Total
9311 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-2693 | 1 Electronic Medical Records System Project | 1 Electronic Medical Records System | 2022-08-11 | N/A | 8.8 HIGH |
| A vulnerability has been found in SourceCodester Electronic Medical Records System and classified as critical. This vulnerability affects unknown code of the file register.php of the component UPDATE Statement Handler. The manipulation of the argument pconsultation leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-205816. | |||||
| CVE-2022-2680 | 1 Church Management System Project | 1 Church Management System | 2022-08-10 | N/A | 8.8 HIGH |
| A vulnerability classified as critical has been found in SourceCodester Church Management System 1.0. Affected is an unknown function of the file /login.php. The manipulation of the argument username with the input ' OR (SELECT 7064 FROM(SELECT COUNT(*),CONCAT(0x71627a7671,(SELECT (ELT(7064=7064,1))),0x716b707871,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- jURL leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-205668. | |||||
| CVE-2022-2679 | 1 Interview Management System Project | 1 Interview Management System | 2022-08-10 | N/A | 9.8 CRITICAL |
| A vulnerability was found in SourceCodester Interview Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /viewReport.php. The manipulation of the argument id with the input (UPDATEXML(9729,CONCAT(0x2e,0x716b707071,(SELECT (ELT(9729=9729,1))),0x7162766a71),7319)) leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-205667. | |||||
| CVE-2022-29807 | 1 Quest | 1 Kace Systems Management Appliance | 2022-08-10 | N/A | 9.8 CRITICAL |
| A SQL injection vulnerability exists within Quest KACE Systems Management Appliance (SMA) through 12.0 that can allow for remote code execution via download_agent_installer.php. | |||||
| CVE-2022-2656 | 1 Multi Language Hotel Management Software Project | 1 Multi Language Hotel Management Software | 2022-08-10 | N/A | 9.8 CRITICAL |
| A vulnerability classified as critical has been found in SourceCodester Multi Language Hotel Management Software. Affected is an unknown function. The manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-205596. | |||||
| CVE-2022-34968 | 1 Percona | 1 Percona Server | 2022-08-09 | N/A | 7.5 HIGH |
| An issue in the fetch_step function in Percona Server for MySQL v8.0.28-19 allows attackers to cause a Denial of Service (DoS) via a SQL query. | |||||
| CVE-2022-34871 | 1 Centreon | 1 Centreon | 2022-08-09 | N/A | 7.2 HIGH |
| This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the configuration of poller resources. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to escalate privileges to the level of an administrator. Was ZDI-CAN-16335. | |||||
| CVE-2022-34872 | 1 Centreon | 1 Centreon | 2022-08-09 | N/A | 6.5 MEDIUM |
| This vulnerability allows remote attackers to disclose sensitive information on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of Virtual Metrics. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-16336. | |||||
| CVE-2022-35864 | 1 Bmc | 1 Track-it\! | 2022-08-09 | N/A | 6.5 MEDIUM |
| This vulnerability allows remote attackers to disclose sensitive information on affected installations of BMC Track-It! 20.21.02.109. Authentication is required to exploit this vulnerability. The specific flaw exists within the GetPopupSubQueryDetails endpoint. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-16690. | |||||
| CVE-2022-2272 | 1 Santesoft | 1 Sante Pacs Server | 2022-08-08 | N/A | 9.8 CRITICAL |
| This vulnerability allows remote attackers to bypass authentication on affected installations of Sante PACS Server 3.0.4. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the login endpoint. When parsing the username element, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-17331. | |||||
| CVE-2022-2643 | 1 Online Admission System Project | 1 Online Admission System | 2022-08-08 | N/A | 9.8 CRITICAL |
| A vulnerability has been found in SourceCodester Online Admission System and classified as critical. This vulnerability affects unknown code of the component POST Parameter Handler. The manipulation of the argument shift leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this entry is VDB-205564. | |||||
| CVE-2022-2644 | 1 Online Admission System Project | 1 Online Admission System | 2022-08-08 | N/A | 9.8 CRITICAL |
| A vulnerability was found in SourceCodester Online Admission System and classified as critical. This issue affects some unknown processing of the component GET Parameter Handler. The manipulation of the argument eid leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-205565 was assigned to this vulnerability. | |||||
| CVE-2022-2648 | 1 Multi Language Hotel Management Software Project | 1 Multi Language Hotel Management Software | 2022-08-08 | N/A | 9.8 CRITICAL |
| A vulnerability was found in SourceCodester Multi Language Hotel Management Software. It has been rated as critical. This issue affects some unknown processing. The manipulation of the argument room_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-205595. | |||||
| CVE-2022-22280 | 1 Sonicwall | 2 Analytics, Global Management System | 2022-08-08 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command leading to Unauthenticated SQL Injection vulnerability, impacting SonicWall GMS 9.3.1-SP2-Hotfix1, Analytics On-Prem 2.5.0.3-2520 and earlier versions. | |||||
| CVE-2020-13566 | 2 Open-emr, Phpgacl Project | 2 Openemr, Phpgacl | 2022-08-05 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerabilities exist in phpGACL 3.3.7. A specially crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability In admin/edit_group.php, when the POST parameter action is “Delete”, the POST parameter delete_group leads to a SQL injection. | |||||
| CVE-2020-13568 | 2 Open-emr, Phpgacl Project | 2 Openemr, Phpgacl | 2022-08-05 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability exists in phpGACL 3.3.7. A specially crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability in admin/edit_group.php, when the POST parameter action is “Submit”, the POST parameter parent_id leads to a SQL injection. | |||||
| CVE-2022-34928 | 1 Jflyfox | 1 Jfinal Cms | 2022-08-05 | N/A | 8.8 HIGH |
| JFinal CMS v5.1.0 was discovered to contain a SQL injection vulnerability via /system/user. | |||||
| CVE-2021-1282 | 1 Cisco | 2 Unified Communications Manager, Unified Communications Manager Im And Presence Service | 2022-08-05 | 4.0 MEDIUM | 4.9 MEDIUM |
| Multiple vulnerabilities in Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an attacker to conduct path traversal attacks and SQL injection attacks on an affected system. One of the SQL injection vulnerabilities that affects Unified CM IM&P also affects Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) and could allow an attacker to conduct SQL injection attacks on an affected system. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2020-27241 | 1 Openclinic Ga Project | 1 Openclinic Ga | 2022-08-05 | 7.5 HIGH | 9.8 CRITICAL |
| An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. The serialnumber parameter in the getAssets.jsp page is vulnerable to unauthenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | |||||
| CVE-2020-27240 | 1 Openclinic Ga Project | 1 Openclinic Ga | 2022-08-05 | 7.5 HIGH | 9.8 CRITICAL |
| An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. The componentStatus parameter in the getAssets.jsp page is vulnerable to unauthenticated SQL injection An attacker can make an authenticated HTTP request to trigger this vulnerability. | |||||