Total
9311 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-30619 | 1 Agilepoint | 1 Agilepoint Nx | 2022-07-14 | 6.5 MEDIUM | 8.8 HIGH |
| Editable SQL Queries behind Base64 encoding sending from the Client-Side to The Server-Side for a particular API used in legacy Work Center module. He attack is available for any authenticated user, in any kind of rule. under the function : /AgilePointServer/Extension/FetchUsingEncodedData in the parameter: EncodedData | |||||
| CVE-2022-26348 | 1 Gallagher | 1 Command Centre | 2022-07-14 | 2.1 LOW | 5.5 MEDIUM |
| Command Centre Server is vulnerable to SQL Injection via Windows Registry settings for date fields on the server. The Windows Registry setting allows an attacker using the Visitor Management Kiosk, an application designed for public use, to invoke an arbitrary SQL query that has been preloaded into the registry of the Windows Server to obtain sensitive information. This issue affects: Gallagher Command Centre 8.60 versions prior to 8.60.1652; 8.50 versions prior to 8.50.2245; 8.40 versions prior to 8.40.2216; 8.30 versions prior to 8.30.1470; version 8.20 and prior versions. | |||||
| CVE-2022-34877 | 1 Vicidial | 1 Vicidial | 2022-07-13 | 9.0 HIGH | 8.8 HIGH |
| SQL Injection vulnerability in AST Agent Time Sheet interface ((/vicidial/AST_agent_time_sheet.php) of VICIdial via the agent parameter allows attacker to spoof identity, tamper with existing data, allow the complete disclosure of all data on the system, destroy the data or make it otherwise unavailable, and become administrators of the database server. This issue affects: VICIdial 2.14b0.5 versions prior to 3555. | |||||
| CVE-2022-34878 | 1 Vicidial | 1 Vicidial | 2022-07-13 | 9.0 HIGH | 8.8 HIGH |
| SQL Injection vulnerability in User Stats interface (/vicidial/user_stats.php) of VICIdial via the file_download parameter allows attacker to spoof identity, tamper with existing data, allow the complete disclosure of all data on the system, destroy the data or make it otherwise unavailable, and become administrators of the database server. | |||||
| CVE-2022-34876 | 1 Vicidial | 1 Vicidial | 2022-07-13 | 8.5 HIGH | 8.8 HIGH |
| SQL Injection vulnerability in admin interface (/vicidial/admin.php) of VICIdial via modify_email_accounts, access_recordings, and agentcall_email parameters allows attacker to spoof identity, tamper with existing data, allow the complete disclosure of all data on the system, destroy the data or make it otherwise unavailable, and become administrators of the database server. This issue affects: VICIdial 2.14b0.5 versions prior to 3555. | |||||
| CVE-2022-34972 | 1 So Filter Shop By Project | 1 So Filter Shop By | 2022-07-13 | 7.5 HIGH | 9.8 CRITICAL |
| So Filter Shop v3.x was discovered to contain multiple blind SQL injection vulnerabilities via the att_value_id , manu_value_id , opt_value_id , and subcate_value_id parameters at /index.php?route=extension/module/so_filter_shop_by/filter_data. | |||||
| CVE-2022-32311 | 1 Ingredient Stock Management System Project | 1 Ingredient Stock Management System | 2022-07-13 | 7.5 HIGH | 9.8 CRITICAL |
| Ingredient Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /isms/admin/stocks/view_stock.php. | |||||
| CVE-2022-31856 | 1 Newsletter Module Project | 1 Newsletter Module | 2022-07-13 | 7.5 HIGH | 9.8 CRITICAL |
| Newsletter Module v3.x was discovered to contain a SQL injection vulnerability via the zemez_newsletter_email parameter at /index.php. | |||||
| CVE-2021-44915 | 1 Taogogo | 1 Taocms | 2022-07-12 | 6.5 MEDIUM | 7.2 HIGH |
| Taocms 3.0.2 was discovered to contain a blind SQL injection vulnerability via the function Edit category. | |||||
| CVE-2021-38176 | 1 Sap | 4 Landscape Transformation, Landscape Transformation Replication Server, S\/4hana and 1 more | 2022-07-12 | 9.0 HIGH | 8.8 HIGH |
