Total
9311 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-34652 | 1 Wwbn | 1 Avideo | 2022-08-24 | N/A | 8.8 HIGH |
| A sql injection vulnerability exists in the ObjectYPT functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability.This vulnerability exists in the Live Schedules plugin, allowing an attacker to inject SQL by manipulating the description parameter. | |||||
| CVE-2022-2842 | 1 Gym Management System Project | 1 Gym Management System | 2022-08-24 | N/A | 9.8 CRITICAL |
| A vulnerability classified as critical has been found in SourceCodester Gym Management System. This affects an unknown part of the file login.php. The manipulation of the argument user_email leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-206451. | |||||
| CVE-2022-37113 | 1 Bluecms Project | 1 Bluecms | 2022-08-24 | N/A | 9.8 CRITICAL |
| Bluecms 1.6 has SQL injection in line 132 of admin/area.php | |||||
| CVE-2022-37111 | 1 Bluecms Project | 1 Bluecms | 2022-08-24 | N/A | 9.8 CRITICAL |
| BlueCMS 1.6 has SQL injection in line 132 of admin/article.php | |||||
| CVE-2022-37112 | 1 Bluecms Project | 1 Bluecms | 2022-08-24 | N/A | 9.8 CRITICAL |
| BlueCMS 1.6 has SQL injection in line 55 of admin/model.php | |||||
| CVE-2022-36030 | 1 Project-nexus Project | 1 Project-nexus | 2022-08-23 | N/A | 9.8 CRITICAL |
| Project-nexus is a general-purpose blog website framework. Affected versions are subject to SQL injection due to a lack of sensitization of user input. This issue has not yet been patched. Users are advised to restrict user input and to upgrade when a new release becomes available. | |||||
| CVE-2022-2593 | 1 Deliciousbrains | 1 Better Search Replace | 2022-08-23 | N/A | 7.2 HIGH |
| The Better Search Replace WordPress plugin before 1.4.1 does not properly sanitise and escape table data before inserting it into a SQL query, which could allow high privilege users to perform SQL Injection attacks | |||||
| CVE-2022-36606 | 1 Yimihome | 1 Ywoa | 2022-08-23 | N/A | 9.8 CRITICAL |
| Ywoa before v6.1 was discovered to contain a SQL injection vulnerability via /oa/setup/checkPool?database. | |||||
| CVE-2022-36605 | 1 Yimihome | 1 Ywoa | 2022-08-23 | N/A | 9.8 CRITICAL |
| Yimioa v6.1 was discovered to contain a SQL injection vulnerability via the orderbyGET parameter. | |||||
| CVE-2022-36198 | 1 Bus Pass Management System Project | 1 Bus Pass Management System | 2022-08-23 | N/A | 9.8 CRITICAL |
| Multiple SQL injections detected in Bus Pass Management System 1.0 via buspassms/admin/view-enquiry.php, buspassms/admin/pass-bwdates-reports-details.php, buspassms/admin/changeimage.php, buspassms/admin/search-pass.php, buspassms/admin/edit-category-detail.php, and buspassms/admin/edit-pass-detail.php | |||||
| CVE-2022-36578 | 1 Jizhicms | 1 Jizhicms | 2022-08-22 | N/A | 9.8 CRITICAL |
| jizhicms v2.3.1 has SQL injection in the background. | |||||
| CVE-2022-36729 | 1 Library Management System Project | 1 Library Management System | 2022-08-22 | N/A | 9.8 CRITICAL |
| Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the M_Id parameter at /librarian/del.php. | |||||
| CVE-2022-36728 | 1 Library Management System Project | 1 Library Management System | 2022-08-22 | 7.5 HIGH | 9.8 CRITICAL |
| Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the RollNo parameter at /staff/delstu.php. | |||||
| CVE-2022-36727 | 1 Library Management System Project | 1 Library Management System | 2022-08-22 | N/A | 9.8 CRITICAL |
| Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the bookId parameter at /staff/delete.php. | |||||
| CVE-2022-25228 | 1 Auieo | 1 Candidats | 2022-08-19 | N/A | 6.5 MEDIUM |
| CandidATS Version 3.0.0 Beta allows an authenticated user to inject SQL queries in '/index.php?m=settings&a=show' via the 'userID' parameter, in '/index.php?m=candidates&a=show' via the 'candidateID', in '/index.php?m=joborders&a=show' via the 'jobOrderID' and '/index.php?m=companies&a=show' via the 'companyID' parameter | |||||
| CVE-2022-35154 | 1 Shopro | 1 Mall System | 2022-08-19 | N/A | 9.8 CRITICAL |
| Shopro Mall System v1.3.8 was discovered to contain a SQL injection vulnerability via the value parameter. | |||||
| CVE-2022-36722 | 1 Library Management System Project | 1 Library Management System | 2022-08-19 | N/A | 9.8 CRITICAL |
| Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the title parameter at /librarian/history.php. | |||||
| CVE-2022-36725 | 1 Library Management System Project | 1 Library Management System | 2022-08-19 | N/A | 9.8 CRITICAL |
| Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the M_Id parameter at /student/dele.php. | |||||
| CVE-2022-2876 | 1 Student Management System Project | 1 Student Management System | 2022-08-18 | N/A | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, was found in SourceCodester Student Management System. Affected is an unknown function of the file index.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-206634 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-35121 | 1 Novel-plus Project | 1 Novel-plus | 2022-08-18 | N/A | 9.8 CRITICAL |
| Novel-Plus v3.6.1 was discovered to contain a SQL injection vulnerability via the keyword parameter at /service/impl/BookServiceImpl.java. | |||||