Total
9311 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-41391 | 1 Ocomon Project | 1 Ocomon | 2022-10-16 | N/A | 9.8 CRITICAL |
| OcoMon v4.0 was discovered to contain a SQL injection vulnerability via the cod parameter at showImg.php. | |||||
| CVE-2022-42064 | 1 Online Diagnostic Lab Management System Project | 1 Online Diagnostic Lab Management System | 2022-10-14 | N/A | 9.8 CRITICAL |
| Online Diagnostic Lab Management System version 1.0 remote exploit that bypasses login with SQL injection and then uploads a shell. | |||||
| CVE-2022-3495 | 1 Simple Online Public Access Catalog Project | 1 Simple Online Public Access Catalog | 2022-10-14 | N/A | 7.2 HIGH |
| A vulnerability has been found in SourceCodester Simple Online Public Access Catalog 1.0 and classified as critical. This vulnerability affects unknown code of the file /opac/Actions.php?a=login of the component Admin Login. The manipulation of the argument username/password leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-210784. | |||||
| CVE-2022-41403 | 1 Newsletter Subscribe \(popup \+ Regular Module\) Project | 1 Newsletter Subscribe \(popup \+ Regular Module\) | 2022-10-14 | N/A | 9.8 CRITICAL |
| OpenCart 3.x Newsletter Custom Popup was discovered to contain a SQL injection vulnerability via the email parameter at index.php?route=extension/module/so_newletter_custom_popup/newsletter. | |||||
| CVE-2022-3467 | 1 Jiusi | 1 Jiusi Oa | 2022-10-14 | N/A | 9.8 CRITICAL |
| A vulnerability classified as critical was found in Jiusi OA. Affected by this vulnerability is an unknown functionality of the file /jsoa/hntdCustomDesktopActionContent. The manipulation of the argument inforid leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-210709 was assigned to this vulnerability. | |||||
| CVE-2022-3473 | 1 Human Resource Management System Project | 1 Human Resource Management System | 2022-10-14 | N/A | 6.5 MEDIUM |
| A vulnerability classified as critical has been found in SourceCodester Human Resource Management System. This affects an unknown part of the file getstatecity.php. The manipulation of the argument ci leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-210717 was assigned to this vulnerability. | |||||
| CVE-2022-0836 | 1 Semadatacoop | 1 Sema Api | 2022-10-14 | 7.5 HIGH | 9.8 CRITICAL |
| The SEMA API WordPress plugin before 4.02 does not properly sanitise and escape some parameters before using them in SQL statements via an AJAX action, leading to SQL Injections exploitable by unauthenticated users | |||||
| CVE-2022-3471 | 1 Human Resource Management System Project | 1 Human Resource Management System | 2022-10-13 | N/A | 4.9 MEDIUM |
| A vulnerability was found in SourceCodester Human Resource Management System. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file city.php. The manipulation of the argument searccity leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-210715. | |||||
| CVE-2022-3472 | 1 Human Resource Management System Project | 1 Human Resource Management System | 2022-10-13 | N/A | 4.9 MEDIUM |
| A vulnerability was found in SourceCodester Human Resource Management System. It has been rated as critical. Affected by this issue is some unknown functionality of the file city.php. The manipulation of the argument cityedit leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-210716. | |||||
| CVE-2022-3470 | 1 Human Resource Management System Project | 1 Human Resource Management System | 2022-10-13 | N/A | 6.5 MEDIUM |
| A vulnerability was found in SourceCodester Human Resource Management System. It has been classified as critical. Affected is an unknown function of the file getstatecity.php. The manipulation of the argument sc leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-210714 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-41532 | 1 Open Source Sacco Management System Project | 1 Open Source Sacco Management System | 2022-10-13 | N/A | 7.2 HIGH |
| Open Source SACCO Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /sacco_shield/ajax.php?action=delete_plan. | |||||
| CVE-2022-41530 | 1 Open Source Sacco Management System Project | 1 Open Source Sacco Management System | 2022-10-13 | N/A | 7.2 HIGH |
| Open Source SACCO Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /sacco_shield/ajax.php?action=delete_borrower. | |||||
| CVE-2022-41407 | 1 Online Pet Shop We App Project | 1 Online Pet Shop We App | 2022-10-13 | N/A | 7.2 HIGH |
| Online Pet Shop We App v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/?page=orders/view_order. | |||||
| CVE-2022-41408 | 1 Online Pet Shop We App Project | 1 Online Pet Shop We App | 2022-10-13 | N/A | 9.8 CRITICAL |
| Online Pet Shop We App v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/?page=orders/view_order. | |||||
| CVE-2022-37208 | 1 Jflyfox | 1 Jfinal Cms | 2022-10-13 | N/A | 8.8 HIGH |
| JFinal CMS 5.1.0 is vulnerable to SQL Injection. These interfaces do not use the same component, nor do they have filters, but each uses its own SQL concatenation method, resulting in SQL injection. | |||||
| CVE-2022-20351 | 1 Google | 1 Android | 2022-10-12 | N/A | 5.5 MEDIUM |
| In queryInternal of CallLogProvider.java, there is a possible access to voicemail information due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-224771921 | |||||
| CVE-2022-29007 | 1 Dairy Farm Shop Management System Project | 1 Dairy Farm Shop Management System | 2022-10-11 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Dairy Farm Shop Management System v1.0 allows attackers to bypass authentication. | |||||
| CVE-2022-29006 | 1 Directory Management System Project | 1 Directory Management System | 2022-10-11 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Directory Management System v1.0 allows attackers to bypass authentication. | |||||
| CVE-2022-42230 | 1 Simple Cold Storage Management System Project | 1 Simple Cold Storage Managment System | 2022-10-11 | N/A | 7.2 HIGH |
| Simple Cold Storage Management System v1.0 is vulnerable to SQL Injection via /csms/admin/?page=user/manage_user&id=. | |||||
| CVE-2022-36635 | 1 Zkteco | 1 Zkbiosecurity V5000 | 2022-10-11 | N/A | 8.8 HIGH |
| ZKteco ZKBioSecurity V5000 4.1.3 was discovered to contain a SQL injection vulnerability via the component /baseOpLog.do. | |||||