Total
16268 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-47605 | 1 Kunalnagar | 1 Custom 404 Pro | 2024-11-21 | N/A | 8.3 HIGH |
| Auth. SQL Injection') vulnerability in Kunal Nagar Custom 404 Pro plugin <= 3.7.0 versions. | |||||
| CVE-2022-47593 | 1 Rapidload | 1 Rapidload Power-up For Autoptimize | 2024-11-21 | N/A | 8.5 HIGH |
| Auth. (subscriber+) SQL Injection (SQLi) vulnerability in RapidLoad RapidLoad Power-Up for Autoptimize plugin <= 1.6.35 versions. | |||||
| CVE-2022-47588 | 1 Tipsandtricks-hq | 1 Simple Photo Gallery | 2024-11-21 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tips and Tricks HQ, Peter Petreski Simple Photo Gallery simple-photo-gallery allows SQL Injection.This issue affects Simple Photo Gallery: from n/a through v1.8.1. | |||||
| CVE-2022-47586 | 1 Themefic | 1 Ultimate Addons For Contact Form 7 | 2024-11-21 | N/A | 8.2 HIGH |
| Unauth. SQL Injection (SQLi) vulnerability in Themefic Ultimate Addons for Contact Form 7 plugin <= 3.1.23 versions. | |||||
| CVE-2022-47532 | 1 Filerun | 1 Filerun | 2024-11-21 | N/A | 9.8 CRITICAL |
| FileRun 20220519 allows SQL Injection via the "dir" parameter in a /?module=users§ion=cpanel&page=list request. | |||||
| CVE-2022-47445 | 1 Web-x | 1 Be-popia-compliant | 2024-11-21 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Web-X Be POPIA Compliant be-popia-compliant allows SQL Injection.This issue affects Be POPIA Compliant: from n/a through 1.2.0. | |||||
| CVE-2022-47432 | 1 Kemalyazici | 1 Shortcode Imdb | 2024-11-21 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Kemal YAZICI - PluginPress Shortcode IMDB allows SQL Injection.This issue affects Shortcode IMDB: from n/a through 6.0.8. | |||||
| CVE-2022-47430 | 1 Weblizar | 1 School Management - Education \& Learning Management | 2024-11-21 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Weblizar The School Management – Education & Learning Management allows SQL Injection.This issue affects The School Management – Education & Learning Management: from n/a through 4.1. | |||||
| CVE-2022-47428 | 1 Wpdevart | 1 Booking Calendar | 2024-11-21 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WpDevArt Booking calendar, Appointment Booking System allows SQL Injection.This issue affects Booking calendar, Appointment Booking System: from n/a through 3.2.7. | |||||
| CVE-2022-47426 | 1 Neshan | 1 Neshan Maps | 2024-11-21 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Neshan Maps Platform Neshan Maps neshan-maps allows SQL Injection.This issue affects Neshan Maps: from n/a through 1.1.4. | |||||
| CVE-2022-47420 | 1 Adaplugin | 1 Accessibility Suite By Online Ada | 2024-11-21 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Online ADA Accessibility Suite by Online ADA allows SQL Injection.This issue affects Accessibility Suite by Online ADA: from n/a through 4.12. | |||||
| CVE-2022-47151 | 2024-11-21 | N/A | 8.6 HIGH | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin.This issue affects JS Help Desk – Best Help Desk & Support Plugin: from n/a through 2.7.1. | |||||
| CVE-2022-46966 | 1 Revenue Collection System Project | 1 Revenue Collection System | 2024-11-21 | N/A | 9.8 CRITICAL |
| Revenue Collection System v1.0 was discovered to contain a SQL injection vulnerability at step1.php. | |||||
| CVE-2022-46860 | 1 Kaizencoders | 1 Short Url | 2024-11-21 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in KaizenCoders Short URL allows SQL Injection.This issue affects Short URL: from n/a through 1.6.4. | |||||
| CVE-2022-46859 | 1 Spiffyplugins | 1 Spiffy Calendar | 2024-11-21 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Spiffy Plugins Spiffy Calendar spiffy-calendar allows SQL Injection.This issue affects Spiffy Calendar: from n/a through 4.9.1. | |||||
| CVE-2022-46849 | 1 Weblizar | 1 Responsive Coming Soon \& Maintenance Mode | 2024-11-21 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Weblizar Coming Soon Page – Responsive Coming Soon & Maintenance Mode allows SQL Injection.This issue affects Coming Soon Page – Responsive Coming Soon & Maintenance Mode: from n/a through 1.5.9. | |||||
| CVE-2022-46818 | 1 Gopiplus | 1 Email Posts To Subscribers | 2024-11-21 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Gopi Ramasamy Email posts to subscribers allows SQL Injection.This issue affects Email posts to subscribers: from n/a through 6.2. | |||||
| CVE-2022-46808 | 1 Reputeinfosystems | 1 Armember | 2024-11-21 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Repute Infosystems ARMember armember-membership allows SQL Injection.This issue affects ARMember: from n/a through 3.4.11. | |||||
| CVE-2022-46501 | 1 Accruent | 1 Maintenance Connection | 2024-11-21 | N/A | 9.8 CRITICAL |
| Accruent LLC Maintenance Connection 2021 (all) & 2022.2 was discovered to contain a SQL injection vulnerability via the E-Mail to Work Order function. | |||||
| CVE-2022-46163 | 1 Opensuse | 1 Travel Support Program | 2024-11-21 | N/A | 7.5 HIGH |
| Travel support program is a rails app to support the travel support program of openSUSE (TSP). Sensitive user data (bank account details, password Hash) can be extracted via Ransack query injection. Every deployment of travel-support-program below the patched version is affected. The travel-support-program uses the Ransack library to implement search functionality. In its default configuration, Ransack will allow for query conditions based on properties of associated database objects [1]. The `*_start`, `*_end` or `*_cont` search matchers [2] can then be abused to exfiltrate sensitive string values of associated database objects via character-by-character brute-force (A match is indicated by the returned JSON not being empty). A single bank account number can be extracted with <200 requests, a password hash can be extracted with ~1200 requests, all within a few minutes. The problem has been patched in commit d22916275c51500b4004933ff1b0a69bc807b2b7. In order to work around this issue, you can also cherry pick that patch, however it will not work without the Rails 5.0 migration that was done in #150, which in turn had quite a few pull requests it depended on. | |||||