Total
9311 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-42924 | 1 Formalms | 1 Formalms | 2022-11-01 | N/A | 6.5 MEDIUM |
| Forma LMS on its 3.1.0 version and earlier is vulnerable to a SQL injection vulnerability. The exploitation of this vulnerability could allow an authenticated attacker (with the role of student) to perform a SQL injection on the 'dyn_filter' parameter in the 'appLms/ajax.adm_server.php?r=widget/userselector/getusertabledata' function in order to dump the entire database. | |||||
| CVE-2022-43353 | 1 Sanitization Management System Project | 1 Sanitization Management System | 2022-11-01 | N/A | 7.2 HIGH |
| Sanitization Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/?page=orders/view_order. | |||||
| CVE-2022-43355 | 1 Sanitization Management System Project | 1 Sanitization Management System | 2022-11-01 | N/A | 7.2 HIGH |
| Sanitization Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /php-sms/classes/Master.php?f=delete_service. | |||||
| CVE-2022-43354 | 1 Sanitization Management System Project | 1 Sanitization Management System | 2022-11-01 | N/A | 7.2 HIGH |
| Sanitization Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/?page=orders/manage_request. | |||||
| CVE-2022-3254 | 1 Awpcp | 1 Another Wordpress Classifieds Plugin | 2022-11-01 | N/A | 9.8 CRITICAL |
| The WordPress Classifieds Plugin WordPress plugin before 4.3 does not properly sanitise and escape some parameters before using them in a SQL statement via an AJAX action available to unauthenticated users and when a specific premium module is active, leading to a SQL injection | |||||
| CVE-2022-43168 | 1 Rukovoditel | 1 Rukovoditel | 2022-11-01 | N/A | 9.8 CRITICAL |
| Rukovoditel v3.2.1 was discovered to contain a SQL injection vulnerability via the reports_id parameter. | |||||
| CVE-2022-3732 | 1 Ehoney Project | 1 Ehoney | 2022-10-31 | N/A | 9.8 CRITICAL |
| A vulnerability was found in seccome Ehoney and classified as critical. Affected by this issue is some unknown functionality of the file /api/v1/bait/set. The manipulation of the argument Payload leads to sql injection. The attack may be launched remotely. VDB-212414 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-3731 | 1 Ehoney Project | 1 Ehoney | 2022-10-31 | N/A | 9.8 CRITICAL |
| A vulnerability has been found in seccome Ehoney and classified as critical. Affected by this vulnerability is an unknown functionality of the file /api/v1/attack/token. The manipulation of the argument Payload leads to sql injection. The attack can be launched remotely. The identifier VDB-212413 was assigned to this vulnerability. | |||||
| CVE-2022-3730 | 1 Ehoney Project | 1 Ehoney | 2022-10-31 | N/A | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, was found in seccome Ehoney. Affected is an unknown function of the file /api/v1/attack/falco. The manipulation of the argument Payload leads to sql injection. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-212412. | |||||
| CVE-2022-3729 | 1 Ehoney Project | 1 Ehoney | 2022-10-31 | N/A | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, has been found in seccome Ehoney. This issue affects some unknown processing of the file /api/v1/attack. The manipulation of the argument AttackIP leads to sql injection. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-212411. | |||||
| CVE-2022-40352 | 1 Online Tours \& Travels Management System Project | 1 Online Tours \& Travels Management System | 2022-10-31 | N/A | 7.2 HIGH |
| Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/update_traveller.php. | |||||
| CVE-2021-36898 | 1 Expresstech | 1 Quiz And Survey Master | 2022-10-31 | N/A | 7.2 HIGH |
| Auth. SQL Injection (SQLi) vulnerability in Quiz And Survey Master plugin <= 7.3.4 on WordPress. | |||||
| CVE-2022-3733 | 1 Web-based Student Clearance System Project | 1 Web-based Student Clearance System | 2022-10-31 | N/A | 8.8 HIGH |
| A vulnerability was found in SourceCodester Web-Based Student Clearance System. It has been classified as critical. This affects an unknown part of the file Admin/edit-admin.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-212415. | |||||
| CVE-2022-3300 | 1 10web | 1 Form Maker | 2022-10-28 | N/A | 7.2 HIGH |
| The Form Maker by 10Web WordPress plugin before 1.15.6 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin | |||||
| CVE-2022-43230 | 1 Simple Cold Storage Management System Project | 1 Simple Cold Storage Managment System | 2022-10-28 | N/A | 7.2 HIGH |
| Simple Cold Storage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/?page=bookings/view_details. | |||||
| CVE-2022-43232 | 1 Canteen Management System Project | 1 Canteen Management System | 2022-10-28 | N/A | 7.2 HIGH |
| Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the userid parameter at /php_action/fetchOrderData.php. | |||||
| CVE-2022-43233 | 1 Canteen Management System Project | 1 Canteen Management System | 2022-10-28 | N/A | 7.2 HIGH |
| Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the userid parameter at /php_action/fetchSelectedUser.php. | |||||
| CVE-2022-43228 | 1 Barangay Management System Project | 1 Barangay Management System | 2022-10-28 | N/A | 7.2 HIGH |
| Barangay Management System v1.0 was discovered to contain a SQL injection vulnerability via the hidden_id parameter at /clearance/clearance.php. | |||||
| CVE-2022-39976 | 1 School Activity Updates With Sms Notification Project | 1 School Activity Updates With Sms Notification | 2022-10-28 | N/A | 9.8 CRITICAL |
| School Activity Updates with SMS Notification v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /modules/announcement/index.php?view=edit&id=. | |||||
| CVE-2021-38733 | 1 Sem-cms | 1 Semcms | 2022-10-28 | N/A | 9.8 CRITICAL |
| SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_BlogCat.php. | |||||