Total
15515 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-4726 | 1 Sanitization Management System Project | 1 Sanitization Management System | 2024-11-21 | N/A | 6.3 MEDIUM |
| A vulnerability classified as critical was found in SourceCodester Sanitization Management System 1.0. Affected by this vulnerability is an unknown functionality of the component Admin Login. The manipulation of the argument username/password leads to sql injection. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-216739. | |||||
| CVE-2022-4592 | 1 Crmx Project | 1 Crmx | 2024-11-21 | N/A | 6.3 MEDIUM |
| A vulnerability was found in luckyshot CRMx and classified as critical. This issue affects the function get/save/delete/comment/commentdelete of the file index.php. The manipulation leads to sql injection. The attack may be initiated remotely. The name of the patch is 8c62d274986137d6a1d06958a6f75c3553f45f8f. It is recommended to apply a patch to fix this issue. The identifier VDB-216185 was assigned to this vulnerability. | |||||
| CVE-2022-4566 | 1 Ruoyi | 1 Ruoyi | 2024-11-21 | N/A | 5.5 MEDIUM |
| A vulnerability, which was classified as critical, has been found in y_project RuoYi 4.7.5. This issue affects some unknown processing of the file com/ruoyi/generator/controller/GenController. The manipulation leads to sql injection. The name of the patch is 167970e5c4da7bb46217f576dc50622b83f32b40. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-215975. | |||||
| CVE-2022-4557 | 1 Gruparge | 1 Smartpower | 2024-11-21 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Group Arge Energy and Control Systems Smartpower Web allows SQL Injection.This issue affects Smartpower Web: before 23.01.01. | |||||
| CVE-2022-4454 | 1 M0ver | 1 Bible-online | 2024-11-21 | N/A | 5.5 MEDIUM |
| A vulnerability, which was classified as critical, has been found in m0ver bible-online. Affected by this issue is the function query of the file src/main/java/custom/application/search.java of the component Search Handler. The manipulation leads to sql injection. The name of the patch is 6ef0aabfb2d4ccd53fcaa9707781303af357410e. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-215444. | |||||
| CVE-2022-4422 | 1 Bulutses | 1 Bulutdesk Callcenter | 2024-11-21 | N/A | 9.8 CRITICAL |
| Call Center System developed by Bulutses Information Technologies before version 3.0 has an unauthenticated Sql Injection vulnerability. This has been fixed in the version 3.0 | |||||
| CVE-2022-4416 | 1 Mxsdoc Project | 1 Mxsdoc | 2024-11-21 | N/A | 6.3 MEDIUM |
| A vulnerability was found in RainyGao DocSys. It has been declared as critical. This vulnerability affects the function getReposAllUsers of the file /DocSystem/Repos/getReposAllUsers.do. The manipulation of the argument searchWord/reposId leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-215278 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-4403 | 1 Canteen Management System Project | 1 Canteen Management System | 2024-11-21 | N/A | 6.3 MEDIUM |
| A vulnerability classified as critical was found in SourceCodester Canteen Management System. This vulnerability affects unknown code of the file ajax_represent.php. The manipulation of the argument customer_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-215272. | |||||
| CVE-2022-4399 | 1 Nodau Project | 1 Nodau | 2024-11-21 | N/A | 5.5 MEDIUM |
| A vulnerability was found in TicklishHoneyBee nodau. It has been rated as critical. Affected by this issue is some unknown functionality of the file src/db.c. The manipulation of the argument value/name leads to sql injection. The name of the patch is 7a7d737a3929f335b9717ddbd31db91151b69ad2. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-215252. | |||||
| CVE-2022-4375 | 1 Mingsoft | 1 Mcms | 2024-11-21 | N/A | 6.3 MEDIUM |
| A vulnerability was found in Mingsoft MCMS up to 5.2.9. It has been classified as critical. Affected is an unknown function of the file /cms/category/list. The manipulation of the argument sqlWhere leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 5.2.10 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-215196. | |||||
| CVE-2022-4322 | 1 Maku | 1 Maku-boot | 2024-11-21 | N/A | 6.3 MEDIUM |
