Total
14524 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-28412 | 1 Car Driving School Management System Project | 1 Car Driving School Management System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Car Driving School Managment System v1.0 was discovered to contain a SQL injection vulnerability via /cdsms/classes/Master.php?f=delete_package. | |||||
| CVE-2022-28411 | 1 Simple Real Estate Portal System Portal | 1 Simple Real Estate Portal System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Simple Real Estate Portal System v1.0 was discovered to contain a SQL injection vulnerability via /reps/admin/?page=agents/manage_agent. | |||||
| CVE-2022-28410 | 1 Simple Real Estate Portal System Project | 1 Simple Real Estate Portal System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Simple Real Estate Portal System v1.0 was discovered to contain a SQL injection vulnerability via /reps/classes/Users.php?f=delete_agent. | |||||
| CVE-2022-28347 | 2 Debian, Djangoproject | 2 Debian Linux, Django | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL injection issue was discovered in QuerySet.explain() in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. This occurs by passing a crafted dictionary (with dictionary expansion) as the **options argument, and placing the injection payload in an option name. | |||||
| CVE-2022-28346 | 2 Debian, Djangoproject | 2 Debian Linux, Django | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. QuerySet.annotate(), aggregate(), and extra() methods are subject to SQL injection in column aliases via a crafted dictionary (with dictionary expansion) as the passed **kwargs. | |||||
| CVE-2022-28163 | 1 Broadcom | 1 Sannav | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In Brocade SANnav before Brocade SANnav 2.2.0, multiple endpoints associated with Zone management are susceptible to SQL injection, allowing an attacker to run arbitrary SQL commands. | |||||
| CVE-2022-28132 | 2024-11-21 | N/A | 7.2 HIGH | ||
| The T-Soft E-Commerce 4 web application is susceptible to SQL injection (SQLi) attacks when authenticated as an admin or privileged user. This vulnerability allows attackers to access and manipulate the database through crafted requests. By exploiting this flaw, attackers can bypass authentication mechanisms, view sensitive information stored in the database, and potentially exfiltrate data. | |||||
| CVE-2022-28116 | 1 Online Banking System Project | 1 Online Banking System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter. | |||||
| CVE-2022-28115 | 1 Online Sports Complex Booking Project | 1 Online Sports Complex Booking | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Online Sports Complex Booking v1.0 was discovered to contain a SQL injection vulnerability via the id parameter. | |||||
| CVE-2022-28111 | 1 Pagehelper Project | 1 Pagehelper | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| MyBatis PageHelper v1.x.x-v3.7.0 v4.0.0-v5.0.0,v5.1.0-v5.3.0 was discovered to contain a time-blind SQL injection vulnerability via the orderBy parameter. | |||||
| CVE-2022-28110 | 1 Hotel Management System Project | 1 Hotel Management System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Hotel Management System v1.0 was discovered to contain a SQL injection vulnerability via the username parameter at the login page. | |||||
| CVE-2022-28105 | 1 Online Sports Complex Booking System Project | 1 Online Sports Complex Booking System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Online Sports Complex Booking System v1.0 was discovered to contain a blind SQL injection vulnerability via the id parameter in /scbs/view_facility.php. | |||||
| CVE-2022-28099 | 1 Poultry Farm Management System Project | 1 Poultry Farm Management System | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Poultry Farm Management System v1.0 was discovered to contain a SQL injection vulnerability via the Item parameter at /farm/store.php. | |||||
| CVE-2022-28080 | 1 Event Management System Project | 1 Event Management System | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Royal Event Management System v1.0 was discovered to contain a SQL injection vulnerability via the todate parameter. | |||||
| CVE-2022-28079 | 1 College Management System Project | 1 College Management System | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| College Management System v1.0 was discovered to contain a SQL injection vulnerability via the course_code parameter. | |||||
| CVE-2022-28060 | 1 Victor Cms Project | 1 Victor Cms | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| SQL Injection vulnerability in Victor CMS v1.0, via the user_name parameter to /includes/login.php. | |||||
| CVE-2022-28036 | 1 Thedigitalcraft | 1 Atomcms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| AtomCMS 2.0 is vulnerable to SQL Injection via Atom.CMS_admin_ajax_navigation.php | |||||
| CVE-2022-28035 | 1 Thedigitalcraft | 1 Atomcms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Atom.CMS 2.0 is vulnerable to SQL Injection via Atom.CMS_admin_ajax_blur-save.php | |||||
| CVE-2022-28034 | 1 Thedigitalcraft | 1 Atomcms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| AtomCMS 2.0 is vulnerabie to SQL Injection via Atom.CMS_admin_ajax_list-sort.php | |||||
| CVE-2022-28033 | 1 Thedigitalcraft | 1 Atomcms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Atom.CMS 2.0 is vulnerable to SQL Injection via Atom.CMS_admin_uploads.php | |||||