Total
9311 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-46124 | 1 Helmet Store Showroom Site Project | 1 Helmet Store Showroom Site | 2022-12-16 | N/A | 7.2 HIGH |
| Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/admin/?page=user/manage_user&id=. | |||||
| CVE-2022-46051 | 1 Aerocms Project | 1 Aerocms | 2022-12-15 | N/A | 7.2 HIGH |
| The approve parameter from the AeroCMS-v0.0.1 CMS system is vulnerable to SQL injection attacks. | |||||
| CVE-2022-46047 | 1 Aerocms Project | 1 Aerocms | 2022-12-14 | N/A | 4.9 MEDIUM |
| AeroCMS v0.0.1 is vulnerable to SQL Injection via the delete parameter. | |||||
| CVE-2022-3981 | 1 Icegram | 1 Email Subscribers \& Newsletters | 2022-12-14 | N/A | 8.8 HIGH |
| The Icegram Express WordPress plugin before 5.5.1 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by any authenticated users, such as subscriber | |||||
| CVE-2022-3915 | 1 Wedevs | 1 Dokan | 2022-12-14 | N/A | 9.8 CRITICAL |
| The Dokan WordPress plugin before 3.7.6 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users | |||||
| CVE-2022-3925 | 1 Buddybadges Project | 1 Buddybadges | 2022-12-14 | N/A | 7.2 HIGH |
| The buddybadges WordPress plugin through 1.0.0 does not sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users | |||||
| CVE-2022-44790 | 1 Interspire | 1 Email Marketer | 2022-12-14 | N/A | 7.5 HIGH |
| Interspire Email Marketer through 6.5.1 allows SQL Injection via the surveys module. An unauthenticated attacker could successfully perform an attack to extract potentially sensitive information from the database if the survey id exists. | |||||
| CVE-2016-9048 | 1 Processmaker | 1 Processmaker | 2022-12-14 | 6.5 MEDIUM | 7.4 HIGH |
| Multiple exploitable SQL Injection vulnerabilities exists in ProcessMaker Enterprise Core 3.0.1.7-community. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and in certain setups access the underlying operating system. | |||||
| CVE-2022-4416 | 1 Mxsdoc Project | 1 Mxsdoc | 2022-12-13 | N/A | 8.8 HIGH |
| A vulnerability was found in RainyGao DocSys. It has been declared as critical. This vulnerability affects the function getReposAllUsers of the file /DocSystem/Repos/getReposAllUsers.do. The manipulation of the argument searchWord/reposId leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-215278 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-4403 | 1 Canteen Management System Project | 1 Canteen Management System | 2022-12-13 | N/A | 8.8 HIGH |
| A vulnerability classified as critical was found in SourceCodester Canteen Management System. This vulnerability affects unknown code of the file ajax_represent.php. The manipulation of the argument customer_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-215272. | |||||
| CVE-2022-23510 | 1 Cube | 1 Cube.js | 2022-12-13 | N/A | 8.8 HIGH |
| cube-js is a headless business intelligence platform. In version 0.31.23 all authenticated Cube clients could bypass SQL row-level security and run arbitrary SQL via the newly introduced /v1/sql-runner endpoint. This issue has been resolved in version 0.31.24. Users are advised to either upgrade to 0.31.24 or to downgrade to 0.31.22. There are no known workarounds for this vulnerability. | |||||
| CVE-2022-4399 | 1 Nodau Project | 1 Nodau | 2022-12-13 | N/A | 9.8 CRITICAL |
| A vulnerability was found in TicklishHoneyBee nodau. It has been rated as critical. Affected by this issue is some unknown functionality of the file src/db.c. The manipulation of the argument value/name leads to sql injection. The name of the patch is 7a7d737a3929f335b9717ddbd31db91151b69ad2. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-215252. | |||||
| CVE-2022-28111 | 1 Pagehelper Project | 1 Pagehelper | 2022-12-12 | 7.5 HIGH | 9.8 CRITICAL |
| MyBatis PageHelper v1.x.x-v3.7.0 v4.0.0-v5.0.0,v5.1.0-v5.3.0 was discovered to contain a time-blind SQL injection vulnerability via the orderBy parameter. | |||||
| CVE-2022-4375 | 1 Mingsoft | 1 Mcms | 2022-12-12 | N/A | 9.8 CRITICAL |
| A vulnerability was found in Mingsoft MCMS up to 5.2.9. It has been classified as critical. Affected is an unknown function of the file /cms/category/list. The manipulation of the argument sqlWhere leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 5.2.10 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-215196. | |||||
| CVE-2022-44838 | 1 Automotive Shop Management System Project | 1 Automotive Shop Management System | 2022-12-12 | N/A | 7.2 HIGH |
| Automotive Shop Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /services/view_service.php. | |||||
| CVE-2019-4147 | 1 Ibm | 1 Sterling File Gateway | 2022-12-09 | 6.5 MEDIUM | 7.2 HIGH |
| IBM Sterling File Gateway 2.2.0.0 through 6.0.1.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 158413. | |||||
| CVE-2022-3711 | 1 Sophos | 2 Xg Firewall, Xg Firewall Firmware | 2022-12-09 | N/A | 4.3 MEDIUM |
| A post-auth read-only SQL injection vulnerability allows users to read non-sensitive configuration database contents in the User Portal of Sophos Firewall releases older than version 19.5 GA. | |||||
| CVE-2022-31101 | 1 Prestashop | 1 Blockwishlist | 2022-12-09 | 6.5 MEDIUM | 8.8 HIGH |
| prestashop/blockwishlist is a prestashop extension which adds a block containing the customer's wishlists. In affected versions an authenticated customer can perform SQL injection. This issue is fixed in version 2.1.1. Users are advised to upgrade. There are no known workarounds for this issue. | |||||
| CVE-2022-44393 | 1 Sanitization Management System Project | 1 Sanitization Management System | 2022-12-08 | N/A | 7.2 HIGH |
| Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/?page=services/view_service&id=. | |||||
| CVE-2022-4322 | 1 Maku | 1 Maku-boot | 2022-12-08 | N/A | 7.2 HIGH |
| A vulnerability, which was classified as critical, was found in maku-boot up to 2.2.0. This affects the function doExecute of the file AbstractScheduleJob.java of the component Scheduled Task Handler. The manipulation leads to injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 446eb7294332efca2bfd791bc37281cedac0d0ff. It is recommended to apply a patch to fix this issue. The identifier VDB-215013 was assigned to this vulnerability. | |||||