Total
9311 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-40933 | 1 Online Pet Shop Web Application Project | 1 Online Pet Shop Web Application | 2022-09-22 | N/A | 7.2 HIGH |
| Online Pet Shop We App v1.0 by oretnom23 is vulnerable to SQL injection via /pet_shop/classes/Master.php?f=delete_order,id. | |||||
| CVE-2022-40934 | 1 Online Pet Shop Web Application Project | 1 Online Pet Shop Web Application | 2022-09-22 | N/A | 7.2 HIGH |
| Online Pet Shop We App v1.0 is vulnerable to SQL injection via /pet_shop/classes/Master.php?f=delete_sub_category,id | |||||
| CVE-2022-40935 | 1 Online Pet Shop Web Application Project | 1 Online Pet Shop Web Application | 2022-09-22 | N/A | 7.2 HIGH |
| Online Pet Shop We App v1.0 is vulnerable to SQL Injection via /pet_shop/classes/Master.php?f=delete_category,id. | |||||
| CVE-2022-40026 | 1 Simple Task Managing System Project | 1 Simple Task Managing System | 2022-09-22 | N/A | 7.2 HIGH |
| SourceCodester Simple Task Managing System v1.0 was discovered to contain a SQL injection vulnerability via the bookId parameter at board.php. | |||||
| CVE-2022-40030 | 1 Simple Task Managing System Project | 1 Simple Task Managing System | 2022-09-22 | N/A | 9.8 CRITICAL |
| SourceCodester Simple Task Managing System v1.0 was discovered to contain a SQL injection vulnerability via the bookId parameter at changeStatus.php. | |||||
| CVE-2022-23767 | 2 Hanssak, Microsoft | 3 Securegate, Weblink, Windows | 2022-09-22 | N/A | 9.8 CRITICAL |
| This vulnerability of SecureGate is SQL-Injection using login without password. A path traversal vulnerability is also identified during file transfer. An attacker can take advantage of these vulnerabilities to perform various attacks such as obtaining privileges and executing remote code, thereby taking over the victim’s system. | |||||
| CVE-2022-38509 | 1 Wedding Planner Project | 1 Wedding Planner | 2022-09-22 | N/A | 9.8 CRITICAL |
| Wedding Planner v1.0 was discovered to contain a SQL injection vulnerability via the booking_id parameter at /admin/budget.php. | |||||
| CVE-2022-38619 | 1 Bpcbt | 1 Smartvista Front-end | 2022-09-22 | N/A | 9.8 CRITICAL |
| SmartVista SVFE2 v2.2.22 was discovered to contain a SQL injection vulnerability via the UserForm:j_id90 parameter at /SVFE2/pages/feegroups/mcc_group.jsf. | |||||
| CVE-2022-37205 | 1 Jflyfox | 1 Jfinal Cms | 2022-09-21 | N/A | 8.8 HIGH |
| JFinal CMS 5.1.0 is affected by: SQL Injection. These interfaces do not use the same component, nor do they have filters, but each uses its own SQL concatenation method, resulting in SQL injection. | |||||
| CVE-2022-37204 | 1 Jflyfox | 1 Jfinal Cms | 2022-09-21 | N/A | 9.8 CRITICAL |
| Final CMS 5.1.0 is vulnerable to SQL Injection. | |||||
| CVE-2022-38576 | 1 Interview Management System Project | 1 Interview Management System | 2022-09-21 | N/A | 7.2 HIGH |
| Interview Management System v1.0 was discovered to contain a SQL injection vulnerability via the component /interview/delete.php?action=deletecand&id=. | |||||
| CVE-2022-37203 | 1 Jflyfox | 1 Jfinal Cms | 2022-09-21 | N/A | 9.8 CRITICAL |
| JFinal CMS 5.1.0 is vulnerable to SQL Injection. These interfaces do not use the same component, nor do they have filters, but each uses its own SQL concatenation method, resulting in SQL injection. | |||||
| CVE-2022-38618 | 1 Bpcbt | 1 Smartvista | 2022-09-21 | N/A | 8.8 HIGH |
| SmartVista SVFE2 v2.2.22 was discovered to contain a SQL injection vulnerability via the UserForm:j_id88, UserForm:j_id90, and UserForm:j_id92 parameters at /SVFE2/pages/feegroups/country_group.jsf. | |||||
| CVE-2022-2177 | 1 Kayrasoft | 1 Kayrasoft | 2022-09-21 | N/A | 9.8 CRITICAL |
| Kayrasoft product before version 2 has an unauthenticated SQL Injection vulnerability. This is fixed in version 2. | |||||
| CVE-2022-38617 | 1 Bpcbt | 1 Smartvista | 2022-09-21 | N/A | 8.8 HIGH |
| SmartVista SVFE2 v2.2.22 was discovered to contain a SQL injection vulnerability via the voiceAudit:j_id97 parameter at /SVFE2/pages/audit/voiceaudit.jsf. | |||||
| CVE-2022-3142 | 1 Basixonline | 1 Nex-forms | 2022-09-21 | N/A | 8.8 HIGH |
| The NEX-Forms WordPress plugin before 7.9.7 does not properly sanitise and escape user input before using it in SQL statements, leading to SQL injections. The attack can be executed by anyone who is permitted to view the forms statistics chart, by default administrators, however can be configured otherwise via the plugin settings. | |||||
| CVE-2022-3141 | 1 Cozmoslabs | 1 Translatepress | 2022-09-21 | N/A | 8.8 HIGH |
| The Translate Multilingual sites WordPress plugin before 2.3.3 is vulnerable to an authenticated SQL injection. By adding a new language (via the settings page) containing specific special characters, the backticks in the SQL query can be surpassed and a time-based blind payload can be injected. | |||||
| CVE-2022-2958 | 1 Badgeos | 1 Badgos | 2022-09-20 | N/A | 8.8 HIGH |
| The BadgeOS WordPress plugin before 3.7.1.3 does not sanitise and escape parameters before using them in SQL statements via AJAX actions available to any authenticated users, leading to SQL Injections | |||||
| CVE-2022-2754 | 1 Ketchup Restaurant Reservations Project | 1 Ketchup Restaurant Reservations | 2022-09-20 | N/A | 9.8 CRITICAL |
| The Ketchup Restaurant Reservations WordPress plugin through 1.0.0 does not validate and escape some reservation parameters before using them in SQL statements, which could allow unauthenticated attackers to perform SQL Injection attacks | |||||
| CVE-2022-40766 | 1 Moderncampus | 1 Omni Cms | 2022-09-20 | N/A | 9.8 CRITICAL |
| Modern Campus Omni CMS (formerly OU Campus) 10.2.4 allows login-page SQL injection via a '" OR 1 = 1 -- - , <?php' substring. | |||||