Total
14524 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-44378 | 1 Automotive Shop Management System Project | 1 Automotive Shop Management System | 2024-11-21 | N/A | 7.2 HIGH |
| Automotive Shop Management System v1.0 is vulnerable to SQL via /asms/classes/Master.php?f=delete_mechanic. | |||||
| CVE-2022-44117 | 1 Boa | 1 Boa | 2024-11-21 | N/A | 9.8 CRITICAL |
| Boa 0.94.14rc21 is vulnerable to SQL Injection via username. NOTE: the is disputed by multiple third parties because Boa does not ship with any support for SQL. | |||||
| CVE-2022-44003 | 1 Backclick | 1 Backclick | 2024-11-21 | N/A | 9.8 CRITICAL |
| An issue was discovered in BACKCLICK Professional 5.9.63. Due to insufficient escaping of user-supplied input, the application is vulnerable to SQL injection at various locations. | |||||
| CVE-2022-43860 | 1 Ibm | 1 I | 2024-11-21 | N/A | 4.3 MEDIUM |
| IBM Navigator for i 7.3, 7.4, and 7.5 could allow an authenticated user to obtain sensitive information they are authorized to but not while using this interface. By performing an SQL injection an attacker could see user profile attributes through this interface. IBM X-Force ID: 239305. | |||||
| CVE-2022-43859 | 1 Ibm | 1 I | 2024-11-21 | N/A | 6.3 MEDIUM |
| IBM Navigator for i 7.3, 7.4, and 7.5 could allow an authenticated user to obtain sensitive information for an object they are authorized to but not while using this interface. By performing a UNION based SQL injection an attacker could see file permissions through this interface. IBM X-Force ID: 239304. | |||||
| CVE-2022-43775 | 1 Deltaww | 1 Diaenergie | 2024-11-21 | N/A | 9.8 CRITICAL |
| The HICT_Loop class in Delta Electronics DIAEnergy v1.9 contains a SQL Injection flaw that could allow an attacker to gain code execution on a remote system. | |||||
| CVE-2022-43774 | 1 Deltaww | 1 Diaenergie | 2024-11-21 | N/A | 9.8 CRITICAL |
| The HandlerPageP_KID class in Delta Electronics DIAEnergy v1.9 contains a SQL Injection flaw that could allow an attacker to gain code execution on a remote system. | |||||
| CVE-2022-43709 | 1 Mybb | 1 Mybb | 2024-11-21 | N/A | 4.9 MEDIUM |
| MyBB 1.8.31 has a SQL injection vulnerability in the Admin CP's Users module allows remote authenticated users to modify the query string via direct user input or stored search filter settings. | |||||
| CVE-2022-43672 | 1 Zohocorp | 3 Manageengine Access Manager Plus, Manageengine Pam360, Manageengine Password Manager Pro | 2024-11-21 | N/A | 9.8 CRITICAL |
| Zoho ManageEngine Password Manager Pro before 12122, PAM360 before 5711, and Access Manager Plus before 4306 allow SQL Injection (in a different software component relative to CVE-2022-43671. | |||||
| CVE-2022-43671 | 1 Zohocorp | 3 Manageengine Access Manager Plus, Manageengine Pam360, Manageengine Password Manager Pro | 2024-11-21 | N/A | 9.8 CRITICAL |
| Zoho ManageEngine Password Manager Pro before 12122, PAM360 before 5711, and Access Manager Plus before 4306 allow SQL Injection. | |||||
| CVE-2022-43506 | 1 Deltaww | 1 Diaenergie | 2024-11-21 | N/A | 8.8 HIGH |
| SQL Injection in HandlerTag_KID.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network | |||||
| CVE-2022-43462 | 1 Ip Blacklist Cloud Project | 1 Ip Blacklist Cloud | 2024-11-21 | N/A | 9.1 CRITICAL |
| Auth. SQL Injection (SQLi) vulnerability in Adeel Ahmed's IP Blacklist Cloud plugin <= 5.00 versions. | |||||
| CVE-2022-43457 | 1 Deltaww | 1 Diaenergie | 2024-11-21 | N/A | 8.8 HIGH |
| SQL Injection in HandlerPage_KID.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network | |||||
| CVE-2022-43452 | 1 Deltaww | 1 Diaenergie | 2024-11-21 | N/A | 8.8 HIGH |
| SQL Injection in FtyInfoSetting.aspx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network | |||||
| CVE-2022-43447 | 1 Deltaww | 1 Diaenergie | 2024-11-21 | N/A | 8.8 HIGH |
| SQL Injection in AM_EBillAnalysis.aspx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network | |||||
| CVE-2022-43437 | 1 Easy Test Project | 1 Easy Test | 2024-11-21 | N/A | 8.8 HIGH |
| The Download function’s parameter of EasyTest has insufficient validation for user input. A remote attacker authenticated as a general user can inject arbitrary SQL command to access, modify or delete database. | |||||
| CVE-2022-43362 | 1 Slims | 1 Senayan Library Management System | 2024-11-21 | N/A | 7.2 HIGH |
| Senayan Library Management System v9.4.2 was discovered to contain a SQL injection vulnerability via the collType parameter at loan_by_class.php. | |||||
| CVE-2022-43355 | 1 Sanitization Management System Project | 1 Sanitization Management System | 2024-11-21 | N/A | 7.2 HIGH |
| Sanitization Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /php-sms/classes/Master.php?f=delete_service. | |||||
| CVE-2022-43354 | 1 Sanitization Management System Project | 1 Sanitization Management System | 2024-11-21 | N/A | 7.2 HIGH |
| Sanitization Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/?page=orders/manage_request. | |||||
| CVE-2022-43353 | 1 Sanitization Management System Project | 1 Sanitization Management System | 2024-11-21 | N/A | 7.2 HIGH |
| Sanitization Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/?page=orders/view_order. | |||||