Total
9311 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-40834 | 1 Codeigniter | 1 Codeigniter | 2022-10-07 | N/A | 9.8 CRITICAL |
| B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php or_not_like() function. | |||||
| CVE-2022-40835 | 1 Codeigniter | 1 Codeigniter | 2022-10-07 | N/A | 9.8 CRITICAL |
| B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php. | |||||
| CVE-2021-35234 | 1 Solarwinds | 1 Orion Platform | 2022-10-07 | 6.5 MEDIUM | 8.8 HIGH |
| Numerous exposed dangerous functions within Orion Core has allows for read-only SQL injection leading to privileged escalation. An attacker with low-user privileges may steal password hashes and password salt information. | |||||
| CVE-2022-40872 | 1 Simple E-learning System Project | 1 Simple E-learning System | 2022-10-07 | N/A | 9.8 CRITICAL |
| An SQL injection vulnerability issue was discovered in Sourcecodester Simple E-Learning System 1.0., in /vcs/classRoom.php?classCode=, classCode. | |||||
| CVE-2022-3414 | 1 Web-based Student Clearance System Project | 1 Web-based Student Clearance System | 2022-10-07 | N/A | 9.8 CRITICAL |
| A vulnerability was found in SourceCodester Web-Based Student Clearance System. It has been classified as critical. Affected is an unknown function of the file /Admin/login.php of the component POST Parameter Handler. The manipulation of the argument txtusername leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-210246 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-41355 | 1 Online Leave Management System Project | 1 Online Leave Management System | 2022-10-07 | N/A | 7.2 HIGH |
| Online Leave Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /leave_system/classes/Master.php?f=delete_department. | |||||
| CVE-2018-5696 | 1 Ijoomla | 1 Ad Agency | 2022-10-07 | 7.5 HIGH | 9.8 CRITICAL |
| The iJoomla com_adagency plugin 6.0.9 for Joomla! allows SQL injection via the `advertiser_status` and `status_select` parameters to index.php. | |||||
| CVE-2022-28815 | 1 Gavazziautomation | 3 Cpy Car Park Server, Uwp 3.0 Monitoring Gateway And Controller, Uwp 3.0 Monitoring Gateway And Controller Firmware | 2022-10-07 | N/A | 2.7 LOW |
| In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 the Sentilo Proxy server was discovered to contain a SQL injection vulnerability allowing an attacker to query other tables of the Sentilo service. | |||||
| CVE-2022-22794 | 1 Cybonet | 1 Pineapp Mail Secure | 2022-10-06 | 7.5 HIGH | 9.8 CRITICAL |
| Cybonet - PineApp Mail Relay Unauthenticated Sql Injection. Attacker can send a request to: /manage/emailrichment/userlist.php?CUSTOMER_ID_INNER=1 /admin/emailrichment/userlist.php?CUSTOMER_ID_INNER=1 /manage/emailrichment/usersunlist.php?CUSTOMER_ID_INNER=1 /admin/emailrichment/usersunlist.php?CUSTOMER_ID_INNER=1 and by doing that, the attacker can run Remote Code Execution in one liner. | |||||
| CVE-2020-27733 | 1 Zohocorp | 1 Manageengine Applications Manager | 2022-10-06 | 6.5 MEDIUM | 8.8 HIGH |
| Zoho ManageEngine Applications Manager before 14 build 14880 allows an authenticated SQL Injection via a crafted Alarmview request. | |||||
| CVE-2020-10381 | 1 Mbconnectline | 2 Mbconnect24, Mymbconnect24 | 2022-10-06 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software in all versions through 2.5.0. There is an unauthenticated SQL injection in DATA24, allowing attackers to discover database and table names. | |||||
| CVE-2020-13381 | 1 Os4ed | 1 Opensis | 2022-10-06 | 7.5 HIGH | 9.8 CRITICAL |
| openSIS through 7.4 allows SQL Injection. | |||||
| CVE-2022-33880 | 1 Hospital Management System Mini-project Project | 1 Hospital Management System Mini-project | 2022-10-06 | N/A | 9.8 CRITICAL |
| hms-staff.php in Projectworlds Hospital Management System Mini-Project through 2018-06-17 allows SQL injection via the type parameter. | |||||
| CVE-2022-42250 | 1 Simple Cold Storage Management System Project | 1 Simple Cold Storage Management System | 2022-10-06 | N/A | 7.2 HIGH |
| Simple Cold Storage Management System v1.0 is vulnerable to SQL injection via /csms/admin/inquiries/view_details.php?id=. | |||||
| CVE-2022-42249 | 1 Simple Cold Storage Management System Project | 1 Simple Cold Storage Management System | 2022-10-06 | N/A | 7.2 HIGH |
| Simple Cold Storage Management System v1.0 is vulnerable to SQL injection via /csms/admin/storages/view_storage.php?id=. | |||||
| CVE-2022-42243 | 1 Simple Cold Storage Management System Project | 1 Simple Cold Storage Management System | 2022-10-06 | N/A | 7.2 HIGH |
| Simple Cold Storage Management System v1.0 is vulnerable to SQL injection via /csms/admin/storages/manage_storage.php?id=. | |||||
| CVE-2022-42242 | 1 Simple Cold Storage Management System Project | 1 Simple Cold Storage Management System | 2022-10-06 | N/A | 7.2 HIGH |
| Simple Cold Storage Management System v1.0 is vulnerable to SQL injection via /csms/classes/Master.php?f=delete_booking. | |||||
| CVE-2022-42241 | 1 Simple Cold Storage Management System Project | 1 Simple Cold Storage Management System | 2022-10-06 | N/A | 7.2 HIGH |
| Simple Cold Storage Management System v1.0 is vulnerable to SQL injection via /csms/classes/Master.php?f=delete_message. | |||||
| CVE-2016-4507 | 1 Bosch | 1 Bladecontrol-webvis | 2022-10-06 | 5.5 MEDIUM | 6.4 MEDIUM |
| SQL injection vulnerability in Rexroth Bosch BLADEcontrol-WebVIS 3.0.2 and earlier allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2020-36002 | 1 Seat-reservation-system Project | 1 Seat-reservation-system | 2022-10-06 | 5.0 MEDIUM | 7.5 HIGH |
| Seat-Reservation-System 1.0 has a SQL injection vulnerability in index.php in the id parameter where attackers can obtain sensitive database information. | |||||