Total
9311 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-0507 | 1 Pandorafms | 1 Pandora Fms | 2022-10-27 | 6.5 MEDIUM | 8.8 HIGH |
| Found a potential security vulnerability inside the Pandora API. Affected Pandora FMS version range: all versions of NG version, up to OUM 759. This vulnerability could allow an attacker with authenticated IP to inject SQL. | |||||
| CVE-2022-36839 | 1 Samsung | 1 Checkout | 2022-10-27 | N/A | 5.5 MEDIUM |
| SQL injection vulnerability via IAPService in Samsung Checkout prior to version 5.0.53.1 allows attackers to access IAP information. | |||||
| CVE-2020-15333 | 1 Zyxel | 1 Cloudcnm Secumanager | 2022-10-27 | N/A | 5.3 MEDIUM |
| Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows attackers to discover accounts via MySQL "select * from Administrator_users" and "select * from Users_users" requests. | |||||
| CVE-2022-3246 | 1 Adenion | 1 Blog2social | 2022-10-27 | N/A | 8.8 HIGH |
| The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin before 6.9.10 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by any authenticated users, such as subscribers | |||||
| CVE-2022-34265 | 1 Djangoproject | 1 Django | 2022-10-26 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0.6. The Trunc() and Extract() database functions are subject to SQL injection if untrusted data is used as a kind/lookup_name value. Applications that constrain the lookup name and kind choice to a known safe list are unaffected. | |||||
| CVE-2020-17463 | 1 Thedaylightstudio | 1 Fuel Cms | 2022-10-26 | 7.5 HIGH | 9.8 CRITICAL |
| FUEL CMS 1.4.7 allows SQL Injection via the col parameter to /pages/items, /permissions/items, or /navigation/items. | |||||
| CVE-2022-3395 | 1 Soflyy | 1 Wp All Export | 2022-10-26 | N/A | 8.8 HIGH |
| The WP All Export Pro WordPress plugin before 1.7.9 uses the contents of the cc_sql POST parameter directly as a database query, allowing users which has been given permission to run exports to execute arbitrary SQL statements, leading to a SQL Injection vulnerability. By default only users with the Administrator role can perform exports, but this can be delegated to lower privileged users as well. | |||||
| CVE-2022-32964 | 1 Omicard Edm Project | 1 Omicard Edm | 2022-10-25 | N/A | 9.8 CRITICAL |
| OMICARD EDM’s API function has insufficient validation for user input. An unauthenticated remote attacker can inject arbitrary SQL commands to access, modify, delete database or disrupt service. | |||||
| CVE-2017-20135 | 1 Itechscripts | 1 Dating Script | 2022-10-25 | N/A | 9.8 CRITICAL |
| A vulnerability classified as critical was found in Itech Dating Script 3.26. Affected by this vulnerability is an unknown functionality of the file /see_more_details.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2022-3302 | 1 Cleantalk | 1 Spam Protection\, Antispam\, Firewall | 2022-10-25 | N/A | 7.2 HIGH |
| The Spam protection, AntiSpam, FireWall by CleanTalk WordPress plugin before 5.185.1 does not validate ids before using them in a SQL statement, which could lead to SQL injection exploitable by high privilege users such as admin | |||||
| CVE-2022-42021 | 1 Best Student Result Management System Project | 1 Best Student Result Management System | 2022-10-21 | N/A | 9.8 CRITICAL |
| Best Student Result Management System v1.0 is vulnerable to SQL Injection via /upresult/upresult/notice-details.php?nid=. | |||||
| CVE-2017-20042 | 1 Vendavo | 1 Pricepoint | 2022-10-21 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability has been found in Navetti PricePoint 4.6.0.0 and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to sql injection (Blind). The attack can be launched remotely. Upgrading to version 4.7.0.0 is able to address this issue. It is recommended to upgrade the affected component. | |||||
| CVE-2022-3131 | 1 Codexpert | 1 Search Logger | 2022-10-21 | N/A | 7.2 HIGH |
| The Search Logger WordPress plugin through 0.9 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users | |||||
| CVE-2022-3243 | 1 Smackcoders | 1 An Ultimate Wordpress Importer Cum Migration As Csv \& Xml | 2022-10-20 | N/A | 7.2 HIGH |
| The Import all XML, CSV & TXT WordPress plugin before 6.5.8 does not properly sanitise and escape imported data before using them back SQL statements, leading to SQL injection exploitable by high privilege users such as admin | |||||
| CVE-2022-42218 | 1 Open Source Sacco Management System Project | 1 Open Source Sacco Management System | 2022-10-20 | N/A | 7.2 HIGH |
| Open Source SACCO Management System v1.0 vulnerable to SQL Injection via /sacco_shield/manage_loan.php. | |||||
| CVE-2022-39056 | 1 Changingtec | 1 Rava Certificate Validation System | 2022-10-20 | N/A | 9.8 CRITICAL |
| RAVA certificate validation system has insufficient validation for user input. An unauthenticated remote attacker can inject arbitrary SQL command to access, modify and delete database. | |||||
| CVE-2022-3150 | 1 Wp Custom Cursors Project | 1 Wp Custom Cursors | 2022-10-20 | N/A | 7.2 HIGH |
| The WP Custom Cursors WordPress plugin through 3.0 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privileged users such as admin | |||||
| CVE-2022-3158 | 1 Rockwellautomation | 1 Factorytalk Vantagepoint | 2022-10-20 | N/A | 8.8 HIGH |
| Rockwell Automation FactoryTalk VantagePoint versions 8.0, 8.10, 8.20, 8.30, 8.31 are vulnerable to an input validation vulnerability. The FactoryTalk VantagePoint SQL Server lacks input validation when users enter SQL statements to retrieve information from the back-end database. If successfully exploited, this could allow a user with basic user privileges to perform remote code execution on the server. | |||||
| CVE-2022-43022 | 1 Opencats | 1 Opencats | 2022-10-19 | N/A | 6.5 MEDIUM |
| OpenCATS v0.9.6 was discovered to contain a SQL injection vulnerability via the tag_id variable in the Tag deletion function. | |||||
| CVE-2022-43020 | 1 Opencats | 1 Opencats | 2022-10-19 | N/A | 6.5 MEDIUM |
| OpenCATS v0.9.6 was discovered to contain a SQL injection vulnerability via the tag_id variable in the Tag update function. | |||||