Total
16884 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-36545 | 1 Edoc-doctor-appointment-system Project | 1 Edoc-doctor-appointment-system | 2024-11-21 | N/A | 9.8 CRITICAL |
| Edoc-doctor-appointment-system v1.0.1 was discovered to contain a SQL injection vulnerability via the id parameter at /patient/settings.php. | |||||
| CVE-2022-36544 | 1 Edoc-doctor-appointment-system Project | 1 Edoc-doctor-appointment-system | 2024-11-21 | N/A | 9.8 CRITICAL |
| Edoc-doctor-appointment-system v1.0.1 was discovered to contain a SQL injection vulnerability via the id parameter at /patient/booking.php. | |||||
| CVE-2022-36543 | 1 Edoc-doctor-appointment-system Project | 1 Edoc-doctor-appointment-system | 2024-11-21 | N/A | 9.8 CRITICAL |
| Edoc-doctor-appointment-system v1.0.1 was discovered to contain a SQL injection vulnerability via the id parameter at /patient/doctors.php. | |||||
| CVE-2022-36529 | 1 Kensite Cms Project | 1 Kensite Cms | 2024-11-21 | N/A | 8.8 HIGH |
| Kensite CMS v1.0 was discovered to contain multiple SQL injection vulnerabilities via the name and oldname parameters at /framework/mod/db/DBMapper.xml. | |||||
| CVE-2022-36394 | 1 Contest-gallery | 1 Contest Gallery | 2024-11-21 | N/A | 7.6 HIGH |
| Authenticated (author+) SQL Injection (SQLi) vulnerability in Contest Gallery plugin <= 17.0.4 at WordPress. | |||||
| CVE-2022-36276 | 1 Tcman | 1 Gim | 2024-11-21 | N/A | 9.9 CRITICAL |
| TCMAN GIM v8.0.1 is vulnerable to a SQL injection via the 'SqlWhere' parameter inside the function 'BuscarESM'. The exploitation of this vulnerability might allow a remote attacker to directly interact with the database. | |||||
| CVE-2022-36272 | 1 Mingsoft | 1 Mcms | 2024-11-21 | N/A | 9.8 CRITICAL |
| Mingsoft MCMS 5.2.8 was discovered to contain a SQL injection vulnerability in /mdiy/page/verify URI via fieldName parameter. | |||||
| CVE-2022-36259 | 1 Inventorymanagementsystem Project | 1 Inventorymanagementsystem | 2024-11-21 | N/A | 7.5 HIGH |
| A SQL injection vulnerability in ConnectionFactory.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as "username", "password", etc. | |||||
| CVE-2022-36258 | 1 Inventorymanagementsystem Project | 1 Inventorymanagementsystem | 2024-11-21 | N/A | 7.5 HIGH |
| A SQL injection vulnerability in CustomerDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as "searchTxt". | |||||
| CVE-2022-36257 | 1 Inventorymanagementsystem Project | 1 Inventorymanagementsystem | 2024-11-21 | N/A | 7.5 HIGH |
| A SQL injection vulnerability in UserDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as "users", "pass", etc. | |||||
| CVE-2022-36256 | 1 Inventorymanagementsystem Project | 1 Inventorymanagementsystem | 2024-11-21 | N/A | 7.5 HIGH |
| A SQL injection vulnerability in Stocks.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as "productcode". | |||||
| CVE-2022-36255 | 1 Inventorymanagementsystem Project | 1 Inventorymanagementsystem | 2024-11-21 | N/A | 7.5 HIGH |
| A SQL injection vulnerability in SupplierDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as "searchTxt". | |||||
| CVE-2022-36242 | 1 Oretnom23 | 1 Clinic\'s Patient Management System | 2024-11-21 | N/A | 9.8 CRITICAL |
| Clinic's Patient Management System v1.0 is vulnerable to SQL Injection via /pms/update_medicine.php?id=. | |||||
| CVE-2022-36201 | 1 Doctor\'s Appointment System Project | 1 Doctor\'s Appointment System | 2024-11-21 | N/A | 9.8 CRITICAL |
| Doctor’s Appointment System v1.0 is vulnerable to Blind SQLi via settings.php. | |||||
| CVE-2022-36198 | 1 Phpgurukul | 1 Bus Pass Management System | 2024-11-21 | N/A | 9.8 CRITICAL |
| Multiple SQL injections detected in Bus Pass Management System 1.0 via buspassms/admin/view-enquiry.php, buspassms/admin/pass-bwdates-reports-details.php, buspassms/admin/changeimage.php, buspassms/admin/search-pass.php, buspassms/admin/edit-category-detail.php, and buspassms/admin/edit-pass-detail.php | |||||
| CVE-2022-36161 | 1 Garage Management System Project | 1 Garage Management System | 2024-11-21 | N/A | 9.8 CRITICAL |
| Orange Station 1.0 was discovered to contain a SQL injection vulnerability via the username parameter. | |||||
| CVE-2022-36030 | 1 Project-nexus Project | 1 Project-nexus | 2024-11-21 | N/A | 9.8 CRITICAL |
| Project-nexus is a general-purpose blog website framework. Affected versions are subject to SQL injection due to a lack of sensitization of user input. This issue has not yet been patched. Users are advised to restrict user input and to upgrade when a new release becomes available. | |||||
| CVE-2022-35956 | 1 Update By Case Project | 1 Update By Case | 2024-11-21 | N/A | 5.8 MEDIUM |
| This Rails gem adds two methods to the ActiveRecord::Base class that allow you to update many records on a single database hit, using a case sql statement for it. Before version 0.1.3 `update_by_case` gem used custom sql strings, and it was not sanitized, making it vulnerable to sql injection. Upgrade to version >= 0.1.3 that uses `Arel` instead to construct the resulting sql statement, with sanitized sql. | |||||
| CVE-2022-35947 | 1 Glpi-project | 1 Glpi | 2024-11-21 | N/A | 10.0 CRITICAL |
| GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. Affected versions have been found to be vulnerable to a SQL injection attack which an attacker could leverage to simulate an arbitrary user login. Users are advised to upgrade to version 10.0.3. Users unable to upgrade should disable the `Enable login with external token` API configuration. | |||||
| CVE-2022-35946 | 1 Glpi-project | 1 Glpi | 2024-11-21 | N/A | 5.5 MEDIUM |
| GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In affected versions request input is not properly validated in the plugin controller and can be used to access low-level API of Plugin class. An attacker can, for instance, alter database data. Attacker must have "General setup" update rights to be able to perform this attack. Users are advised to upgrade to version 10.0.3. Users unable to upgrade should remove the `front/plugin.form.php` script. | |||||