Simple E-learning System | 2022-08-11 | N/A | 9.8 CRITICAL |
| A vulnerability was found in SourceCodester Simple E-Learning System. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file search.php. The manipulation of the argument searchPost leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-205819. | |||||
| CVE-2022-2697 | 1 Simple E-learning System Project | 1 Simple E-learning System | 2022-08-11 | N/A | 7.5 HIGH |
| A vulnerability was found in SourceCodester Simple E-Learning System. It has been classified as critical. Affected is an unknown function of the file comment_frame.php. The manipulation of the argument post_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-205818 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-31659 | 3 Linux, Microsoft, Vmware | 6 Linux Kernel, Windows, Access Connector and 3 more | 2022-08-11 | N/A | 7.2 HIGH |
| VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability. A malicious actor with administrator and network access can trigger a remote code execution. | |||||
| CVE-2022-2676 | 1 Electronic Medical Records System Project | 1 Electronic Medical Records System | 2022-08-11 | N/A | 9.8 CRITICAL |
| A vulnerability was found in SourceCodester Electronic Medical Records System and classified as critical. Affected by this issue is some unknown functionality of the component POST Request Handler. The manipulation of the argument user_email leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-205664. | |||||
| CVE-2022-2677 | 1 Apartment Visitors Management System Project | 1 Apartment Visitors Management System | 2022-08-11 | N/A | 9.8 CRITICAL |
| A vulnerability was found in SourceCodester Apartment Visitor Management System 1.0. It has been classified as critical. This affects an unknown part of the file index.php. The manipulation of the argument username with the input ' AND (SELECT 4955 FROM (SELECT(SLEEP(5)))RSzF) AND 'htiy'='htiy leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-205665 was assigned to this vulnerability. | |||||
| CVE-2022-2688 | 1 Expense Management System Project | 1 Expense Management System | 2022-08-11 | N/A | 9.8 CRITICAL |
| A vulnerability was found in SourceCodester Expense Management System. It has been rated as critical. This issue affects the function fetch_report_credit of the file report.php of the component POST Parameter Handler. The manipulation of the argument from/to leads to sql injection. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-205811. | |||||
| CVE-2022-2687 | 1 Gym Management System Project | 1 Gym Management System | 2022-08-11 | N/A | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, was found in SourceCodester Gym Management System. Affected is an unknown function. The manipulation of the argument user_pass leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-205734 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-2693 | 1 Electronic Medical Records System Project | 1 Electronic Medical Records System | 2022-08-11 | N/A | 8.8 HIGH |
| A vulnerability has been found in SourceCodester Electronic Medical Records System and classified as critical. This vulnerability affects unknown code of the file register.php of the component UPDATE Statement Handler. The manipulation of the argument pconsultation leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-205816. | |||||
| CVE-2022-2680 | 1 Church Management System Project | 1 Church Management System | 2022-08-10 | N/A | 8.8 HIGH |
| A vulnerability classified as critical has been found in SourceCodester Church Management System 1.0. Affected is an unknown function of the file /login.php. The manipulation of the argument username with the input ' OR (SELECT 7064 FROM(SELECT COUNT(*),CONCAT(0x71627a7671,(SELECT (ELT(7064=7064,1))),0x716b707871,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- jURL leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-205668. | |||||
| CVE-2022-2679 | 1 Interview Management System Project | 1 Interview Management System | 2022-08-10 | N/A | 9.8 CRITICAL |
| A vulnerability was found in SourceCodester Interview Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /viewReport.php. The manipulation of the argument id with the input (UPDATEXML(9729,CONCAT(0x2e,0x716b707071,(SELECT (ELT(9729=9729,1))),0x7162766a71),7319)) leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-205667. | |||||
| CVE-2022-29807 | 1 Quest | 1 Kace Systems Management Appliance | 2022-08-10 | N/A | 9.8 CRITICAL |
| A SQL injection vulnerability exists within Quest KACE Systems Management Appliance (SMA) through 12.0 that can allow for remote code execution via download_agent_installer.php. | |||||
| CVE-2022-2656 | 1 Multi Language Hotel Management Software Project | 1 Multi Language Hotel Management Software | 2022-08-10 | N/A | 9.8 CRITICAL |
| A vulnerability classified as critical has been found in SourceCodester Multi Language Hotel Management Software. Affected is an unknown function. The manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-205596. | |||||
| CVE-2022-34968 | 1 Percona | 1 Percona Server | 2022-08-09 | N/A | 7.5 HIGH |
| An issue in the fetch_step function in Percona Server for MySQL v8.0.28-19 allows attackers to cause a Denial of Service (DoS) via a SQL query. | |||||
| CVE-2022-34871 | 1 Centreon | 1 Centreon | 2022-08-09 | N/A | 7.2 HIGH |
| This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the configuration of poller resources. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to escalate privileges to the level of an administrator. Was ZDI-CAN-16335. | |||||
| CVE-2022-34872 | 1 Centreon | 1 Centreon | 2022-08-09 | N/A | 6.5 MEDIUM |
| This vulnerability allows remote attackers to disclose sensitive information on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of Virtual Metrics. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-16336. | |||||
| CVE-2022-35864 | 1 Bmc | 1 Track-it\! | 2022-08-09 | N/A | 6.5 MEDIUM |
| This vulnerability allows remote attackers to disclose sensitive information on affected installations of BMC Track-It! 20.21.02.109. Authentication is required to exploit this vulnerability. The specific flaw exists within the GetPopupSubQueryDetails endpoint. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-16690. | |||||
| CVE-2022-2272 | 1 Santesoft | 1 Sante Pacs Server | 2022-08-08 | N/A | 9.8 CRITICAL |
| This vulnerability allows remote attackers to bypass authentication on affected installations of Sante PACS Server 3.0.4. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the login endpoint. When parsing the username element, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-17331. | |||||
| CVE-2022-2643 | 1 Online Admission System Project | 1 Online Admission System | 2022-08-08 | N/A | 9.8 CRITICAL |
| A vulnerability has been found in SourceCodester Online Admission System and classified as critical. This vulnerability affects unknown code of the component POST Parameter Handler. The manipulation of the argument shift leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this entry is VDB-205564. | |||||
| CVE-2022-2644 | 1 Online Admission System Project | 1 Online Admission System | 2022-08-08 | N/A | 9.8 CRITICAL |
| A vulnerability was found in SourceCodester Online Admission System and classified as critical. This issue affects some unknown processing of the component GET Parameter Handler. The manipulation of the argument eid leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-205565 was assigned to this vulnerability. | |||||
| CVE-2022-2648 | 1 Multi Language Hotel Management Software Project | 1 Multi Language Hotel Management Software | 2022-08-08 | N/A | 9.8 CRITICAL |
| A vulnerability was found in SourceCodester Multi Language Hotel Management Software. It has been rated as critical. This issue affects some unknown processing. The manipulation of the argument room_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-205595. | |||||