Total
9311 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-4161 | 1 Contest-gallery | 1 Contest Gallery | 2023-01-04 | N/A | 6.5 MEDIUM |
| The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cg_copy_start POST parameter before concatenating it to an SQL query in copy-gallery-images.php. This may allow malicious users with at least author privilege to leak sensitive information from the site's database. | |||||
| CVE-2022-4164 | 1 Contest-gallery | 1 Contest Gallery | 2023-01-04 | N/A | 6.5 MEDIUM |
| The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cg_multiple_files_for_post POST parameter before concatenating it to an SQL query in 0_change-gallery.php. This may allow malicious users with at least author privilege to leak sensitive information from the site's database. | |||||
| CVE-2022-4163 | 1 Contest-gallery | 1 Contest Gallery | 2023-01-04 | N/A | 6.5 MEDIUM |
| The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cg_deactivate and cg_activate POST parameters before concatenating it to an SQL query in 2_deactivate.php and 4_activate.php, respectively. This may allow malicious users with at least author privilege to leak sensitive information from the site's database. | |||||
| CVE-2022-4165 | 1 Contest-gallery | 1 Contest Gallery | 2023-01-04 | N/A | 6.5 MEDIUM |
| The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cg_order POST parameter before concatenating it to an SQL query in order-custom-fields-with-and-without-search.php. This may allow malicious users with at least author privilege to leak sensitive information from the site's database. | |||||
| CVE-2022-4166 | 1 Contest-gallery | 1 Contest Gallery | 2023-01-04 | N/A | 6.5 MEDIUM |
| The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the addCountS POST parameter before concatenating it to an SQL query in 4_activate.php. This may allow malicious users with at least author privilege to leak sensitive information from the site's database. | |||||
| CVE-2022-4117 | 1 Iws-geo-form-fields Project | 1 Iws-geo-form-fields | 2023-01-04 | N/A | 9.8 CRITICAL |
| The IWS WordPress plugin through 1.0 does not properly escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to an unauthenticated SQL injection. | |||||
| CVE-2022-4151 | 1 Contest-gallery | 1 Contest Gallery | 2023-01-04 | N/A | 6.5 MEDIUM |
| The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the option_id GET parameter before concatenating it to an SQL query in export-images-data.php. This may allow malicious users with at least author privilege to leak sensitive information from the site's database. | |||||
| CVE-2022-4150 | 1 Contest-gallery | 1 Contest Gallery | 2023-01-04 | N/A | 6.5 MEDIUM |
| The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the option_id POST parameter before concatenating it to an SQL query in order-custom-fields-with-and-without-search.php. This may allow malicious users with at least author privilege to leak sensitive information from the site's database. | |||||
| CVE-2022-45889 | 1 Planetestream | 1 Planet Estream | 2023-01-04 | N/A | 7.2 HIGH |
| Planet eStream before 6.72.10.07 allows a remote attacker (who is a publisher or admin) to obtain access to all records stored in the database, and achieve the ability to execute arbitrary SQL commands, via Search (the StatisticsResults.aspx flt parameter). | |||||
| CVE-2022-4739 | 1 School Dormitory Management System Project | 1 School Dormitory Management System | 2023-01-03 | N/A | 9.8 CRITICAL |
| A vulnerability classified as critical was found in SourceCodester School Dormitory Management System 1.0. Affected by this vulnerability is an unknown functionality of the component Admin Login. The manipulation leads to sql injection. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-216775. | |||||
| CVE-2022-4737 | 1 Blood Bank Management System Project | 1 Blood Bank Management System | 2023-01-03 | N/A | 9.8 CRITICAL |
| A vulnerability was found in SourceCodester Blood Bank Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file login.php. The manipulation of the argument username/password leads to sql injection. The attack may be initiated remotely. The identifier VDB-216773 was assigned to this vulnerability. | |||||
| CVE-2022-43860 | 1 Ibm | 1 I | 2022-12-30 | N/A | 4.3 MEDIUM |
| IBM Navigator for i 7.3, 7.4, and 7.5 could allow an authenticated user to obtain sensitive information they are authorized to but not while using this interface. By performing an SQL injection an attacker could see user profile attributes through this interface. IBM X-Force ID: 239305. | |||||
| CVE-2022-43859 | 1 Ibm | 1 I | 2022-12-28 | N/A | 4.3 MEDIUM |
| IBM Navigator for i 7.3, 7.4, and 7.5 could allow an authenticated user to obtain sensitive information for an object they are authorized to but not while using this interface. By performing a UNION based SQL injection an attacker could see file permissions through this interface. IBM X-Force ID: 239304. | |||||
| CVE-2021-4262 | 1 Laravel Jqgrid Project | 1 Laravel Jqgrid | 2022-12-27 | N/A | 9.8 CRITICAL |
| A vulnerability classified as critical was found in laravel-jqgrid. Affected by this vulnerability is the function getRows of the file src/Mgallegos/LaravelJqgrid/Repositories/EloquentRepositoryAbstract.php. The manipulation leads to sql injection. The name of the patch is fbc2d94f43d0dc772767a5bdb2681133036f935e. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216271. | |||||
| CVE-2021-4261 | 1 Pacman-canvas Project | 1 Pacman-canvas | 2022-12-27 | N/A | 9.8 CRITICAL |
| A vulnerability classified as critical has been found in pacman-canvas up to 1.0.5. Affected is the function addHighscore of the file data/db-handler.php. The manipulation leads to sql injection. It is possible to launch the attack remotely. Upgrading to version 1.0.6 is able to address this issue. The name of the patch is 29522c90ca1cebfce6453a5af5a45281d99b0646. It is recommended to upgrade the affected component. VDB-216270 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-1887 | 2 Apple, Mozilla | 2 Iphone Os, Firefox | 2022-12-23 | N/A | 9.8 CRITICAL |
| The search term could have been specified externally to trigger SQL injection. This vulnerability affects Firefox for iOS < 101. | |||||
| CVE-2016-20018 | 1 Knexjs | 1 Knex | 2022-12-23 | N/A | 7.5 HIGH |
| Knex Knex.js through 2.3.0 has a limited SQL injection vulnerability that can be exploited to ignore the WHERE clause of a SQL query. | |||||
| CVE-2022-45041 | 1 Rockoa | 1 Xinhu | 2022-12-23 | N/A | 7.5 HIGH |
| SQL Injection exits in xinhu < 2.5.0 | |||||
| CVE-2022-4050 | 1 Beardev | 1 Joomsport | 2022-12-22 | N/A | 9.8 CRITICAL |
| The JoomSport WordPress plugin before 5.2.8 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users | |||||
| CVE-2022-4592 | 1 Crmx Project | 1 Crmx | 2022-12-22 | N/A | 9.8 CRITICAL |
| A vulnerability was found in luckyshot CRMx and classified as critical. This issue affects the function get/save/delete/comment/commentdelete of the file index.php. The manipulation leads to sql injection. The attack may be initiated remotely. The name of the patch is 8c62d274986137d6a1d06958a6f75c3553f45f8f. It is recommended to apply a patch to fix this issue. The identifier VDB-216185 was assigned to this vulnerability. | |||||