Total
9311 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-45535 | 1 Aerocms Project | 1 Aerocms | 2022-11-23 | N/A | 4.9 MEDIUM |
| AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the edit parameter at \admin\categories.php. This vulnerability allows attackers to access database information. | |||||
| CVE-2022-44785 | 1 Maggioli | 1 Appalti \& Contratti | 2022-11-23 | N/A | 9.8 CRITICAL |
| An issue was discovered in Appalti & Contratti 9.12.2. The target web applications are subject to multiple SQL Injection vulnerabilities, some of which executable even by unauthenticated users, as demonstrated by the GetListaEnti.do cfamm parameter. | |||||
| CVE-2022-3720 | 1 Awplife | 1 Event Monster | 2022-11-23 | N/A | 7.2 HIGH |
| The Event Monster WordPress plugin before 1.2.0 does not validate and escape some parameters before using them in SQL statements, which could lead to SQL Injection exploitable by high privilege users | |||||
| CVE-2022-45529 | 1 Aerocms Project | 1 Aerocms | 2022-11-23 | N/A | 4.9 MEDIUM |
| AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the post_category_id parameter at \admin\includes\edit_post.php. This vulnerability allows attackers to access database information. | |||||
| CVE-2022-43215 | 1 Billing System Project | 1 Billing System | 2022-11-23 | N/A | 9.8 CRITICAL |
| Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the endDate parameter at getOrderReport.php. | |||||
| CVE-2022-43214 | 1 Billing System Project | 1 Billing System | 2022-11-23 | N/A | 9.8 CRITICAL |
| Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the orderId parameter at printOrder.php. | |||||
| CVE-2022-4093 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2022-11-23 | N/A | 9.8 CRITICAL |
| SQL injection attacks can result in unauthorized access to sensitive data, such as passwords, credit card details, or personal user information. Many high-profile data breaches in recent years have been the result of SQL injection attacks, leading to reputational damage and regulatory fines. In some cases, an attacker can obtain a persistent backdoor into an organization's systems, leading to a long-term compromise that can go unnoticed for an extended period. This affect 16.0.1 and 16.0.2 only. 16.0.0 or lower, and 16.0.3 or higher are not affected | |||||
| CVE-2022-43709 | 1 Mybb | 1 Mybb | 2022-11-22 | N/A | 4.9 MEDIUM |
| MyBB 1.8.31 has a SQL injection vulnerability in the Admin CP's Users module allows remote authenticated users to modify the query string via direct user input or stored search filter settings. | |||||
| CVE-2022-3998 | 1 Scm Project | 1 Scm | 2022-11-22 | N/A | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, was found in MonikaBrzica scm. This affects an unknown part of the file uredi_korisnika.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-213699. | |||||
| CVE-2022-3997 | 1 Scm Project | 1 Scm | 2022-11-22 | N/A | 6.1 MEDIUM |
| A vulnerability, which was classified as critical, has been found in MonikaBrzica scm. Affected by this issue is some unknown functionality of the file upis_u_bazu.php. The manipulation of the argument email/lozinka/ime/id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-213698 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-38148 | 1 Silverstripe | 1 Framework | 2022-11-21 | N/A | 8.8 HIGH |
| Silverstripe silverstripe/framework through 4.11 allows SQL Injection. | |||||
| CVE-2022-36787 | 1 Webvendome Project | 1 Webvendome | 2022-11-21 | N/A | 9.8 CRITICAL |
| Webvendome - Webvendome SQL Injection. SQL Injection in the Parameter " DocNumber" Request : Get Request : /webvendome/showfiles.aspx?jobnumber=nullDoc Number=HERE. | |||||
| CVE-2020-17506 | 1 Articatech | 1 Web Proxy | 2022-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Artica Web Proxy 4.30.00000000 allows remote attacker to bypass privilege detection and gain web backend administrator privileges through SQL injection of the apikey parameter in fw.login.php. | |||||
| CVE-2022-42497 | 1 Api2cart | 1 Api2cart Bridge Connector | 2022-11-21 | N/A | 9.8 CRITICAL |
| Arbitrary Code Execution vulnerability in Api2Cart Bridge Connector plugin <= 1.1.0 on WordPress. | |||||
| CVE-2022-4051 | 1 Hostel Searching Project | 1 Hostel Searching Project | 2022-11-21 | N/A | 9.8 CRITICAL |
| A vulnerability has been found in Hostel Searching Project and classified as critical. This vulnerability affects unknown code of the file view-property.php. The manipulation of the argument property_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-213844. | |||||
| CVE-2022-38538 | 1 Archerydms | 1 Archery | 2022-11-21 | N/A | 9.8 CRITICAL |
| Archery v1.7.0 to v1.8.5 was discovered to contain a SQL injection vulnerability via the checksum parameter in the report module. | |||||
| CVE-2022-44378 | 1 Automotive Shop Management System Project | 1 Automotive Shop Management System | 2022-11-20 | N/A | 7.2 HIGH |
| Automotive Shop Management System v1.0 is vulnerable to SQL via /asms/classes/Master.php?f=delete_mechanic. | |||||
| CVE-2022-44379 | 1 Automotive Shop Management System Project | 1 Automotive Shop Management System | 2022-11-20 | N/A | 7.2 HIGH |
| Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/classes/Master.php?f=delete_service. | |||||
| CVE-2022-44003 | 1 Backclick | 1 Backclick | 2022-11-20 | N/A | 9.8 CRITICAL |
| An issue was discovered in BACKCLICK Professional 5.9.63. Due to insufficient escaping of user-supplied input, the application is vulnerable to SQL injection at various locations. | |||||
| CVE-2022-44415 | 1 Automotive Shop Management System Project | 1 Automotive Shop Management System | 2022-11-19 | N/A | 7.2 HIGH |
| Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/admin/mechanics/view_mechanic.php?id=. | |||||