Total
14524 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-2422 | 1 Feathersjs | 1 Feathers-sequelize | 2024-11-21 | N/A | 10.0 CRITICAL |
| Due to improper input validation in the Feathers js library, it is possible to perform a SQL injection attack on the back-end database, in case the feathers-sequelize package is used. | |||||
| CVE-2022-2421 | 1 Socket | 1 Socket.io-parser | 2024-11-21 | N/A | 10.0 CRITICAL |
| Due to improper type validation in attachment parsing the Socket.io js library, it is possible to overwrite the _placeholder object which allows an attacker to place references to functions at arbitrary places in the resulting query object. | |||||
| CVE-2022-2315 | 1 Databank | 1 Accreditation Tracking\/presentation Module | 2024-11-21 | N/A | 9.4 CRITICAL |
| Database Software Accreditation Tracking/Presentation Module product before version 2 has an unauthenticated SQL Injection vulnerability. This is fixed in version 2. | |||||
| CVE-2022-2298 | 1 Oretnom23 | 1 Clinic\'s Patient Management System | 2024-11-21 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability has been found in SourceCodester Clinics Patient Management System 2.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /pms/index.php of the component Login Page. The manipulation of the argument user_name with the input admin' or '1'='1 leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2022-2272 | 1 Santesoft | 1 Sante Pacs Server | 2024-11-21 | N/A | 9.8 CRITICAL |
| This vulnerability allows remote attackers to bypass authentication on affected installations of Sante PACS Server 3.0.4. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the login endpoint. When parsing the username element, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-17331. | |||||
| CVE-2022-2269 | 1 Wpwhitesecurity | 1 Website File Changes Monitor | 2024-11-21 | N/A | 9.8 CRITICAL |
| The Website File Changes Monitor WordPress plugin before 1.8.3 does not sanitise and escape user input before using it in a SQL statement via an action available to users with the manage_options capability (by default admins), leading to an SQL injection | |||||
| CVE-2022-2263 | 1 Online Hotel Booking Project | 1 Online Hotel Booking | 2024-11-21 | 6.5 MEDIUM | 4.7 MEDIUM |
| A vulnerability was found in Online Hotel Booking System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file edit_room_cat.php of the component Room Handler. The manipulation of the argument roomname leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2022-2262 | 1 Online Hotel Booking Project | 1 Online Hotel Booking | 2024-11-21 | 6.5 MEDIUM | 4.7 MEDIUM |
| A vulnerability has been found in Online Hotel Booking System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file edit_all_room.php of the component Room Handler. The manipulation of the argument id with the input 2828%27%20AND%20(SELECT%203766%20FROM%20(SELECT(SLEEP(5)))BmIK)%20AND%20%27YLPl%27=%27YLPl leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2022-2238 | 1 Redhat | 1 Advanced Cluster Management For Kubernetes | 2024-11-21 | N/A | 6.5 MEDIUM |
| A vulnerability was found in the search-api container in Red Hat Advanced Cluster Management for Kubernetes when a query in the search filter gets parsed by the backend. This flaw allows an attacker to craft specific strings containing special characters that lead to crashing the pod and affects system availability while restarting. | |||||
| CVE-2022-2214 | 1 Library Management System Project | 1 Library Management System | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in SourceCodester Library Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /librarian/bookdetails.php. The manipulation of the argument id with the input ' AND (SELECT 9198 FROM (SELECT(SLEEP(5)))iqZA)-- PbtB leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2022-2177 | 1 Kayrasoft | 1 Kayrasoft | 2024-11-21 | N/A | 9.4 CRITICAL |
| Kayrasoft product before version 2 has an unauthenticated SQL Injection vulnerability. This is fixed in version 2. | |||||
| CVE-2022-2142 | 1 Advantech | 1 Iview | 2024-11-21 | N/A | 8.1 HIGH |
| The affected product is vulnerable to a SQL injection with high attack complexity, which may allow an unauthorized attacker to disclose information. | |||||
| CVE-2022-2137 | 1 Advantech | 1 Iview | 2024-11-21 | N/A | 4.9 MEDIUM |
| The affected product is vulnerable to two SQL injections that require high privileges for exploitation and may allow an unauthorized attacker to disclose information | |||||
| CVE-2022-2136 | 1 Advantech | 1 Iview | 2024-11-21 | N/A | 8.8 HIGH |
| The affected product is vulnerable to multiple SQL injections that require low privileges for exploitation and may allow an unauthorized attacker to disclose information. | |||||
| CVE-2022-2135 | 1 Advantech | 1 Iview | 2024-11-21 | N/A | 7.5 HIGH |
| The affected product is vulnerable to multiple SQL injections, which may allow an unauthorized attacker to disclose information. | |||||
| CVE-2022-2086 | 1 Bank Management System Project | 1 Bank Management System | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability, which was classified as critical, has been found in SourceCodester Bank Management System 1.0. Affected by this issue is login.php. The manipulation of the argument password with the input 1'and 1=2 union select 1,sleep(10),3,4,5 --+ leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2022-2067 | 1 Rosariosis | 1 Rosariosis | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| SQL Injection in GitHub repository francoisjacquet/rosariosis prior to 9.0. | |||||
| CVE-2022-2018 | 1 Prison Management System Project | 1 Prison Management System | 2024-11-21 | 7.5 HIGH | 4.7 MEDIUM |
| A vulnerability classified as critical has been found in SourceCodester Prison Management System 1.0. Affected is an unknown function of the file /admin/?page=inmates/view_inmate of the component Inmate Handler. The manipulation of the argument id with the input 1%27%20and%201=2%20union%20select%201,user(),3,4,5,6,7,8,9,0,database(),2,3,4,5,6,7,8,9,0,1,2,3,4--+ leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2022-2017 | 1 Prison Management System Project | 1 Prison Management System | 2024-11-21 | 6.5 MEDIUM | 4.7 MEDIUM |
| A vulnerability was found in SourceCodester Prison Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /pms/admin/visits/view_visit.php of the component Visit Handler. The manipulation of the argument id with the input 2%27and%201=2%20union%20select%201,2,3,4,5,6,7,user(),database()--+ leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2022-29995 | 1 Online Sports Complex Booking System Project | 1 Online Sports Complex Booking System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/admin/?page=clients/manage_client&id=. | |||||