Total
14524 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-42074 | 1 Online Diagnostic Lab Management System Project | 1 Online Diagnostic Lab Management System | 2024-11-21 | N/A | 7.2 HIGH |
Online Diagnostic Lab Management System v1.0 is vulnerable to SQL Injection via /diagnostic/editcategory.php?id=. | |||||
CVE-2022-42073 | 1 Online Diagnostic Lab Management System Project | 1 Online Diagnostic Lab Management System | 2024-11-21 | N/A | 7.2 HIGH |
Online Diagnostic Lab Management System v1.0 is vulnerable to SQL Injection via /diagnostic/editclient.php?id=. | |||||
CVE-2022-42064 | 1 Online Diagnostic Lab Management System Project | 1 Online Diagnostic Lab Management System | 2024-11-21 | N/A | 9.8 CRITICAL |
Online Diagnostic Lab Management System version 1.0 remote exploit that bypasses login with SQL injection and then uploads a shell. | |||||
CVE-2022-42021 | 1 Best Student Result Management System Project | 1 Best Student Result Management System | 2024-11-21 | N/A | 9.8 CRITICAL |
Best Student Result Management System v1.0 is vulnerable to SQL Injection via /upresult/upresult/notice-details.php?nid=. | |||||
CVE-2022-41892 | 1 Archesproject | 1 Arches | 2024-11-21 | N/A | 8.6 HIGH |
Arches is a web platform for creating, managing, & visualizing geospatial data. Versions prior to 6.1.2, 6.2.1, and 7.1.2 are vulnerable to SQL Injection. With a carefully crafted web request, it's possible to execute certain unwanted sql statements against the database. This issue is fixed in version 7.12, 6.2.1, and 6.1.2. Users are recommended to upgrade as soon as possible. There are no workarounds. | |||||
CVE-2022-41775 | 1 Deltaww | 1 Diaenergie | 2024-11-21 | N/A | 8.8 HIGH |
SQL Injection in Handler_CFG.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network | |||||
CVE-2022-41773 | 1 Deltaww | 1 Diaenergie | 2024-11-21 | N/A | 8.8 HIGH |
The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in CheckDIACloud. A low-privileged authenticated attacker could exploit this issue to inject arbitrary SQL queries. | |||||
CVE-2022-41731 | 2 Ibm, Redhat | 2 Watson Knowledge Catalog On Cloud Pak For Data, Openshift | 2024-11-21 | N/A | 8.6 HIGH |
IBM Watson Knowledge Catalog on Cloud Pak for Data 4.5.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 237402. | |||||
CVE-2022-41680 | 1 Formalms | 1 Formalms | 2024-11-21 | N/A | 7.6 HIGH |
Forma LMS on its 3.1.0 version and earlier is vulnerable to a SQL injection vulnerability. The exploitation of this vulnerability could allow an authenticated attacker (with the role of student) to perform a SQL injection on the 'search[value] parameter in the appLms/ajax.server.php?r=mycertificate/getMyCertificates' function in order to dump the entire database. | |||||
CVE-2022-41671 | 1 Schneider-electric | 2 Ecostruxure Operator Terminal Expert, Pro-face Blue | 2024-11-21 | N/A | 7.0 HIGH |
A CWE-89: Improper Neutralization of Special Elements used in SQL Command (‘SQL Injection’) vulnerability exists that allows adversaries with local user privileges to craft a malicious SQL query and execute as part of project migration which could result in execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1 or prior), Pro-face BLUE(V3.3 Hotfix1 or prior). | |||||
CVE-2022-41570 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2024-11-21 | N/A | 9.8 CRITICAL |
An issue was discovered in EyesOfNetwork (EON) through 5.3.11. Unauthenticated SQL injection can occur. | |||||
CVE-2022-41551 | 1 Garage Management System Project | 1 Garage Management System | 2024-11-21 | N/A | 7.2 HIGH |
Garage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /garage/editorder.php. | |||||
CVE-2022-41536 | 1 Open Source Sacco Management System Project | 1 Open Source Sacco Management System | 2024-11-21 | N/A | 7.2 HIGH |
Open Source SACCO Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /sacco_shield/manage_user.php. | |||||
CVE-2022-41535 | 1 Open Source Sacco Management System Project | 1 Open Source Sacco Management System | 2024-11-21 | N/A | 7.2 HIGH |
Open Source SACCO Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /sacco_shield/manage_borrower.php. | |||||
CVE-2022-41532 | 1 Open Source Sacco Management System Project | 1 Open Source Sacco Management System | 2024-11-21 | N/A | 7.2 HIGH |
Open Source SACCO Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /sacco_shield/ajax.php?action=delete_plan. | |||||
CVE-2022-41530 | 1 Open Source Sacco Management System Project | 1 Open Source Sacco Management System | 2024-11-21 | N/A | 7.2 HIGH |
Open Source SACCO Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /sacco_shield/ajax.php?action=delete_borrower. | |||||
CVE-2022-41515 | 1 Open Source Sacco Management System Project | 1 Open Source Sacco Management System | 2024-11-21 | N/A | 7.2 HIGH |
Open Source SACCO Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /sacco_shield/ajax.php?action=delete_payment. | |||||
CVE-2022-41514 | 1 Open Source Sacco Management System Project | 1 Open Source Sacco Management System | 2024-11-21 | N/A | 7.2 HIGH |
Open Source SACCO Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /sacco_shield/ajax.php?action=delete_loan. | |||||
CVE-2022-41513 | 1 Online Diagnostic Lab Management System Project | 1 Online Diagnostic Lab Management System | 2024-11-21 | N/A | 7.2 HIGH |
Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /diagnostic/edittest.php. | |||||
CVE-2022-41498 | 1 Billing System Project | 1 Billing System | 2024-11-21 | N/A | 7.2 HIGH |
Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /phpinventory/editbrand.php. |