Total
9311 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-28346 | 2 Debian, Djangoproject | 2 Debian Linux, Django | 2022-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. QuerySet.annotate(), aggregate(), and extra() methods are subject to SQL injection in column aliases via a crafted dictionary (with dictionary expansion) as the passed **kwargs. | |||||
| CVE-2022-24407 | 5 Cyrusimap, Debian, Fedoraproject and 2 more | 8 Cyrus-sasl, Debian Linux, Fedora and 5 more | 2022-11-07 | 6.5 MEDIUM | 8.8 HIGH |
| In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement. | |||||
| CVE-2022-38541 | 1 Archerydms | 1 Archery | 2022-11-07 | N/A | 9.8 CRITICAL |
| Archery v1.8.3 to v1.8.5 was discovered to contain multiple SQL injection vulnerabilities via the start_time and stop_time parameters in the my2sql interface. | |||||
| CVE-2022-42744 | 1 Auieo | 1 Candidats | 2022-11-04 | N/A | 9.8 CRITICAL |
| CandidATS version 3.0.0 allows an external attacker to perform CRUD operations on the application databases. This is possible because the application does not correctly validate the entriesPerPage parameter against SQLi attacks. | |||||
| CVE-2022-43063 | 1 Online Diagnostic Lab Management System Project | 1 Online Diagnostic Lab Management System | 2022-11-04 | N/A | 7.2 HIGH |
| Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Users.php?f=delete_client. | |||||
| CVE-2022-43062 | 1 Online Diagnostic Lab Management System Project | 1 Online Diagnostic Lab Management System | 2022-11-04 | N/A | 7.2 HIGH |
| Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_appointment. | |||||
| CVE-2022-3825 | 1 Huaxiaerp | 1 Huaxia Erp | 2022-11-04 | N/A | 6.5 MEDIUM |
| A vulnerability was found in Huaxia ERP 2.3 and classified as critical. Affected by this issue is some unknown functionality of the component User Management. The manipulation of the argument login leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-212792. | |||||
| CVE-2022-3827 | 1 Centreon | 1 Centreon | 2022-11-03 | N/A | 9.8 CRITICAL |
| A vulnerability was found in centreon. It has been declared as critical. This vulnerability affects unknown code of the file formContactGroup.php of the component Contact Groups Form. The manipulation of the argument cg_id leads to sql injection. The attack can be initiated remotely. The name of the patch is 293b10628f7d9f83c6c82c78cf637cbe9b907369. It is recommended to apply a patch to fix this issue. VDB-212794 is the identifier assigned to this vulnerability. | |||||
| CVE-2020-22819 | 1 Mkcms Project | 1 Mkcms | 2022-11-03 | N/A | 9.8 CRITICAL |
| MKCMS V6.2 has SQL injection via the /ucenter/active.php verify parameter. | |||||
| CVE-2020-22820 | 1 Mkcms Project | 1 Mkcms | 2022-11-03 | N/A | 9.8 CRITICAL |
| MKCMS V6.2 has SQL injection via the /ucenter/repass.php name parameter. | |||||
| CVE-2020-22818 | 1 Mkcms Project | 1 Mkcms | 2022-11-03 | N/A | 9.8 CRITICAL |
| MKCMS V6.2 has SQL injection via /ucenter/reg.php name parameter. | |||||
| CVE-2022-39323 | 1 Glpi-project | 1 Glpi | 2022-11-03 | N/A | 9.8 CRITICAL |
| GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Time based attack using a SQL injection in api REST user_token. This issue has been patched, please upgrade to version 10.0.4. As a workaround, disable login with user_token on API Rest. | |||||
| CVE-2022-3059 | 1 Schoolbox | 1 Schoolbox | 2022-11-03 | N/A | 7.5 HIGH |
| The application was vulnerable to multiple instances of SQL injection (authenticated and unauthenticated) through a vulnerable parameter. Due to the stacked query support, complex SQL commands could be crafted and injected into the vulnerable parameter and using a sleep based inferential SQL injection it was possible to extract data from the database. | |||||
| CVE-2022-40839 | 1 Ndk-design | 1 Ndkadvancedcustomizationfields | 2022-11-03 | N/A | 7.5 HIGH |
| A SQL injection vulnerability in the height and width parameter in NdkAdvancedCustomizationFields v3.5.0 allows unauthenticated attackers to exfiltrate database data. | |||||
| CVE-2022-3789 | 1 Tim Campus Confession Wall Project | 1 Tim Campus Confession Wall | 2022-11-03 | N/A | 9.8 CRITICAL |
| A vulnerability has been found in Tim Campus Confession Wall and classified as critical. Affected by this vulnerability is an unknown functionality of the file share.php. The manipulation of the argument post_id leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-212611. | |||||
| CVE-2022-43226 | 1 Online Diagnostic Lab Management System Project | 1 Online Diagnostic Lab Management System | 2022-11-02 | N/A | 8.8 HIGH |
| Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /odlms/?page=appointments/view_appointment. | |||||
| CVE-2022-41551 | 1 Garage Management System Project | 1 Garage Management System | 2022-11-02 | N/A | 7.2 HIGH |
| Garage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /garage/editorder.php. | |||||
| CVE-2022-43227 | 1 Online Diagnostic Lab Management System Project | 1 Online Diagnostic Lab Management System | 2022-11-02 | N/A | 7.2 HIGH |
| Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /odlms/admin/?page=appointments/view_appointment. | |||||
| CVE-2022-43066 | 1 Online Diagnostic Lab Management System Project | 1 Online Diagnostic Lab Management System | 2022-11-02 | N/A | 7.2 HIGH |
| Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /odlms/classes/Master.php?f=delete_message. | |||||
| CVE-2022-43068 | 1 Online Diagnostic Lab Management System Project | 1 Online Diagnostic Lab Management System | 2022-11-02 | N/A | 7.2 HIGH |
| Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_reservation. | |||||