Total
14524 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-39822 | 1 Nokia | 1 Network Functions Manager For Transport | 2024-11-21 | N/A | 8.8 HIGH |
| In NOKIA NFM-T R19.9, a SQL Injection vulnerability occurs in /cgi-bin/R19.9/easy1350.pl of the VM Manager WebUI via the id or host HTTP GET parameter. An authenticated attacker is required for exploitation. | |||||
| CVE-2022-39817 | 1 Nokia | 1 1350 Optical Management System | 2024-11-21 | N/A | 8.8 HIGH |
| In NOKIA 1350 OMS R14.2, multiple SQL Injection vulnerabilities occurs. Exploitation requires an authenticated attacker. Through the injection of arbitrary SQL statements, a potential authenticated attacker can modify query syntax and perform unauthorized (and unexpected) operations against the remote database. | |||||
| CVE-2022-39323 | 1 Glpi-project | 1 Glpi | 2024-11-21 | N/A | 7.4 HIGH |
| GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Time based attack using a SQL injection in api REST user_token. This issue has been patched, please upgrade to version 10.0.4. As a workaround, disable login with user_token on API Rest. | |||||
| CVE-2022-39303 | 1 Ree6 | 1 Ree6 | 2024-11-21 | N/A | 8.1 HIGH |
| Ree6 is a moderation bot. This vulnerability allows manipulation of SQL queries. This issue has been patched in version 1.7.0 by using Javas PreparedStatements, which allow object setting without the risk of SQL injection. There are currently no known workarounds. | |||||
| CVE-2022-39180 | 1 College Management System Project | 1 College Management System | 2024-11-21 | N/A | 9.8 CRITICAL |
| College Management System v1.0 - SQL Injection (SQLi). By inserting SQL commands to the username and password fields in the login.php page | |||||
| CVE-2022-39179 | 1 College Management System Project | 1 College Management System | 2024-11-21 | N/A | 7.2 HIGH |
| College Management System v1.0 - Authenticated remote code execution. An admin user (the authentication can be bypassed using SQL Injection that mentioned in my other report) can upload .php file that contains malicious code via student.php file. | |||||
| CVE-2022-39069 | 1 Zte | 1 Zaip-aie | 2024-11-21 | N/A | 5.3 MEDIUM |
| There is a SQL injection vulnerability in ZTE ZAIP-AIE. Due to lack of input verification by the server, an attacker could trigger an attack by building malicious requests. Exploitation of this vulnerability could cause the leakage of the current table content. | |||||
| CVE-2022-39066 | 1 Zte | 2 Mf286r, Mf286r Firmware | 2024-11-21 | N/A | 8.8 HIGH |
| There is a SQL injection vulnerability in ZTE MF286R. Due to insufficient validation of the input parameters of the phonebook interface, an authenticated attacker could use the vulnerability to execute arbitrary SQL injection. | |||||
| CVE-2022-39056 | 1 Changingtec | 1 Rava Certificate Validation System | 2024-11-21 | N/A | 9.8 CRITICAL |
| RAVA certificate validation system has insufficient validation for user input. An unauthenticated remote attacker can inject arbitrary SQL command to access, modify and delete database. | |||||
| CVE-2022-39041 | 1 Aenrich | 1 A\+hrd | 2024-11-21 | N/A | 9.8 CRITICAL |
| aEnrich a+HRD has insufficient user input validation for specific API parameter. An unauthenticated remote attacker can exploit this vulnerability to inject arbitrary SQL commands to access, modify and delete database. | |||||
| CVE-2022-38878 | 1 School Activity Updates With Sms Notification Project | 1 School Activity Updates With Sms Notification | 2024-11-21 | N/A | 7.2 HIGH |
| School Activity Updates with SMS Notification v1.0 is vulnerable to SQL Injection via /activity/admin/modules/event/index.php?view=edit&id=. | |||||
| CVE-2022-38833 | 1 School Activity Updates With Sms Notification Project | 1 School Activity Updates With Sms Notification | 2024-11-21 | N/A | 7.2 HIGH |
| School Activity Updates with SMS Notification v1.0 is vulnerable to SQL Injection via /activity/admin/modules/modstudent/index.php?view=view&id=. | |||||
| CVE-2022-38832 | 1 School Activity Updates With Sms Notification Project | 1 School Activity Updates With Sms Notification | 2024-11-21 | N/A | 7.2 HIGH |
| School Activity Updates with SMS Notification v1.0 is vulnerable to SQL Injection via /activity/admin/modules/department/index.php?view=edit&id=. | |||||
| CVE-2022-38812 | 1 Aerocms Project | 1 Aerocms | 2024-11-21 | N/A | 6.5 MEDIUM |
| AeroCMS 0.1.1 is vulnerable to SQL Injection via the author parameter. | |||||
| CVE-2022-38808 | 1 Yimihome | 1 Ywoa | 2024-11-21 | N/A | 8.8 HIGH |
| ywoa v6.1 is vulnerable to SQL Injection via backend/oa/visual/exportExcel.do interface. | |||||
| CVE-2022-38771 | 1 Transtek | 1 Mojodat Fixed Asset Management | 2024-11-21 | N/A | 9.8 CRITICAL |
| The mobile application in Transtek Mojodat FAM (Fixed Asset Management) 2.4.6 allows remote attackers to send SCRIPT tags as injected input to the API request. | |||||
| CVE-2022-38637 | 1 Hospital Management System Project | 1 Hospital Management System | 2024-11-21 | N/A | 9.8 CRITICAL |
| Hospital Management System v1.0 was discovered to contain multiple SQL injection vulnerabilities via the Username and Password parameters on the Login page. | |||||
| CVE-2022-38619 | 1 Bpcbt | 1 Smartvista Front-end | 2024-11-21 | N/A | 9.8 CRITICAL |
| SmartVista SVFE2 v2.2.22 was discovered to contain a SQL injection vulnerability via the UserForm:j_id90 parameter at /SVFE2/pages/feegroups/mcc_group.jsf. | |||||
| CVE-2022-38618 | 1 Bpcbt | 1 Smartvista | 2024-11-21 | N/A | 8.8 HIGH |
| SmartVista SVFE2 v2.2.22 was discovered to contain a SQL injection vulnerability via the UserForm:j_id88, UserForm:j_id90, and UserForm:j_id92 parameters at /SVFE2/pages/feegroups/country_group.jsf. | |||||
| CVE-2022-38617 | 1 Bpcbt | 1 Smartvista | 2024-11-21 | N/A | 8.8 HIGH |
| SmartVista SVFE2 v2.2.22 was discovered to contain a SQL injection vulnerability via the voiceAudit:j_id97 parameter at /SVFE2/pages/audit/voiceaudit.jsf. | |||||