| Due to improper input sanitization, an authenticated user with certain specific privileges can remotely call NZDT function modules listed in Solution Section to execute manipulated query or inject ABAP code to gain access to Backend Database. On successful exploitation the threat actor could completely compromise confidentiality, integrity, and availability of the system. | |||||
| CVE-2021-26685 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2022-07-12 | 5.5 MEDIUM | 6.5 MEDIUM |
| A remote authenticated SQL Injection vulnerabilitiy was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the web-based management interface API of ClearPass could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass instance. An attacker could exploit this vulnerability to obtain and modify sensitive information in the underlying database. | |||||
| CVE-2021-41365 | 1 Microsoft | 1 Defender For Iot | 2022-07-12 | 6.5 MEDIUM | 8.8 HIGH |
| Microsoft Defender for IoT Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-42310, CVE-2021-42311, CVE-2021-42313, CVE-2021-42314, CVE-2021-42315, CVE-2021-43882, CVE-2021-43889. | |||||
| CVE-2021-42311 | 1 Microsoft | 1 Defender For Iot | 2022-07-12 | 10.0 HIGH | 9.8 CRITICAL |
| Microsoft Defender for IoT Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-41365, CVE-2021-42310, CVE-2021-42313, CVE-2021-42314, CVE-2021-42315, CVE-2021-43882, CVE-2021-43889. | |||||
| CVE-2021-32428 | 1 Viaviweb | 1 Ebook | 2022-07-12 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection vulnerability in viaviwebtech Android EBook App (Books App, PDF, ePub, Online Book Reading, Download Books) 10 via the author_id parameter to api.php. | |||||
| CVE-2022-33128 | 1 Ruijienetworks | 2 Rg-eg350, Rg-eg350 Firmware | 2022-07-11 | 6.4 MEDIUM | 9.1 CRITICAL |
| RG-EG series gateway EG350 EG_RGOS 11.1(6) was discovered to contain a SQL injection vulnerability via the function get_alarmAction at /alarm_pi/alarmService.php. | |||||
| CVE-2022-32095 | 1 Hospital Management System Project | 1 Hospital Management System | 2022-07-08 | 7.5 HIGH | 9.8 CRITICAL |
| Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter at orders.php. | |||||
| CVE-2022-32094 | 1 Hospital Management System Project | 1 Hospital Management System | 2022-07-08 | 7.5 HIGH | 9.8 CRITICAL |
| Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the loginid parameter at doctorlogin.php. | |||||
| CVE-2022-31092 | 1 Pimcore | 1 Pimcore | 2022-07-08 | 6.8 MEDIUM | 8.1 HIGH |
| Pimcore is an Open Source Data & Experience Management Platform. Pimcore offers developers listing classes to make querying data easier. This listing classes also allow to order or group the results based on one or more columns which should be quoted by default. The actual issue is that quoting is not done properly in both cases, so there's the theoretical possibility to inject custom SQL if the developer is using this methods with input data and not doing proper input validation in advance and so relies on the auto-quoting being done by the listing classes. This issue has been resolved in version 10.4.4. Users are advised to upgrade or to apple the patch manually. There are no known workarounds for this issue. | |||||
| CVE-2017-20125 | 1 Bestsoftinc | 1 Online Hotel Booking System | 2022-07-08 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability classified as critical was found in Online Hotel Booking System Pro 1.2. Affected by this vulnerability is an unknown functionality of the file /roomtype-details.php. The manipulation of the argument tid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2022-32093 | 1 Hospital Management System Project | 1 Hospital Management System | 2022-07-08 | 7.5 HIGH | 9.8 CRITICAL |
| Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the loginid parameter at adminlogin.php. | |||||