Total
9311 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-36701 | 1 Ingredients Stock Management System Project | 1 Ingredients Stock Management System | 2022-08-26 | N/A | 8.8 HIGH |
| Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /items/view_item.php. | |||||
| CVE-2022-36699 | 1 Ingredients Stock Management System Project | 1 Ingredients Stock Management System | 2022-08-26 | N/A | 8.8 HIGH |
| Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /categories/manage_category.php. | |||||
| CVE-2022-36700 | 1 Ingredients Stock Management System Project | 1 Ingredients Stock Management System | 2022-08-26 | N/A | 8.8 HIGH |
| Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /items/manage_item.php. | |||||
| CVE-2022-36698 | 1 Ingredients Stock Management System Project | 1 Ingredients Stock Management System | 2022-08-26 | N/A | 8.8 HIGH |
| Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /categories/view_category.php. | |||||
| CVE-2022-37152 | 1 Online Diagnostic Lab Management System Project | 1 Online Diagnostic Lab Management System | 2022-08-26 | N/A | 9.8 CRITICAL |
| An issue was discovered in Online Diagnostic Lab Management System 1.0, There is a SQL injection vulnerability via "dob" parameter in "/classes/Users.php?f=save_client" | |||||
| CVE-2022-36682 | 1 Simple Task Scheduling System Project | 1 Simple Task Scheduling System | 2022-08-26 | N/A | 9.8 CRITICAL |
| Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_student. | |||||
| CVE-2022-36683 | 1 Simple Task Scheduling System Project | 1 Simple Task Scheduling System | 2022-08-26 | N/A | 9.8 CRITICAL |
| Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_payment. | |||||
| CVE-2022-36681 | 1 Simple Task Scheduling System Project | 1 Simple Task Scheduling System | 2022-08-26 | N/A | 9.8 CRITICAL |
| Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_account. | |||||
| CVE-2022-36680 | 1 Simple Task Scheduling System Project | 1 Simple Task Scheduling System | 2022-08-26 | N/A | 9.8 CRITICAL |
| Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_schedule. | |||||
| CVE-2022-36679 | 1 Simple Task Scheduling System Project | 1 Simple Task Scheduling System | 2022-08-26 | N/A | 9.8 CRITICAL |
| Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/?page=user/manage_user. | |||||
| CVE-2022-36678 | 1 Simple Task Scheduling System Project | 1 Simple Task Scheduling System | 2022-08-26 | N/A | 9.8 CRITICAL |
| Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_category. | |||||
| CVE-2022-35115 | 1 Icewarp | 1 Webclient Dc2 | 2022-08-25 | N/A | 9.8 CRITICAL |
| IceWarp WebClient DC2 - Update 2 Build 9 (13.0.2.9) was discovered to contain a SQL injection vulnerability via the search parameter at /webmail/server/webmail.php. | |||||
| CVE-2022-36394 | 1 Contest-gallery | 1 Contest Gallery | 2022-08-24 | N/A | 8.8 HIGH |
| Authenticated (author+) SQL Injection (SQLi) vulnerability in Contest Gallery plugin <= 17.0.4 at WordPress. | |||||
| CVE-2022-25811 | 1 Transposh | 1 Transposh Wordpress Translation | 2022-08-24 | N/A | 7.2 HIGH |
| The Transposh WordPress Translation WordPress plugin through 1.0.8 does not sanitise and escape the order and orderby parameters before using them in a SQL statement, leading to a SQL injection | |||||
| CVE-2022-37223 | 1 Jflyfox | 1 Jfinal Cms | 2022-08-24 | N/A | 9.8 CRITICAL |
| JFinal CMS 5.1.0 is vulnerable to SQL Injection via /jfinal_cms/system/role/list. | |||||
| CVE-2022-37199 | 1 Jflyfox | 1 Jfinal Cms | 2022-08-24 | N/A | 9.8 CRITICAL |
| JFinal CMS 5.1.0 is vulnerable to SQL Injection via /jfinal_cms/system/user/list. | |||||
| CVE-2022-35148 | 1 Maccms | 1 Maccms | 2022-08-24 | N/A | 6.5 MEDIUM |
| maccms10 v2021.1000.1081 to v2022.1000.3031 was discovered to contain a SQL injection vulnerability via the table parameter at database/columns.html. | |||||
| CVE-2022-33148 | 1 Wwbn | 1 Avideo | 2022-08-24 | N/A | 8.8 HIGH |
| A sql injection vulnerability exists in the ObjectYPT functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability.This vulnerability exists in the Live Schedules plugin, allowing an attacker to inject SQL by manipulating the title parameter. | |||||
| CVE-2022-33147 | 1 Wwbn | 1 Avideo | 2022-08-24 | N/A | 8.8 HIGH |
| A sql injection vulnerability exists in the ObjectYPT functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability.This vulnerability exists in the aVideoEncoder functionality which can be used to add new videos, allowing an attacker to inject SQL by manipulating the videoDownloadedLink or duration parameter. | |||||
| CVE-2022-33149 | 1 Wwbn | 1 Avideo | 2022-08-24 | N/A | 8.8 HIGH |
| A sql injection vulnerability exists in the ObjectYPT functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability.This vulnerability exists in the CloneSite plugin, allowing an attacker to inject SQL by manipulating the url parameter. | |||||