Total
9311 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-33875 | 1 Fortinet | 1 Fortiadc | 2022-12-08 | N/A | 8.8 HIGH |
| An improper neutralization of special elements used in an SQL Command ('SQL Injection') vulnerability in Fortinet FortiADC version 7.1.0, version 7.0.0 through 7.0.2 and version 6.2.4 and below allows an authenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests. | |||||
| CVE-2022-45010 | 1 Simple Phone Book\/directory Web App Project | 1 Simple Phone Book\/directory Web App | 2022-12-08 | N/A | 9.8 CRITICAL |
| Simple Phone Book/Directory Web App v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter at /PhoneBook/edit.php. | |||||
| CVE-2022-1552 | 1 Postgresql | 1 Postgresql | 2022-12-07 | N/A | 8.8 HIGH |
| A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pg_amcheck commands activated relevant protections too late or not at all during the process. This flaw allows an attacker with permission to create non-temporary objects in at least one schema to execute arbitrary SQL functions under a superuser identity. | |||||
| CVE-2022-28813 | 1 Gavazziautomation | 3 Cpy Car Park Server, Uwp 3.0 Monitoring Gateway And Controller, Uwp 3.0 Monitoring Gateway And Controller Firmware | 2022-12-06 | N/A | 7.5 HIGH |
| In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a remote, unauthenticated attacker could make use of an SQL-injection to gain access to a volatile temporary database with the current states of the device. | |||||
| CVE-2020-25638 | 4 Debian, Hibernate, Oracle and 1 more | 5 Debian Linux, Hibernate Orm, Communications Cloud Native Core Console and 2 more | 2022-12-06 | 5.8 MEDIUM | 7.4 HIGH |
| A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity. | |||||
| CVE-2022-45019 | 1 Slims | 1 Senayan Library Management System | 2022-12-06 | N/A | 7.5 HIGH |
| SLiMS 9 Bulian v9.5.0 was discovered to contain a SQL injection vulnerability via the keywords parameter. | |||||
| CVE-2022-3856 | 1 Inksplat | 1 Comic Book Management System | 2022-12-06 | N/A | 7.2 HIGH |
| The Comic Book Management System WordPress plugin before 2.2.0 does not sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Admin. | |||||
| CVE-2022-3858 | 1 Premio | 1 Chaty | 2022-12-06 | N/A | 7.2 HIGH |
| The Floating Chat Widget: Contact Chat Icons, Telegram Chat, Line, WeChat, Email, SMS, Call Button WordPress plugin before 3.0.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as admin. | |||||
| CVE-2022-3249 | 1 Wp Csv Exporter Project | 1 Wp Csv Exporter | 2022-12-06 | N/A | 7.2 HIGH |
| The WP CSV Exporter WordPress plugin before 1.3.7 does not properly sanitise and escape some parameters before using them in a SQL statement, allowing high privilege users such as admin to perform SQL injection attacks | |||||
| CVE-2022-45822 | 1 Elbtide | 1 Advanced Booking Calendar | 2022-12-06 | N/A | 9.8 CRITICAL |
| Unauth. SQL Injection (SQLi) vulnerability in Advanced Booking Calendar plugin <= 1.7.1 on WordPress. | |||||
| CVE-2022-4274 | 1 House Rental System Project | 1 House Rental System | 2022-12-05 | N/A | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, was found in House Rental System. Affected is an unknown function of the file /view-property.php. The manipulation of the argument property_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-214770 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-4275 | 1 House Rental System Project | 1 House Rental System | 2022-12-05 | N/A | 9.8 CRITICAL |
| A vulnerability has been found in House Rental System and classified as critical. Affected by this vulnerability is an unknown functionality of the file search-property.php of the component POST Request Handler. The manipulation of the argument search_property leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214771. | |||||
| CVE-2022-4277 | 1 Background Management System Project | 1 Background Management System | 2022-12-05 | N/A | 9.8 CRITICAL |
| A vulnerability was found in Shaoxing Background Management System. It has been declared as critical. This vulnerability affects unknown code of the file /Default/Bd. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-214774 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-4278 | 1 Human Resource Management System Project | 1 Human Resource Management System | 2022-12-05 | N/A | 7.2 HIGH |
| A vulnerability was found in SourceCodester Human Resource Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /hrm/employeeadd.php. The manipulation of the argument empid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214775. | |||||
| CVE-2022-44291 | 1 Webtareas Project | 1 Webtareas | 2022-12-05 | N/A | 9.8 CRITICAL |
| webTareas 2.4p5 was discovered to contain a SQL injection vulnerability via the id parameter in phasesets.php. | |||||
| CVE-2022-44290 | 1 Webtareas Project | 1 Webtareas | 2022-12-05 | N/A | 9.8 CRITICAL |
| webTareas 2.4p5 was discovered to contain a SQL injection vulnerability via the id parameter in deleteapprovalstages.php. | |||||
| CVE-2022-44945 | 1 Rukovoditel | 1 Rukovoditel | 2022-12-05 | N/A | 9.8 CRITICAL |
| Rukovoditel v3.2.1 was discovered to contain a SQL injection vulnerability via the heading_field_id parameter. | |||||
| CVE-2022-2807 | 1 Algan | 1 Prens Student Information System | 2022-12-05 | N/A | 9.8 CRITICAL |
| Algan Yazılım Prens Student Information System product has an unauthenticated SQL Injection vulnerability. | |||||
| CVE-2022-30528 | 1 Isic.lk Project | 1 Isic.lk | 2022-12-05 | N/A | 9.8 CRITICAL |
| SQL Injection vulnerability in asith-eranga ISIC tour booking through version published on Feb 13th 2018, allows attackers to execute arbitrary commands via the username parameter to /system/user/modules/mod_users/controller.php. | |||||
| CVE-2019-4032 | 1 Ibm | 1 Financial Transaction Manager | 2022-12-03 | 7.5 HIGH | 9.8 CRITICAL |
| IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.1.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-ForceID: 155998. | |||||