Total
15484 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-37152 | 1 Online Diagnostic Lab Management System Project | 1 Online Diagnostic Lab Management System | 2024-11-21 | N/A | 9.8 CRITICAL |
| An issue was discovered in Online Diagnostic Lab Management System 1.0, There is a SQL injection vulnerability via "dob" parameter in "/classes/Users.php?f=save_client" | |||||
| CVE-2022-37113 | 1 Bluecms Project | 1 Bluecms | 2024-11-21 | N/A | 9.8 CRITICAL |
| Bluecms 1.6 has SQL injection in line 132 of admin/area.php | |||||
| CVE-2022-37112 | 1 Bluecms Project | 1 Bluecms | 2024-11-21 | N/A | 9.8 CRITICAL |
| BlueCMS 1.6 has SQL injection in line 55 of admin/model.php | |||||
| CVE-2022-37111 | 1 Bluecms Project | 1 Bluecms | 2024-11-21 | N/A | 9.8 CRITICAL |
| BlueCMS 1.6 has SQL injection in line 132 of admin/article.php | |||||
| CVE-2022-36979 | 1 Ivanti | 1 Avalanche | 2024-11-21 | N/A | 9.8 CRITICAL |
| This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the AvalancheDaoSupport class. A crafted request can trigger execution of SQL queries composed from a user-supplied string. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-15493. | |||||
| CVE-2022-36976 | 1 Ivanti | 1 Avalanche | 2024-11-21 | N/A | 9.8 CRITICAL |
| This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. The specific flaw exists within the GroupDaoImpl class. A crafted request can trigger execution of SQL queries composed from a user-supplied string. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-15333. | |||||
| CVE-2022-36975 | 1 Ivanti | 1 Avalanche | 2024-11-21 | N/A | 9.8 CRITICAL |
| This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. The specific flaw exists within the ProfileDaoImpl class. A crafted request can trigger execution of SQL queries composed from a user-supplied string. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-15332. | |||||
| CVE-2022-36973 | 1 Ivanti | 1 Avalanche | 2024-11-21 | N/A | 8.8 HIGH |
| This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the ProfileDaoImpl class. A crafted request can trigger execution of SQL queries composed from a user-supplied string. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-15329. | |||||
| CVE-2022-36972 | 1 Ivanti | 1 Avalanche | 2024-11-21 | N/A | 9.8 CRITICAL |
| This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. The specific flaw exists within the ProfileDaoImpl class. A crafted request can trigger execution of SQL queries composed from a user-supplied string. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-15328. | |||||
| CVE-2022-36961 | 1 Solarwinds | 1 Orion Platform | 2024-11-21 | N/A | 8.8 HIGH |
| A vulnerable component of Orion Platform was vulnerable to SQL Injection, an authenticated attacker could leverage this for privilege escalation or remote code execution. | |||||
| CVE-2022-36839 | 1 Samsung | 1 Checkout | 2024-11-21 | N/A | 5.9 MEDIUM |
| SQL injection vulnerability via IAPService in Samsung Checkout prior to version 5.0.53.1 allows attackers to access IAP information. | |||||
| CVE-2022-36787 | 1 Webvendome Project | 1 Webvendome | 2024-11-21 | N/A | 9.8 CRITICAL |
| webvendome - webvendome SQL Injection. SQL Injection in the Parameter " DocNumber" Request : Get Request : /webvendome/showfiles.aspx?jobnumber=nullDoc Number=HERE. | |||||
| CVE-2022-36759 | 1 Online Food Ordering System Project | 1 Online Food Ordering System | 2024-11-21 | N/A | 9.8 CRITICAL |
| Online Food Ordering System v1.0 was discovered to contain a SQL injection vulnerability via the component /dishes.php?res_id=. | |||||
| CVE-2022-36754 | 1 Oretnom23 | 1 Expense Management System | 2024-11-21 | N/A | 7.2 HIGH |
| Expense Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /Home/debit_credit_p. | |||||
| CVE-2022-36750 | 1 Oretnom23 | 1 Clinic\'s Patient Management System | 2024-11-21 | N/A | 9.8 CRITICAL |
| Clinic's Patient Management System v1.0 is vulnerable to SQL injection via /pms/update_user.php?id=. | |||||
| CVE-2022-36735 | 1 Library Management System Project | 1 Library Management System | 2024-11-21 | N/A | 9.8 CRITICAL |
| Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the bookId parameter at /admin/delete.php. | |||||
| CVE-2022-36734 | 1 Library Management System Project | 1 Library Management System | 2024-11-21 | N/A | 9.8 CRITICAL |
| Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the RollNo parameter at /admin/delstu.php. | |||||
| CVE-2022-36733 | 1 Library Management System Project | 1 Library Management System | 2024-11-21 | N/A | 9.8 CRITICAL |
| Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the M_Id parameter at /admin/del.php. | |||||
| CVE-2022-36732 | 1 Library Management System Project | 1 Library Management System | 2024-11-21 | N/A | 9.8 CRITICAL |
| Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /librarian/dele.php. | |||||
| CVE-2022-36731 | 1 Library Management System Project | 1 Library Management System | 2024-11-21 | N/A | 9.8 CRITICAL |
| Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the RollNo parameter at /librarian/delstu.php. | |||||