| A vulnerability, which was classified as critical, was found in maku-boot up to 2.2.0. This affects the function doExecute of the file AbstractScheduleJob.java of the component Scheduled Task Handler. The manipulation leads to injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 446eb7294332efca2bfd791bc37281cedac0d0ff. It is recommended to apply a patch to fix this issue. The identifier VDB-215013 was assigned to this vulnerability. | |||||
| CVE-2022-4290 | 1 Cyr To Lat Project | 1 Cyr To Lat | 2024-11-21 | N/A | 8.8 HIGH |
| The Cyr to Lat plugin for WordPress is vulnerable to authenticated SQL Injection via the 'ctl_sanitize_title' function in versions up to, and including, 3.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This potentially allows authenticated users with the ability to add or modify terms or tags to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. A partial patch became available in version 3.6 and the issue was fully patched in version 3.7. | |||||
| CVE-2022-4278 | 1 Oretnom23 | 1 Human Resource Management System | 2024-11-21 | N/A | 4.7 MEDIUM |
| A vulnerability was found in SourceCodester Human Resource Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /hrm/employeeadd.php. The manipulation of the argument empid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214775. | |||||
| CVE-2022-4277 | 1 Xsjczx | 1 Background Management System | 2024-11-21 | N/A | 6.3 MEDIUM |
| A vulnerability was found in Shaoxing Background Management System. It has been declared as critical. This vulnerability affects unknown code of the file /Default/Bd. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-214774 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-4275 | 1 House Rental System Project | 1 House Rental System | 2024-11-21 | N/A | 6.3 MEDIUM |
| A vulnerability has been found in House Rental System and classified as critical. Affected by this vulnerability is an unknown functionality of the file search-property.php of the component POST Request Handler. The manipulation of the argument search_property leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214771. | |||||
| CVE-2022-4274 | 1 House Rental System Project | 1 House Rental System | 2024-11-21 | N/A | 6.3 MEDIUM |
| A vulnerability, which was classified as critical, was found in House Rental System. Affected is an unknown function of the file /view-property.php. The manipulation of the argument property_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-214770 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-4259 | 1 Nozominetworks | 2 Cmc, Guardian | 2024-11-21 | N/A | 8.8 HIGH |
| Due to improper input validation in the Alerts controller, a SQL injection vulnerability in Nozomi Networks Guardian and CMC allows an authenticated attacker to execute arbitrary SQL queries on the DBMS used by the web application. | |||||
| CVE-2022-4222 | 1 Canteen Management System Project | 1 Canteen Management System | 2024-11-21 | N/A | 5.0 MEDIUM |
| A vulnerability was found in SourceCodester Canteen Management System. It has been rated as critical. This issue affects the function query of the file ajax_invoice.php of the component POST Request Handler. The manipulation of the argument search leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214523. | |||||
| CVE-2022-4093 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-11-21 | N/A | 9.8 CRITICAL |
| SQL injection attacks can result in unauthorized access to sensitive data, such as passwords, credit card details, or personal user information. Many high-profile data breaches in recent years have been the result of SQL injection attacks, leading to reputational damage and regulatory fines. In some cases, an attacker can obtain a persistent backdoor into an organization's systems, leading to a long-term compromise that can go unnoticed for an extended period. This affect 16.0.1 and 16.0.2 only. 16.0.0 or lower, and 16.0.3 or higher are not affected | |||||
| CVE-2022-4088 | 1 Stock Management System Project | 1 Stock Management System | 2024-11-21 | N/A | 7.3 HIGH |
| A vulnerability was found in rickxy Stock Management System and classified as critical. Affected by this issue is some unknown functionality of the file /pages/processlogin.php. The manipulation of the argument user/password leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-214322 is the identifier assigned to this vulnerability. | |||||