Total
16884 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-35942 | 1 Linuxfoundation | 1 Loopback-connector-postgresql | 2024-11-21 | N/A | 9.3 CRITICAL |
| Improper input validation on the `contains` LoopBack filter may allow for arbitrary SQL injection. When the extended filter property `contains` is permitted to be interpreted by the Postgres connector, it is possible to inject arbitrary SQL which may affect the confidentiality and integrity of data stored on the connected database. A patch was released in version 5.5.1. This affects users who does any of the following: - Connect to the database via the DataSource with `allowExtendedProperties: true` setting OR - Uses the connector's CRUD methods directly OR - Uses the connector's other methods to interpret the LoopBack filter. Users who are unable to upgrade should do the following if applicable: - Remove `allowExtendedProperties: true` DataSource setting - Add `allowExtendedProperties: false` DataSource setting - When passing directly to the connector functions, manually sanitize the user input for the `contains` LoopBack filter beforehand. | |||||
| CVE-2022-35864 | 1 Bmc | 1 Track-it\! | 2024-11-21 | N/A | 6.5 MEDIUM |
| This vulnerability allows remote attackers to disclose sensitive information on affected installations of BMC Track-It! 20.21.02.109. Authentication is required to exploit this vulnerability. The specific flaw exists within the GetPopupSubQueryDetails endpoint. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-16690. | |||||
| CVE-2022-35628 | 1 In2code | 1 Living User Experience | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL injection issue was discovered in the lux extension before 17.6.1, and 18.x through 24.x before 24.0.2, for TYPO3. | |||||
| CVE-2022-35606 | 1 Inventorymanagementsystem Project | 1 Inventorymanagementsystem | 2024-11-21 | N/A | 9.8 CRITICAL |
| A SQL injection vulnerability in CustomerDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameter 'customerCode.' | |||||
| CVE-2022-35605 | 1 Inventorymanagementsystem Project | 1 Inventorymanagementsystem | 2024-11-21 | N/A | 9.8 CRITICAL |
| A SQL injection vulnerability in UserDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as 'users', 'pass', etc. | |||||
| CVE-2022-35603 | 1 Inventorymanagementsystem Project | 1 Inventorymanagementsystem | 2024-11-21 | N/A | 9.8 CRITICAL |
| A SQL injection vulnerability in CustomerDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via parameter searchTxt. | |||||
| CVE-2022-35602 | 1 Inventorymanagementsystem Project | 1 Inventorymanagementsystem | 2024-11-21 | N/A | 9.8 CRITICAL |
| A SQL injection vulnerability in UserDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via parameter user. | |||||
| CVE-2022-35601 | 1 Inventorymanagementsystem Project | 1 Inventorymanagementsystem | 2024-11-21 | N/A | 9.8 CRITICAL |
| A SQL injection vulnerability in SupplierDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via parameter searchTxt. | |||||
| CVE-2022-35599 | 1 Inventorymanagementsystem Project | 1 Inventorymanagementsystem | 2024-11-21 | N/A | 9.8 CRITICAL |
| A SQL injection vulnerability in Stocks.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via parameter productcode. | |||||
| CVE-2022-35598 | 1 Inventorymanagementsystem Project | 1 Inventorymanagementsystem | 2024-11-21 | N/A | 9.8 CRITICAL |
| A SQL injection vulnerability in ConnectionFactoryDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via parameter username. | |||||
| CVE-2022-35422 | 1 Web Based Quiz System Project | 1 Web Based Quiz System | 2024-11-21 | N/A | 9.8 CRITICAL |
| Web Based Quiz System v1.0 was discovered to contain a SQL injection vulnerability via the qid parameter at update.php. | |||||
| CVE-2022-35421 | 1 Online Tours And Travels Management System Project | 1 Online Tours And Travels Management System | 2024-11-21 | N/A | 7.2 HIGH |
| Online Tours And Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the pname parameter at /admin/operations/packages.php. | |||||
| CVE-2022-35193 | 1 Testlink | 1 Testlink | 2024-11-21 | N/A | 7.2 HIGH |
| TestLink v1.9.20 was discovered to contain a SQL injection vulnerability via /lib/execute/execNavigator.php. | |||||
| CVE-2022-35175 | 1 Barangay Management System Project | 1 Barangay Management System | 2024-11-21 | N/A | 9.8 CRITICAL |
| Barangay Management System v1.0 was discovered to contain a SQL injection vulnerability via the hidden_id parameter at /blotter/blotter.php. | |||||
| CVE-2022-35154 | 1 Shopro | 1 Mall System | 2024-11-21 | N/A | 9.8 CRITICAL |
| Shopro Mall System v1.3.8 was discovered to contain a SQL injection vulnerability via the value parameter. | |||||
| CVE-2022-35148 | 1 Maccms | 1 Maccms | 2024-11-21 | N/A | 6.5 MEDIUM |
| maccms10 v2021.1000.1081 to v2022.1000.3031 was discovered to contain a SQL injection vulnerability via the table parameter at database/columns.html. | |||||
| CVE-2022-35121 | 1 Xxyopen | 1 Novel-plus | 2024-11-21 | N/A | 9.8 CRITICAL |
| Novel-Plus v3.6.1 was discovered to contain a SQL injection vulnerability via the keyword parameter at /service/impl/BookServiceImpl.java. | |||||
| CVE-2022-35115 | 1 Icewarp | 1 Webclient Dc2 | 2024-11-21 | N/A | 9.8 CRITICAL |
| IceWarp WebClient DC2 - Update 2 Build 9 (13.0.2.9) was discovered to contain a SQL injection vulnerability via the search parameter at /webmail/server/webmail.php. | |||||
| CVE-2022-34989 | 1 Fruits Bazar Project | 1 Fruits Bazar | 2024-11-21 | N/A | 9.8 CRITICAL |
| Fruits Bazar v1.0 was discovered to contain a SQL injection vulnerability via the recover_email parameter at user_password_recover.php. | |||||
| CVE-2022-34972 | 1 So Filter Shop By Project | 1 So Filter Shop By | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| So Filter Shop v3.x was discovered to contain multiple blind SQL injection vulnerabilities via the att_value_id , manu_value_id , opt_value_id , and subcate_value_id parameters at /index.php?route=extension/module/so_filter_shop_by/filter_data. | |||||