Total
9311 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-43020 | 1 Opencats | 1 Opencats | 2022-10-19 | N/A | 6.5 MEDIUM |
| OpenCATS v0.9.6 was discovered to contain a SQL injection vulnerability via the tag_id variable in the Tag update function. | |||||
| CVE-2022-43022 | 1 Opencats | 1 Opencats | 2022-10-19 | N/A | 6.5 MEDIUM |
| OpenCATS v0.9.6 was discovered to contain a SQL injection vulnerability via the tag_id variable in the Tag deletion function. | |||||
| CVE-2022-42143 | 1 Open Source Sacco Management System Project | 1 Open Source Sacco Management System | 2022-10-19 | N/A | 7.2 HIGH |
| Open Source SACCO Management System v1.0 is vulnerable to SQL Injection via /sacco_shield/manage_payment.php. | |||||
| CVE-2022-41498 | 1 Billing System Project | 1 Billing System | 2022-10-19 | N/A | 7.2 HIGH |
| Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /phpinventory/editbrand.php. | |||||
| CVE-2022-42237 | 1 Merchandise Online Store Project | 1 Merchandise Online Store | 2022-10-19 | N/A | 9.8 CRITICAL |
| A SQL Injection issue in Merchandise Online Store v.1.0 allows an attacker to log in to the admin account. | |||||
| CVE-2020-25695 | 2 Debian, Postgresql | 2 Debian Linux, Postgresql | 2022-10-19 | 6.5 MEDIUM | 8.8 HIGH |
| A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. An attacker having permission to create non-temporary objects in at least one schema can execute arbitrary SQL functions under the identity of a superuser. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | |||||
| CVE-2021-21263 | 1 Laravel | 1 Laravel | 2022-10-19 | 5.0 MEDIUM | 5.3 MEDIUM |
| Laravel is a web application framework. Versions of Laravel before 6.20.11, 7.30.2 and 8.22.1 contain a query binding exploitation. This same exploit applies to the illuminate/database package which is used by Laravel. If a request is crafted where a field that is normally a non-array value is an array, and that input is not validated or cast to its expected type before being passed to the query builder, an unexpected number of query bindings can be added to the query. In some situations, this will simply lead to no results being returned by the query builder; however, it is possible certain queries could be affected in a way that causes the query to return unexpected results. | |||||
| CVE-2022-3583 | 1 Canteen Management System Project | 1 Canteen Management System | 2022-10-18 | N/A | 9.8 CRITICAL |
| A vulnerability was found in SourceCodester Canteen Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file login.php. The manipulation of the argument business leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-211192. | |||||
| CVE-2022-3584 | 1 Canteen Management System Project | 1 Canteen Management System | 2022-10-18 | N/A | 8.8 HIGH |
| A vulnerability was found in SourceCodester Canteen Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file edituser.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-211193 was assigned to this vulnerability. | |||||
| CVE-2022-3579 | 1 Cashier Queuing System Project | 1 Cashier Queuing System | 2022-10-18 | N/A | 8.8 HIGH |
| A vulnerability classified as critical was found in SourceCodester Cashier Queuing System 1.0. This vulnerability affects unknown code of the file /queuing/login.php of the component Login Page. The manipulation of the argument username/password leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-211186 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-33171 | 1 Typeorm | 1 Typeorm | 2022-10-18 | 7.5 HIGH | 9.8 CRITICAL |
| ** DISPUTED ** The findOne function in TypeORM before 0.3.0 can either be supplied with a string or a FindOneOptions object. When input to the function is a user-controlled parsed JSON object, supplying a crafted FindOneOptions instead of an id string leads to SQL injection. NOTE: the vendor's position is that the user's application is responsible for input validation. | |||||
| CVE-2022-41416 | 1 Online Tours \& Travels Management System Project | 1 Online Tours \& Travels Management System | 2022-10-18 | N/A | 7.2 HIGH |
| Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /user/update_booking.php. | |||||
| CVE-2022-3504 | 1 Sanitization Management System Project | 1 Sanitization Management System | 2022-10-17 | N/A | 9.8 CRITICAL |
| A vulnerability was found in SourceCodester Sanitization Management System and classified as critical. This issue affects some unknown processing of the file /php-sms/?p=services/view_service. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-210839. | |||||
| CVE-2022-42232 | 1 Simple Cold Storage Management System Project | 1 Simple Cold Storage Management System | 2022-10-17 | N/A | 7.2 HIGH |
| Simple Cold Storage Management System v1.0 is vulnerable to SQL Injection via /csms/classes/Master.php?f=delete_storage. | |||||
| CVE-2022-41535 | 1 Open Source Sacco Management System Project | 1 Open Source Sacco Management System | 2022-10-17 | N/A | 7.2 HIGH |
| Open Source SACCO Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /sacco_shield/manage_borrower.php. | |||||
| CVE-2022-41536 | 1 Open Source Sacco Management System Project | 1 Open Source Sacco Management System | 2022-10-17 | N/A | 7.2 HIGH |
| Open Source SACCO Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /sacco_shield/manage_user.php. | |||||
| CVE-2022-34022 | 1 Resiot | 1 Iot Platform And Lorawan Network Server | 2022-10-17 | N/A | 7.2 HIGH |
| SQL injection vulnerability in ResIOT IOT Platform + LoRaWAN Network Server through 4.1.1000114 via a crafted POST request to /ResiotQueryDBActive. | |||||
| CVE-2022-39303 | 1 Ree6 | 1 Ree6 | 2022-10-17 | N/A | 9.8 CRITICAL |
| Ree6 is a moderation bot. This vulnerability allows manipulation of SQL queries. This issue has been patched in version 1.7.0 by using Javas PreparedStatements, which allow object setting without the risk of SQL injection. There are currently no known workarounds. | |||||
| CVE-2022-38540 | 1 Archerydms | 1 Archery | 2022-10-16 | N/A | 9.8 CRITICAL |
| Archery v1.4.0 to v1.8.5 was discovered to contain a SQL injection vulnerability via the ThreadIDs parameter in the create_kill_session interface. | |||||
| CVE-2022-41390 | 1 Ocomon Project | 1 Ocomon | 2022-10-16 | N/A | 9.8 CRITICAL |
| OcoMon v4.0 was discovered to contain a SQL injection vulnerability via the cod parameter at download.php. | |||||