Total
9311 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-4012 | 1 Ibm | 2 Bigfix Webui Profile Management, Bigfix Webui Software Distribution | 2022-12-03 | 7.5 HIGH | 9.8 CRITICAL |
| IBM BigFix WebUI Profile Management 6 and Software Distribution 23 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 155886. | |||||
| CVE-2022-44277 | 1 Sanitization Management System Project | 1 Sanitization Management System | 2022-12-03 | N/A | 7.2 HIGH |
| Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/classes/Master.php?f=delete_product. | |||||
| CVE-2019-4224 | 1 Ibm | 1 Pureapplication System | 2022-12-03 | 6.5 MEDIUM | 8.8 HIGH |
| IBM PureApplication System 2.2.3.0 through 2.2.5.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 159240. | |||||
| CVE-2022-44345 | 1 Sanitization Management System Project | 1 Sanitization Management System | 2022-12-03 | N/A | 7.2 HIGH |
| Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/?page=quotes/view_quote&id=. | |||||
| CVE-2022-44347 | 1 Sanitization Management System Project | 1 Sanitization Management System | 2022-12-03 | N/A | 7.2 HIGH |
| Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/?page=inquiries/view_inquiry&id=. | |||||
| CVE-2022-44348 | 1 Sanitization Management System Project | 1 Sanitization Management System | 2022-12-03 | N/A | 7.2 HIGH |
| Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/orders/update_status.php?id=. | |||||
| CVE-2021-37823 | 1 Opencart | 1 Opencart | 2022-12-02 | N/A | 4.9 MEDIUM |
| OpenCart 3.0.3.7 allows users to obtain database information or read server files through SQL injection in the background. | |||||
| CVE-2022-2840 | 1 Zephyr Project Manager Project | 1 Zephyr Project Manager | 2022-12-02 | N/A | 9.8 CRITICAL |
| The Zephyr Project Manager WordPress plugin before 3.2.5 does not sanitise and escape various parameters before using them in SQL statements via various AJAX actions available to both unauthenticated and authenticated users, leading to SQL injections | |||||
| CVE-2022-43229 | 1 Simple Cold Storage Management System Project | 1 Simple Cold Storage Managment System | 2022-12-02 | N/A | 7.2 HIGH |
| Simple Cold Storage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /bookings/update_status.php. | |||||
| CVE-2021-24957 | 1 Advanced Page Visit Counter Project | 1 Advanced Page Visit Counter | 2022-12-02 | 6.5 MEDIUM | 8.8 HIGH |
| The Advanced Page Visit Counter WordPress plugin before 6.1.6 does not escape the artID parameter before using it in a SQL statement in the apvc_reset_count_art AJAX action, available to any authenticated user, leading to a SQL injection | |||||
| CVE-2019-4481 | 1 Ibm | 2 Emptoris Contract Management, Emptoris Spend Analysis | 2022-12-02 | 7.5 HIGH | 9.8 CRITICAL |
| IBM Contract Management 10.1.0 through 10.1.3 and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 164064. | |||||
| CVE-2019-4483 | 1 Ibm | 2 Emptoris Contract Management, Emptoris Spend Analysis | 2022-12-02 | 7.5 HIGH | 9.8 CRITICAL |
| IBM Contract Management 10.1.0 through 10.1.3 and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 164067. | |||||
| CVE-2022-3865 | 1 Wp User Merger Project | 1 Wp User Merger | 2022-12-02 | N/A | 8.8 HIGH |
| The WP User Merger WordPress plugin before 1.5.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as admin | |||||
| CVE-2022-3848 | 1 Wp User Merger Project | 1 Wp User Merger | 2022-12-02 | N/A | 8.8 HIGH |
| The WP User Merger WordPress plugin before 1.5.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as admin | |||||
| CVE-2022-3849 | 1 Wp User Merger Project | 1 Wp User Merger | 2022-12-02 | N/A | 8.8 HIGH |
| The WP User Merger WordPress plugin before 1.5.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as admin | |||||
| CVE-2022-3768 | 1 Wpsmartcontracts | 1 Wpsmartcontracts | 2022-12-02 | N/A | 8.8 HIGH |
| The WPSmartContracts WordPress plugin before 1.3.12 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as author | |||||
| CVE-2022-3769 | 1 Ujsoftware | 1 Owm Weather | 2022-12-02 | N/A | 8.8 HIGH |
| The OWM Weather WordPress plugin before 5.6.9 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as contributor | |||||
| CVE-2022-4248 | 1 Movie Ticket Booking System Project | 1 Movie Ticket Booking System | 2022-12-02 | N/A | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, has been found in Movie Ticket Booking System. This issue affects some unknown processing of the file editBooking.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-214625 was assigned to this vulnerability. | |||||
| CVE-2022-4247 | 1 Movie Ticket Booking System Project | 1 Movie Ticket Booking System | 2022-12-02 | N/A | 9.8 CRITICAL |
| A vulnerability classified as critical was found in Movie Ticket Booking System. This vulnerability affects unknown code of the file booking.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214624. | |||||
| CVE-2022-4222 | 1 Canteen Management System Project | 1 Canteen Management System | 2022-12-01 | N/A | 9.8 CRITICAL |
| A vulnerability was found in SourceCodester Canteen Management System. It has been rated as critical. This issue affects the function query of the file ajax_invoice.php of the component POST Request Handler. The manipulation of the argument search leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214523. | |||||