Total
9311 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-10063 | 1 Theradsystem Project | 1 Theradsystem | 2023-01-23 | N/A | 9.8 CRITICAL |
| A vulnerability was found in saemorris TheRadSystem and classified as critical. This issue affects the function redirect of the file _login.php. The manipulation of the argument user/pass leads to sql injection. The attack may be initiated remotely. The name of the patch is bfba26bd34af31648a11af35a0bb66f1948752a6. It is recommended to apply a patch to fix this issue. The identifier VDB-218453 was assigned to this vulnerability. | |||||
| CVE-2017-20169 | 1 Ton-masterserver Project | 1 Ton-masterserver | 2023-01-23 | N/A | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, has been found in GGGGGGGG ToN-MasterServer. Affected by this issue is some unknown functionality of the file public_html/irc_updater/svr_request_pub.php. The manipulation leads to sql injection. The name of the patch is 3a4c7e6d51bf95760820e3245e06c6e321a7168a. It is recommended to apply a patch to fix this issue. VDB-218306 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-46502 | 1 Online Student Enrollment System Project | 1 Online Student Enrollment System | 2023-01-23 | N/A | 9.8 CRITICAL |
| Online Student Enrollment System v1.0 was discovered to contain a SQL injection vulnerability via the username parameter at /student_enrollment/admin/login.php. | |||||
| CVE-2015-10041 | 1 Aibattle Project | 1 Aibattle | 2023-01-23 | N/A | 9.8 CRITICAL |
| ** UNSUPPPORTED WHEN ASSIGNED **** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical has been found in Dovgalyuk AIBattle. Affected is the function sendComments of the file site/procedures.php. The manipulation of the argument text leads to sql injection. The name of the patch is e3aa4d0900167641d41cbccf53909229f00381c9. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-218304. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2022-46472 | 1 Helmet Store Showroom Site Project | 1 Helmet Store Showroom Site | 2023-01-23 | N/A | 7.2 HIGH |
| Helmet Store Showroom Site v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /hss/classes/Users.php?f=delete. | |||||
| CVE-2022-46471 | 1 Online Health Care System Project | 1 Online Health Care System | 2023-01-23 | N/A | 9.8 CRITICAL |
| Online Health Care System v1.0 was discovered to contain a SQL injection vulnerability via the consulting_id parameter at /healthcare/Admin/consulting_detail.php. | |||||
| CVE-2022-23694 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2023-01-23 | N/A | 8.8 HIGH |
| Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database potentially leading to complete compromise of the ClearPass Policy Manager cluster in Aruba ClearPass Policy Manager version(s): 6.10.x: 6.10.6 and below; 6.9.x: 6.9.11 and below. Aruba has released upgrades for Aruba ClearPass Policy Manager that address these security vulnerabilities. | |||||
| CVE-2022-23695 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2023-01-23 | N/A | 8.8 HIGH |
| Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database potentially leading to complete compromise of the ClearPass Policy Manager cluster in Aruba ClearPass Policy Manager version(s): 6.10.x: 6.10.6 and below; 6.9.x: 6.9.11 and below. Aruba has released upgrades for Aruba ClearPass Policy Manager that address these security vulnerabilities. | |||||
| CVE-2022-23693 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2023-01-23 | N/A | 8.8 HIGH |
| Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database potentially leading to complete compromise of the ClearPass Policy Manager cluster in Aruba ClearPass Policy Manager version(s): 6.10.x: 6.10.6 and below; 6.9.x: 6.9.11 and below. Aruba has released upgrades for Aruba ClearPass Policy Manager that address these security vulnerabilities. | |||||
| CVE-2022-23692 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2023-01-23 | N/A | 8.8 HIGH |
| Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database potentially leading to complete compromise of the ClearPass Policy Manager cluster in Aruba ClearPass Policy Manager version(s): 6.10.x: 6.10.6 and below; 6.9.x: 6.9.11 and below. Aruba has released upgrades for Aruba ClearPass Policy Manager that address these security vulnerabilities. | |||||
| CVE-2022-23696 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2023-01-23 | N/A | 8.8 HIGH |
| Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database potentially leading to complete compromise of the ClearPass Policy Manager cluster in Aruba ClearPass Policy Manager version(s): 6.10.x: 6.10.6 and below; 6.9.x: 6.9.11 and below. Aruba has released upgrades for Aruba ClearPass Policy Manager that address these security vulnerabilities. | |||||
| CVE-2022-48090 | 1 Hotel Management System Project | 1 Hotel Management System | 2023-01-20 | N/A | 6.5 MEDIUM |
| Tramyardg hotel-mgmt-system version 2022.4 is vulnerable to SQL Injection via /app/dao/CustomerDAO.php. | |||||
| CVE-2023-0256 | 1 Online Food Ordering System Project | 1 Online Food Ordering System | 2023-01-20 | N/A | 9.8 CRITICAL |
| A vulnerability was found in SourceCodester Online Food Ordering System 2.0. It has been classified as critical. Affected is an unknown function of the file /fos/admin/ajax.php?action=login of the component Login Page. The manipulation of the argument Username leads to sql injection. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-218184. | |||||
| CVE-2023-0244 | 1 Tuzicms Project | 1 Tuzicms | 2023-01-20 | N/A | 9.8 CRITICAL |
| A vulnerability classified as critical was found in TuziCMS 2.0.6. This vulnerability affects the function delall of the file \App\Manage\Controller\KefuController.class.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-218152. | |||||
| CVE-2023-0245 | 1 Online Flight Booking Management System Project | 1 Online Flight Booking Management System | 2023-01-20 | N/A | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, has been found in SourceCodester Online Flight Booking Management System. This issue affects some unknown processing of the file add_contestant.php. The manipulation of the argument add_contestant leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-218153 was assigned to this vulnerability. | |||||
| CVE-2013-10011 | 1 Classroom-engagement-system Project | 1 Classroom-engagement-system | 2023-01-20 | N/A | 9.8 CRITICAL |
| A vulnerability was found in aeharding classroom-engagement-system and classified as critical. Affected by this issue is some unknown functionality. The manipulation leads to sql injection. The attack may be launched remotely. The name of the patch is 096de5815c7b414e7339f3439522a446098fb73a. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-218156. | |||||
| CVE-2023-0243 | 1 Tuzicms Project | 1 Tuzicms | 2023-01-20 | N/A | 9.8 CRITICAL |
| A vulnerability classified as critical has been found in TuziCMS 2.0.6. This affects the function index of the file App\Manage\Controller\ArticleController.class.php of the component Article Module. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-218151. | |||||
| CVE-2023-0254 | 1 Simple-membership-plugin | 1 Simple Membership Wp User Import | 2023-01-20 | N/A | 4.9 MEDIUM |
| The Simple Membership WP user Import plugin for WordPress is vulnerable to SQL Injection via the ‘orderby’ parameter in versions up to, and including, 1.7 due to insufficient escaping on the user supplied parameter. This makes it possible for authenticated attackers with administrative privileges to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | |||||
| CVE-2022-46623 | 1 Judging Management System Project | 1 Judging Management System | 2023-01-19 | N/A | 7.8 HIGH |
| Judging Management System v1.0.0 was discovered to contain a SQL injection vulnerability via the username parameter. | |||||
| CVE-2022-46947 | 1 Helmet Store Showroom Site Project | 1 Helmet Store Showroom Site | 2023-01-19 | N/A | 7.2 HIGH |
| Helmet Store Showroom Site v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_category. | |||||