Total
16884 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-41775 | 1 Deltaww | 1 Diaenergie | 2024-11-21 | N/A | 8.8 HIGH |
| SQL Injection in Handler_CFG.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network | |||||
| CVE-2022-41773 | 1 Deltaww | 1 Diaenergie | 2024-11-21 | N/A | 8.8 HIGH |
| The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in CheckDIACloud. A low-privileged authenticated attacker could exploit this issue to inject arbitrary SQL queries. | |||||
| CVE-2022-41731 | 2 Ibm, Redhat | 2 Watson Knowledge Catalog On Cloud Pak For Data, Openshift | 2024-11-21 | N/A | 8.6 HIGH |
| IBM Watson Knowledge Catalog on Cloud Pak for Data 4.5.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 237402. | |||||
| CVE-2022-41680 | 1 Formalms | 1 Formalms | 2024-11-21 | N/A | 7.6 HIGH |
| Forma LMS on its 3.1.0 version and earlier is vulnerable to a SQL injection vulnerability. The exploitation of this vulnerability could allow an authenticated attacker (with the role of student) to perform a SQL injection on the 'search[value] parameter in the appLms/ajax.server.php?r=mycertificate/getMyCertificates' function in order to dump the entire database. | |||||
| CVE-2022-41671 | 1 Schneider-electric | 2 Ecostruxure Operator Terminal Expert, Pro-face Blue | 2024-11-21 | N/A | 7.0 HIGH |
| A CWE-89: Improper Neutralization of Special Elements used in SQL Command (‘SQL Injection’) vulnerability exists that allows adversaries with local user privileges to craft a malicious SQL query and execute as part of project migration which could result in execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1 or prior), Pro-face BLUE(V3.3 Hotfix1 or prior). | |||||
| CVE-2022-41515 | 1 Open Source Sacco Management System Project | 1 Open Source Sacco Management System | 2024-11-21 | N/A | 7.2 HIGH |
| Open Source SACCO Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /sacco_shield/ajax.php?action=delete_payment. | |||||
| CVE-2022-41514 | 1 Open Source Sacco Management System Project | 1 Open Source Sacco Management System | 2024-11-21 | N/A | 7.2 HIGH |
| Open Source SACCO Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /sacco_shield/ajax.php?action=delete_loan. | |||||
| CVE-2022-41513 | 1 Online Diagnostic Lab Management System Project | 1 Online Diagnostic Lab Management System | 2024-11-21 | N/A | 7.2 HIGH |
| Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /diagnostic/edittest.php. | |||||
| CVE-2022-41378 | 1 Online Pet Shop We App Project | 1 Online Pet Shop We App | 2024-11-21 | N/A | 7.2 HIGH |
| Online Pet Shop We App v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /pet_shop/admin/?page=inventory/manage_inventory. | |||||
| CVE-2022-41377 | 1 Online Pet Shop We App Project | 1 Online Pet Shop We App | 2024-11-21 | N/A | 7.2 HIGH |
| Online Pet Shop We App v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /pet_shop/admin/?page=maintenance/manage_category. | |||||
| CVE-2022-41355 | 1 Online Leave Management System Project | 1 Online Leave Management System | 2024-11-21 | N/A | 7.2 HIGH |
| Online Leave Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /leave_system/classes/Master.php?f=delete_department. | |||||
| CVE-2022-41272 | 1 Sap | 1 Netweaver Process Integration | 2024-11-21 | N/A | 9.9 CRITICAL |
| An unauthenticated attacker over the network can attach to an open interface exposed through JNDI by the User Defined Search (UDS) of SAP NetWeaver Process Integration (PI) - version 7.50 and make use of an open naming and directory API to access services which can be used to perform unauthorized operations affecting users and data across the entire system. This allows the attacker to have full read access to user data, make limited modifications to user data, and degrade the performance of the system, leading to a high impact on confidentiality and a limited impact on the availability and integrity of the application. | |||||
| CVE-2022-41271 | 1 Sap | 1 Netweaver Process Integration | 2024-11-21 | N/A | 9.4 CRITICAL |
| An unauthenticated user can attach to an open interface exposed through JNDI by the Messaging System of SAP NetWeaver Process Integration (PI) - version 7.50. This user can make use of an open naming and directory API to access services that could perform unauthorized operations. The vulnerability affects local users and data, leading to a considerable impact on confidentiality as well as availability and a limited impact on the integrity of the application. These operations can be used to: * Read any information * Modify sensitive information * Denial of Service attacks (DoS) * SQL Injection | |||||
| CVE-2022-41259 | 1 Sap | 1 Sql Anywhere | 2024-11-21 | N/A | 6.5 MEDIUM |
| SAP SQL Anywhere - version 17.0, allows an authenticated attacker to prevent legitimate users from accessing a SQL Anywhere database server by crashing the server with some queries that use an ARRAY constructor. | |||||
| CVE-2022-41142 | 1 Centreon | 1 Centreon | 2024-11-21 | N/A | 8.8 HIGH |
| This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of requests to configure poller resources. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to escalate privileges to the level of an administrator. Was ZDI-CAN-18304. | |||||
| CVE-2022-41133 | 1 Deltaww | 1 Diaenergie | 2024-11-21 | N/A | 8.8 HIGH |
| The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in GetDIAE_line_message_settingsListParameters. A low-privileged authenticated attacker could exploit this issue to inject arbitrary SQL queries. | |||||
| CVE-2022-40967 | 1 Deltaww | 1 Diaenergie | 2024-11-21 | N/A | 8.8 HIGH |
| The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in CheckIoTHubNameExisted. A low-privileged authenticated attacker could exploit this issue to inject arbitrary SQL queries. | |||||
| CVE-2022-40835 | 1 Codeigniter | 1 Codeigniter | 2024-11-21 | N/A | 9.8 CRITICAL |
| B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php. Note: Multiple third parties have disputed this as not a valid vulnerability | |||||
| CVE-2022-40834 | 1 Codeigniter | 1 Codeigniter | 2024-11-21 | N/A | 9.8 CRITICAL |
| B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php or_not_like() function. Note: Multiple third parties have disputed this as not a valid vulnerability. | |||||
| CVE-2022-40833 | 1 Codeigniter | 1 Codeigniter | 2024-11-21 | N/A | 9.8 CRITICAL |
| B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php or_where_in() function. Note: Multiple third parties have disputed this as not a valid vulnerability. | |||||