Total
14524 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-28009 | 1 Attendance And Payroll System Project | 1 Attendance And Payroll System | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Attendance and Payroll System v1.0 was discovered to contain a SQL injection vulnerability via the component \admin\attendance_delete.php. | |||||
| CVE-2022-28008 | 1 Attendance And Payroll System Project | 1 Attendance And Payroll System | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Attendance and Payroll System v1.0 was discovered to contain a SQL injection vulnerability via the component \admin\attendance_delete.php. | |||||
| CVE-2022-28007 | 1 Attendance And Payroll System Project | 1 Attendance And Payroll System | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Attendance and Payroll System v1.0 was discovered to contain a SQL injection vulnerability via the component \admin\cashadvance_delete.php. | |||||
| CVE-2022-28006 | 1 Attendance And Payroll System Project | 1 Attendance And Payroll System | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Attendance and Payroll System v1.0 was discovered to contain a SQL injection vulnerability via the component \admin\employee_delete.php. | |||||
| CVE-2022-28001 | 1 Movie Seat Reservation Project | 1 Movie Seat Reservation | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Movie Seat Reservation v1 was discovered to contain a SQL injection vulnerability at /index.php?page=reserve via the id parameter. | |||||
| CVE-2022-28000 | 1 Car Rental System Project | 1 Car Rental System | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Car Rental System v1.0 was discovered to contain a SQL injection vulnerability at /Car_Rental/booking.php via the id parameter. | |||||
| CVE-2022-27992 | 1 Phpgurukul | 1 Zoo Management System | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Zoo Management System v1.0 was discovered to contain a SQL injection vulnerability at /public_html/animals via the class_id parameter. | |||||
| CVE-2022-27991 | 1 Online Banking System Project | 1 Online Banking System | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Online Banking System in PHP v1 was discovered to contain multiple SQL injection vulnerabilities at /staff_login.php via the Staff ID and Staff Password parameters. | |||||
| CVE-2022-27985 | 1 Cuppacms | 1 Cuppacms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| CuppaCMS v1.0 was discovered to contain a SQL injection vulnerability via /administrator/alerts/alertLightbox.php. | |||||
| CVE-2022-27984 | 1 Cuppacms | 1 Cuppacms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| CuppaCMS v1.0 was discovered to contain a SQL injection vulnerability via the menu_filter parameter at /administrator/templates/default/html/windows/right.php. | |||||
| CVE-2022-27962 | 1 Bluecms Project | 1 Bluecms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Bluecms 1.6 has a SQL injection vulnerability at cooike. | |||||
| CVE-2022-27927 | 1 Microfinance Management System Project | 1 Microfinance Management System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL injection vulnerability exists in Microfinance Management System 1.0 when MySQL is being used as the application database. An attacker can issue SQL commands to the MySQL database through the vulnerable course_code and/or customer_number parameter. | |||||
| CVE-2022-27908 | 1 Zohocorp | 1 Manageengine Opmanager | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Zoho ManageEngine OpManager before 125588 (and before 125603) is vulnerable to authenticated SQL Injection in the Inventory Reports module. | |||||
| CVE-2022-27613 | 1 Synology | 1 Carddav Server | 2024-11-21 | N/A | 8.3 HIGH |
| Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in webapi component in Synology CardDAV Server before 6.0.10-0153 allows remote authenticated users to inject SQL commands via unspecified vectors. | |||||
| CVE-2022-27596 | 1 Qnap | 2 Qts, Quts Hero | 2024-11-21 | N/A | 9.8 CRITICAL |
| A vulnerability has been reported to affect QNAP device running QuTS hero, QTS. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of QuTS hero, QTS: QuTS hero h5.0.1.2248 build 20221215 and later QTS 5.0.1.2234 build 20221201 and later | |||||
| CVE-2022-27485 | 1 Fortinet | 1 Fortisandbox | 2024-11-21 | N/A | 6.5 MEDIUM |
| A improper neutralization of special elements used in an sql command ('sql injection') vulnerability [CWE-89] in Fortinet FortiSandbox version 4.2.0, 4.0.0 through 4.0.2, 3.2.0 through 3.2.3, 3.1.x and 3.0.x allows a remote and authenticated attacker with read permission to retrieve arbitrary files from the underlying Linux system via a crafted HTTP request. | |||||
| CVE-2022-27479 | 1 Apache | 1 Superset | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Apache Superset before 1.4.2 is vulnerable to SQL injection in chart data requests. Users should update to 1.4.2 or higher which addresses this issue. | |||||
| CVE-2022-27473 | 1 Roothub Project | 1 Roothub | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in Topics Searching feature of Roothub 2.6.0 allows unauthorized attackers to execute arbitrary SQL commands via the "s" parameter remotely. | |||||
| CVE-2022-27472 | 1 Roothub Project | 1 Roothub | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in Topics Counting feature of Roothub 2.6.0 allows unauthorized attackers to execute arbitrary SQL commands via the "s" parameter remotely. | |||||
| CVE-2022-27466 | 1 Mingsoft | 1 Mcms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| MCMS v5.2.27 was discovered to contain a SQL injection vulnerability in the orderBy parameter at /dict/list.do. | |||||