Total
14524 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-1361 | 1 Cambiumnetworks | 1 Cnmaestro | 2024-11-21 | 5.0 MEDIUM | 7.4 HIGH |
| The affected On-Premise cnMaestro is vulnerable to a pre-auth data exfiltration through improper neutralization of special elements used in an SQL command. This could allow an attacker to exfiltrate data about other user’s accounts and devices. | |||||
| CVE-2022-1358 | 1 Cambiumnetworks | 1 Cnmaestro | 2024-11-21 | 5.0 MEDIUM | 5.9 MEDIUM |
| The affected On-Premise is vulnerable to data exfiltration through improper neutralization of special elements used in an SQL command. This could allow an attacker to exfiltrate and dump all data held in the cnMaestro database. | |||||
| CVE-2022-1339 | 1 Pimcore | 1 Pimcore | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| SQL injection in ElementController.php in GitHub repository pimcore/pimcore prior to 10.3.5. This vulnerability is capable of steal the data | |||||
| CVE-2022-1281 | 1 10web | 1 Photo Gallery | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The Photo Gallery WordPress plugin through 1.6.3 does not properly escape the $_POST['filter_tag'] parameter, which is appended to an SQL query, making SQL Injection attacks possible. | |||||
| CVE-2022-1277 | 1 Inavitas | 1 Solar Log | 2024-11-21 | N/A | 9.4 CRITICAL |
| Inavitas Solar Log product has an unauthenticated SQL Injection vulnerability. | |||||
| CVE-2022-1258 | 1 Mcafee | 1 Agent | 2024-11-21 | 6.0 MEDIUM | 8.4 HIGH |
| A blind SQL injection vulnerability in the ePolicy Orchestrator (ePO) extension of MA prior to 5.7.6 can be exploited by an authenticated administrator on ePO to perform arbitrary SQL queries in the back-end database, potentially leading to command execution on the server. | |||||
| CVE-2022-1219 | 1 Pimcore | 1 Pimcore | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| SQL injection in RecyclebinController.php in GitHub repository pimcore/pimcore prior to 10.3.5. This vulnerability is capable of steal the data | |||||
| CVE-2022-1182 | 1 Visual Slide Box Builder Project | 1 Visual Slide Box Builder | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| The Visual Slide Box Builder WordPress plugin through 3.2.9 does not sanitise and escape various parameters before using them in SQL statements via some of its AJAX actions available to any authenticated users (such as subscriber), leading to SQL Injections | |||||
| CVE-2022-1123 | 1 Mapsmarker | 1 Leaflet Maps Marker | 2024-11-21 | N/A | 7.2 HIGH |
| The Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps) WordPress plugin before 3.12.5 does not properly sanitize some parameters before inserting them into SQL queries. As a result, high privilege users could perform SQL injection attacks. | |||||
| CVE-2022-1083 | 1 Microfinance Management System Project | 1 Microfinance Management System | 2024-11-21 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability classified as critical has been found in Microfinance Management System. The manipulation of arguments like customer_type_number/account_number/account_status_number/account_type_number with the input ' and (select * from(select(sleep(10)))Avx) and 'abc' = 'abc leads to sql injection in multiple files. It is possible to launch the attack remotely. | |||||
| CVE-2022-1082 | 1 Microfinance Management System Project | 1 Microfinance Management System | 2024-11-21 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in SourceCodester Microfinance Management System 1.0. It has been rated as critical. This issue affects the file /mims/login.php of the Login Page. The manipulation of the argument username/password with the input '||1=1# leads to sql injection. The attack may be initiated remotely. | |||||
| CVE-2022-1080 | 1 One Church Management System Project | 1 One Church Management System | 2024-11-21 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in SourceCodester One Church Management System 1.0. It has been declared as critical. This vulnerability affects code of the file attendancy.php as the manipulation of the argument search2 leads to sql injection. The attack can be initiated remotely. | |||||
| CVE-2022-1078 | 1 College Website Management System Project | 1 College Website Management System | 2024-11-21 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in SourceCodester College Website Management System 1.0. It has been classified as critical. Affected is the file /cwms/admin/?page=articles/view_article/. The manipulation of the argument id with the input ' and (select * from(select(sleep(10)))Avx) and 'abc' = 'abc with an unknown input leads to sql injection. It is possible to launch the attack remotely and without authentication. | |||||
| CVE-2022-1064 | 1 Fork-cms | 1 Fork Cms | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection through marking blog comments on bulk as spam in GitHub repository forkcms/forkcms prior to 5.11.1. | |||||
| CVE-2022-1057 | 1 Varktech | 1 Pricing Deals For Woocommerce | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The Pricing Deals for WooCommerce WordPress plugin through 2.0.2.02 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to an unauthenticated SQL injection | |||||
| CVE-2022-1023 | 1 Secondlinethemes | 1 Podcast Importer Secondline | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| The Podcast Importer SecondLine WordPress plugin before 1.3.8 does not sanitise and properly escape some imported data, which could allow SQL injection attacks to be performed by imported a malicious podcast file | |||||
| CVE-2022-1014 | 1 Labarta | 1 Wp Contacts Manager | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The WP Contacts Manager WordPress plugin through 2.2.4 fails to properly sanitize user supplied POST data before it is being interpolated in an SQL statement and then executed, leading to an SQL injection vulnerability. | |||||
| CVE-2022-1013 | 1 Ays-pro | 1 Personal Dictionary | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The Personal Dictionary WordPress plugin before 1.3.4 fails to properly sanitize user supplied POST data before it is being interpolated in an SQL statement and then executed, leading to a blind SQL injection vulnerability. | |||||
| CVE-2022-1006 | 1 Elbtide | 1 Advanced Booking Calendar | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| The Advanced Booking Calendar WordPress plugin before 1.7.1 does not sanitise and escape the id parameter when editing Calendars, which could allow high privilege users such as admin to perform SQL injection attacks | |||||
| CVE-2022-0983 | 2 Fedoraproject, Moodle | 3 Extra Packages For Enterprise Linux, Fedora, Moodle | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| An SQL injection risk was identified in Badges code relating to configuring criteria. Access to the relevant capability was limited to teachers and managers by default. | |||||