Vulnerabilities (CVE)

Filtered by CWE-89
Total 15484 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-39323 1 Glpi-project 1 Glpi 2024-11-21 N/A 7.4 HIGH
GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Time based attack using a SQL injection in api REST user_token. This issue has been patched, please upgrade to version 10.0.4. As a workaround, disable login with user_token on API Rest.
CVE-2022-39303 1 Ree6 1 Ree6 2024-11-21 N/A 8.1 HIGH
Ree6 is a moderation bot. This vulnerability allows manipulation of SQL queries. This issue has been patched in version 1.7.0 by using Javas PreparedStatements, which allow object setting without the risk of SQL injection. There are currently no known workarounds.
CVE-2022-39180 1 College Management System Project 1 College Management System 2024-11-21 N/A 9.8 CRITICAL
College Management System v1.0 - SQL Injection (SQLi). By inserting SQL commands to the username and password fields in the login.php page
CVE-2022-39056 1 Changingtec 1 Rava Certificate Validation System 2024-11-21 N/A 9.8 CRITICAL
RAVA certificate validation system has insufficient validation for user input. An unauthenticated remote attacker can inject arbitrary SQL command to access, modify and delete database.
CVE-2022-39041 1 Aenrich 1 A\+hrd 2024-11-21 N/A 9.8 CRITICAL
aEnrich a+HRD has insufficient user input validation for specific API parameter. An unauthenticated remote attacker can exploit this vulnerability to inject arbitrary SQL commands to access, modify and delete database.
CVE-2022-38812 1 Aerocms Project 1 Aerocms 2024-11-21 N/A 6.5 MEDIUM
AeroCMS 0.1.1 is vulnerable to SQL Injection via the author parameter.
CVE-2022-38808 1 Yimihome 1 Ywoa 2024-11-21 N/A 8.8 HIGH
ywoa v6.1 is vulnerable to SQL Injection via backend/oa/visual/exportExcel.do interface.
CVE-2022-38771 1 Transtek 1 Mojodat Fixed Asset Management 2024-11-21 N/A 9.8 CRITICAL
The mobile application in Transtek Mojodat FAM (Fixed Asset Management) 2.4.6 allows remote attackers to send SCRIPT tags as injected input to the API request.
CVE-2022-38637 1 Hospital Management System Project 1 Hospital Management System 2024-11-21 N/A 9.8 CRITICAL
Hospital Management System v1.0 was discovered to contain multiple SQL injection vulnerabilities via the Username and Password parameters on the Login page.
CVE-2022-38618 1 Bpcbt 1 Smartvista 2024-11-21 N/A 8.8 HIGH
SmartVista SVFE2 v2.2.22 was discovered to contain a SQL injection vulnerability via the UserForm:j_id88, UserForm:j_id90, and UserForm:j_id92 parameters at /SVFE2/pages/feegroups/country_group.jsf.
CVE-2022-38617 1 Bpcbt 1 Smartvista 2024-11-21 N/A 8.8 HIGH
SmartVista SVFE2 v2.2.22 was discovered to contain a SQL injection vulnerability via the voiceAudit:j_id97 parameter at /SVFE2/pages/audit/voiceaudit.jsf.
CVE-2022-38616 1 Bpcbt 1 Smartvista Front-end 2024-11-21 N/A 8.8 HIGH
SmartVista SVFE2 v2.2.22 was discovered to contain a SQL injection vulnerability via the UserForm:j_id90 parameter at /feegroups/tgrt_group.jsf.
CVE-2022-38615 1 Bpcbt 1 Smartvista Front-end 2024-11-21 N/A 8.8 HIGH
SmartVista SVFE2 v2.2.22 was discovered to contain multiple SQL injection vulnerabilities via the UserForm:j_id88, UserForm:j_id90, and UserForm:j_id92 parameters at /SVFE2/pages/feegroups/service_group.jsf.
CVE-2022-38610 1 Garage Management System Project 1 Garage Management System 2024-11-21 N/A 7.2 HIGH
Garage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /garage/editclient.php.
CVE-2022-38606 1 Garage Management System Project 1 Garage Management System 2024-11-21 N/A 7.2 HIGH
Garage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /garage/editcategory.php.
CVE-2022-38605 1 Church Management System Project 1 Church Management System 2024-11-21 N/A 7.2 HIGH
Church Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/edit_event.php.
CVE-2022-38595 1 Church Management System Project 1 Church Management System 2024-11-21 N/A 7.2 HIGH
Church Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/edit_user.php.
CVE-2022-38594 1 Church Management System Project 1 Church Management System 2024-11-21 N/A 7.2 HIGH
Church Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/edit_visitor.php.
CVE-2022-38576 1 Interview Management System Project 1 Interview Management System 2024-11-21 N/A 7.2 HIGH
Interview Management System v1.0 was discovered to contain a SQL injection vulnerability via the component /interview/delete.php?action=deletecand&id=.
CVE-2022-38542 1 Archerydms 1 Archery 2024-11-21 N/A 9.8 CRITICAL
Archery v1.4.0 to v1.8.5 was discovered to contain a SQL injection vulnerability via the ThreadIDs parameter in the kill_session interface. The project has released an update, please upgrade to v1.9.0 and above.