Total
16098 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-29660 | 1 Chshcms | 1 Cscms Music Portal System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/pic/del. | |||||
| CVE-2022-29659 | 1 Responsive Online Blog Project | 1 Responsive Online Blog | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Responsive Online Blog v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at single.php. | |||||
| CVE-2022-29656 | 1 Wedding Management System Project | 1 Wedding Management System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Wedding Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /Wedding-Management/package_detail.php. | |||||
| CVE-2022-29652 | 1 Online Sports Complex Booking System Project | 1 Online Sports Complex Booking System | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/classes/Users.php?f=save_client. | |||||
| CVE-2022-29650 | 1 Online Food Ordering System Project | 1 Online Food Ordering System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Online Food Ordering System v1.0 was discovered to contain a SQL injection vulnerability via the Search parameter at /online-food-order/food-search.php. | |||||
| CVE-2022-29603 | 1 Universis | 1 Universis-api | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
| A SQL Injection vulnerability exists in UniverSIS UniverSIS-API through 1.2.1 via the $select parameter to multiple API endpoints. A remote authenticated attacker could send crafted SQL statements to a vulnerable endpoint (such as /api/students/me/messages/) to, for example, retrieve personal information or change grades. | |||||
| CVE-2022-29601 | 1 Oliverklee | 1 Seminars | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The seminars (aka Seminar Manager) extension through 4.1.3 for TYPO3 allows SQL Injection. | |||||
| CVE-2022-29600 | 1 Oliverklee | 1 Oelib | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The oelib (aka One is Enough Library) extension through 4.1.5 for TYPO3 allows SQL Injection. | |||||
| CVE-2022-29535 | 1 Zohocorp | 1 Manageengine Opmanager | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine OPManager through 125588 allows SQL Injection via a few default reports. | |||||
| CVE-2022-29498 | 1 Blazer Project | 1 Blazer | 2024-11-21 | 4.3 MEDIUM | 7.5 HIGH |
| Blazer before 2.6.0 allows SQL Injection. In certain circumstances, an attacker could get a user to run a query they would not have normally run. | |||||
| CVE-2022-29419 | 1 3xsocializer Project | 1 3xsocializer | 2024-11-21 | 6.5 MEDIUM | 6.0 MEDIUM |
| SQL Injection (SQLi) vulnerability in Don Crowther's 3xSocializer plugin <= 0.98.22 at WordPress possible for users with a low role like a subscriber or higher. | |||||
| CVE-2022-29411 | 1 Hermit Project | 1 Hermit | 2024-11-21 | 7.5 HIGH | 8.3 HIGH |
| SQL Injection (SQLi) vulnerability in Mufeng's Hermit 音乐播放器 plugin <= 3.1.6 on WordPress allows attackers to execute SQLi attack via (&id). | |||||
| CVE-2022-29410 | 1 Hermit Project | 1 Hermit | 2024-11-21 | 6.5 MEDIUM | 7.4 HIGH |
| Authenticated SQL Injection (SQLi) vulnerability in Mufeng's Hermit 音乐播放器 plugin <= 3.1.6 on WordPress allows attackers with Subscriber or higher user roles to execute SQLi attack via (&ids). | |||||
| CVE-2022-29383 | 1 Netgear | 2 Ssl312, Ssl312 Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| NETGEAR ProSafe SSL VPN firmware FVS336Gv2 and FVS336Gv3 was discovered to contain a SQL injection vulnerability via USERDBDomains.Domainname at cgi-bin/platform.cgi. | |||||
| CVE-2022-29317 | 1 Simple Bus Ticket Booking System Project | 1 Simple Bus Ticket Booking System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Simple Bus Ticket Booking System v1.0 was discovered to contain multiple SQL injection vulnerbilities via the username and password parameters at /assets/partials/_handleLogin.php. | |||||
| CVE-2022-29316 | 1 Complete Online Job Search System Project | 1 Complete Online Job Search System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Complete Online Job Search System v1.0 was discovered to contain a SQL injection vulnerability via /eris/index.php?q=result&searchfor=advancesearch. | |||||
| CVE-2022-29306 | 1 Ionizecms | 1 Ionize | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| IonizeCMS v1.0.8.1 was discovered to contain a SQL injection vulnerability via the id_page parameter in application/models/article_model.php. | |||||
| CVE-2022-29305 | 1 Imgurl Project | 1 Imgurl | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| imgurl v2.31 was discovered to contain a Blind SQL injection vulnerability via /upload/localhost. | |||||
| CVE-2022-29304 | 1 Online Sports Complex Booking System Project | 1 Online Sports Complex Booking System | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /classes/master.php?f=delete_ Facility. | |||||
| CVE-2022-29250 | 1 Glpi-project | 1 Glpi | 2024-11-21 | 4.0 MEDIUM | 8.1 HIGH |
| GLPI is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In versions prior to version 10.0.1 it is possible to add extra information by SQL injection on search pages. In order to exploit this vulnerability a user must be logged in. | |||||